From jhrozek at redhat.com  Mon Aug  1 07:08:02 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 1 Aug 2016 09:08:02 +0200
Subject: [Freeipa-users] slow login with freeipa 4.2.0
In-Reply-To: <CANAMAkp7DTQ8QTp3r2UzrrTfqNv4N2xpNn9sMxh5_bEkULuupw@mail.gmail.com>
References: <CANAMAkqtz4tWQkqb9PcBxyu2jm26x2KyLd_YL5aeoEyaw3qrLg@mail.gmail.com>
	<20160725174204.GM12570@hendrix>
	<CANAMAkoceqVBfiL5zdk6v-WxMvis6OfaqNJ3zEqsjDMB1CNTVg@mail.gmail.com>
	<20160729114028.GO11494@hendrix>
	<CANAMAkp7DTQ8QTp3r2UzrrTfqNv4N2xpNn9sMxh5_bEkULuupw@mail.gmail.com>
Message-ID: <20160801070802.GA24551@hendrix>

On Sat, Jul 30, 2016 at 02:02:56PM +0530, Rakesh Rajasekharan wrote:
> Thanks Jakub for the detailed analysis... with those inputs , I was able to
> nail down the issue.
> 
> I had migrated this host from openldap to freeipa.. However, nslcd daemon
> was still running and the sylog pointed me to the error "unable to contact
> the earlier openldap server" and it spent some time there...
> 
> So, I stopped nslcd and now logins have improved drastically to around 5s
> 
> date;ssh testuser at localhost
> Sat Jul 30 08:09:13 UTC 2016
> testuser at localhost's password:
> Last login: Sat Jul 30 08:08:55 2016 from 127.0.0.1
> [p-rakeshpillai at prod1-admintools-1c :~] date
> Sat Jul 30 08:09:18 UTC 2016
> 
> 
> For the ipa_hostname entry in sssd.conf, that gets auto populated entered
> everytime I run ipa-client-install .
> 
> I run the below command to setup ipa client
> 
> ipa-client-install --domain=xyz.xom --server=ipa-master-int.xyz.xom
> --realm=xyz.xom -p admin --password=mypass--mkhomedir --hostname=10.65.16.4
> --no-ssh --no-sshd -N -f -U
> 
> Notice that, In the hostname argument, I am passing the IP address. Hope
> thats fine, its actually working fine on around 2000+ servers in my
> environment.

I wonder if this works only by accident. Even if you run
ipa-client-install --hostname then you'll see in the help this is
supposed to be FQDN. Kerberos got less picky about hostnames in the
recent releases, but still..

> 
> I had earlier tried with servername.domain ( qa-test1.yyz.com as the
> hostname ) and my servers hostname would get changed to  qa-test1.yyz.com .
> However, we do our deployments on glassfish and glassfish somehow started
> having issue everytime we restart glassfish ( not an expert with glassfish
> ) so not sure whats wrong there.
> 
> With this approach , my hostname is now my ipaddress and  things are
> working fine both at galssfish and IPA side.
> But just want to confirm its ok to do that
> 
> 
> Thanks,
> Rakesh
> 
> 
> 
> 
> 
> 
> On Fri, Jul 29, 2016 at 5:10 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> 
> > On Tue, Jul 26, 2016 at 06:07:10PM +0530, Rakesh Rajasekharan wrote:
> > > > Any change that it's running on a VM? If so, check your entropy:
> > >
> > > > cat /proc/sys/kernel/random/entropy_avail
> > >
> > > > If it's low (like < 1k), install haveged.
> > >
> > > this indeed is vm , am running it on azure . However, I have a similar
> > set
> > > up running on aws which works completely fine
> >
> > Sorry about the delay in replying..
> >
> > >
> > > The entropy was low, around 180, I installed haveged and now its above 3k
> > > cat /proc/sys/kernel/random/entropy_avail
> > > 3178
> > >
> > > The timing though is still the same around 19s
> >
> > I have some comments inline about the config and logs.
> >
> > >
> > > @jakub, i am reattaching the logs.
> > >
> > > The dns resoltion seems fast when I check using dig
> > >
> > > below is my sssd.conf
> > > [domain/xyz.com]
> > > selinux_provider=none
> > > krb5_auth_timeout = 20
> > > cache_credentials = True
> > > krb5_store_password_if_offline = True
> > > ipa_domain = xyz.com
> > > id_provider = ipa
> > > auth_provider = ipa
> > > access_provider = ipa
> > > ldap_tls_cacert = /etc/ipa/ca.crt
> > > ipa_hostname = 10.65.16.4
> >
> > The ipa_hostname value is wrong. It's meant for systems where hostname
> > reports a different name that what is the name the host is registered as
> > in IPA. Including an IP address there doesn't make much sense.
> >
> > > chpass_provider = ipa
> > > ipa_server = ipa-master-in.xyz.com
> > > dns_discovery_domain = xyz.com
> > > ignore_group_members=True
> > > ldap_purge_cache_timeout = 0
> > > debug_level=8
> > > [sssd]
> > > services = nss, sudo, pam, ssh
> > > config_file_version = 2
> > >
> > > domains = xyz.com
> > > [nss]
> > > homedir_substring = /home
> > >
> > > [pam]
> > > pam_id_timeout = 3
> > >
> > > [sudo]
> > >
> > > [autofs]
> > >
> > > [ssh]
> > >
> > > [pac]
> > >
> > > [ifp]
> > >
> > >
> > >
> > > And here is the login times and logs
> > >
> > > [root at ipa-client-1 :~] date;ssh testuser at localhost
> > > Tue Jul 26 12:06:37 UTC 2016
> > > testuser at localhost's password:
> > > Last login: Tue Jul 26 12:03:53 2016 from 127.0.0.1
> > > [testuser at ipa-client-1 :~] date
> > > Tue Jul 26 12:06:55 UTC 2016
> > >
> > >
> > > sssd_domain logs
> > >
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method
> > > org.freedesktop.sssd.dataprovider.getAccountInfo on path
> > > /org/freedesktop/sssd/dataprovider
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [be_get_account_info]
> > > (0x0200): Got request for [0x3][1][name=testuser]
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
> > > (0x0400): Changing request domain from [xyz.com] to [xyz.com]
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > > domain SID from [(null)]
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > > domain SID from [(null)]
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
> > [sdap_get_initgr_next_base]
> > > (0x0400): Searching for users with base [cn=accounts,dc=xyz,dc=com]
> >
> > --> A request for user's groups arrived.
> >
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [sdap_print_server]
> > > (0x2000): Searching 10.65.16.4
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
> > [sdap_get_generic_ext_step]
> > > (0x0400): calling ldap_search_ext with
> > >
> > [(&(uid=testuser)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=xyz,dc=com].
> > > (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
> > [sdap_get_generic_ext_step]
> > > (0x1000): Requesting attrs: [objectClass]
> >
> > [...]
> >
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [acctinfo_callback]
> > > (0x0100): Request processed. Returned 0,0,Success (Success)
> >
> > ---> Here the request for user's groups finished. It took about a second
> > in total.
> >
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method
> > org.freedesktop.sssd.dataprovider.pamHandler
> > > on path /org/freedesktop/sssd/dataprovider
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
> > > (0x0400): Changing request domain from [xyz.com] to [xyz.com]
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler]
> > (0x0100):
> > > Got request with the following data
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [pam_print_data]
> > (0x0100):
> > > command: SSS_PAM_PREAUTH
> >
> > Preauthentication checks for available login methods...
> >
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Sending result [0][xyz.com]
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Sent result [0][xyz.com]
> >
> > ---> Here the preauth request finished, within a second.
> >
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method
> > org.freedesktop.sssd.dataprovider.pamHandler
> > > on path /org/freedesktop/sssd/dataprovider
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
> > > (0x0400): Changing request domain from [xyz.com] to [xyz.com]
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler]
> > (0x0100):
> > > Got request with the following data
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [pam_print_data]
> > (0x0100):
> > > command: PAM_AUTHENTICATE
> >
> > ---> Authentication request is recieved.
> >
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [krb5_auth_queue_done]
> > > (0x1000): krb5_auth_queue request [0x7f88d1142ab0] done.
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Sending result [0][xyz.com]
> > > (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Sent result [0][xyz.com]
> >
> > Here the authentication finished successfully, again within a second..
> >
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path
> > > /org/freedesktop/sssd/service
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method
> > org.freedesktop.sssd.dataprovider.pamHandler
> > > on path /org/freedesktop/sssd/dataprovider
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
> > > (0x0400): Changing request domain from [xyz.com] to [xyz.com]
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler]
> > (0x0100):
> > > Got request with the following data
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [pam_print_data]
> > (0x0100):
> > > command: PAM_ACCT_MGMT
> >
> > ---> Access control request is received
> >
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [ipa_hbac_evaluate_rules]
> > > (0x0080): Access granted by HBAC rule [allow_all]
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
> >
> > --> User is granted access, we're within two seconds from the first
> > request, still.
> >
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0400): SELinux provider doesn't exist, not sending the request to it.
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Sending result [0][xyz.com]
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
> > > (0x0100): Sent result [0][xyz.com]
> >
> > --> The selinux provider is disabled and quits immediately.
> >
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [pam_print_data]
> > (0x0100):
> > > command: PAM_SETCRED
> > > (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler]
> > (0x0100):
> > > Sending result [0][xyz.com]
> >
> > --> The setred PAM target does nothing, just returns success.
> >
> > ...And there nothing happens for 10 seconds, at least not in this log.
> > Is there any activity in the other SSSD logs in the meantime?
> >
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path
> > > /org/freedesktop/sssd/service
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method
> > > org.freedesktop.sssd.dataprovider.getAccountInfo on path
> > > /org/freedesktop/sssd/dataprovider
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [be_get_account_info]
> > > (0x0200): Got request for [0x3][1][name=testuser]
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
> > > (0x0400): Changing request domain from [xyz.com] to [xyz.com]
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > > domain SID from [(null)]
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
> > > domain SID from [(null)]
> > > (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]]
> > [sdap_get_initgr_next_base]
> > > (0x0400): Searching for users with base [cn=accounts,dc=xyz,dc=com]
> >
> > ...Until a request for user groups arrives here..
> >
> > > (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [acctinfo_callback]
> > > (0x0100): Request processed. Returned 0,0,Success (Success)
> >
> > ---> Is processed here.
> >
> > > (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
> > > (0x2000): Received SBUS method
> > org.freedesktop.sssd.dataprovider.pamHandler
> > > on path /org/freedesktop/sssd/dataprovider
> > > (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
> > > (0x2000): Not a sysbus message, quit
> > > (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
> > > (0x0400): Changing request domain from [xyz.com] to [xyz.com]
> > > (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [be_pam_handler]
> > (0x0100):
> > > Got request with the following data
> > > (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [pam_print_data]
> > (0x0100):
> > > command: PAM_OPEN_SESSION
> >
> > And the session for the user is opened here.
> >
> > So my conclusion from the logs is that the delay is not within SSSD. The
> > next things I would check are:
> >     - are there any other NSS modules in nsswitch.conf except sss and
> >       files?
> >     - is there any other PAM module in the PAM stack except pam_sss.so
> >       and pam_unix and those that you would expect after IPA client
> >       installation?
> >     - is there anything in syslog/journal?
> >     - if you increase the SSHD debug level, is there anything of
> >       interest in the SSHD log?
> >     - if you strace sshd (make sure to strace the child processes also
> >       and include the -tt flag to see the timestamps with a high
> >       resultion), do you see any delay there?
> >



From pspacek at redhat.com  Mon Aug  1 07:27:32 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 1 Aug 2016 09:27:32 +0200
Subject: [Freeipa-users] slow login with freeipa 4.2.0
In-Reply-To: <20160801070802.GA24551@hendrix>
References: <CANAMAkqtz4tWQkqb9PcBxyu2jm26x2KyLd_YL5aeoEyaw3qrLg@mail.gmail.com>
	<20160725174204.GM12570@hendrix>
	<CANAMAkoceqVBfiL5zdk6v-WxMvis6OfaqNJ3zEqsjDMB1CNTVg@mail.gmail.com>
	<20160729114028.GO11494@hendrix>
	<CANAMAkp7DTQ8QTp3r2UzrrTfqNv4N2xpNn9sMxh5_bEkULuupw@mail.gmail.com>
	<20160801070802.GA24551@hendrix>
Message-ID: <4d14910b-e75b-0e16-a122-1e9e0b4681bf@redhat.com>

On 1.8.2016 09:08, Jakub Hrozek wrote:
> On Sat, Jul 30, 2016 at 02:02:56PM +0530, Rakesh Rajasekharan wrote:
>> Thanks Jakub for the detailed analysis... with those inputs , I was able to
>> nail down the issue.
>>
>> I had migrated this host from openldap to freeipa.. However, nslcd daemon
>> was still running and the sylog pointed me to the error "unable to contact
>> the earlier openldap server" and it spent some time there...
>>
>> So, I stopped nslcd and now logins have improved drastically to around 5s
>>
>> date;ssh testuser at localhost
>> Sat Jul 30 08:09:13 UTC 2016
>> testuser at localhost's password:
>> Last login: Sat Jul 30 08:08:55 2016 from 127.0.0.1
>> [p-rakeshpillai at prod1-admintools-1c :~] date
>> Sat Jul 30 08:09:18 UTC 2016
>>
>>
>> For the ipa_hostname entry in sssd.conf, that gets auto populated entered
>> everytime I run ipa-client-install .
>>
>> I run the below command to setup ipa client
>>
>> ipa-client-install --domain=xyz.xom --server=ipa-master-int.xyz.xom
>> --realm=xyz.xom -p admin --password=mypass--mkhomedir --hostname=10.65.16.4
>> --no-ssh --no-sshd -N -f -U

Hostname == IP address will break Kerberos authentication in cases where
client wants to connect using DNS name instead of IP address.

E.g. it will break "ssh user at server" where server is the machine you installed
using the command above.

Petr^2 Spacek

>>
>> Notice that, In the hostname argument, I am passing the IP address. Hope
>> thats fine, its actually working fine on around 2000+ servers in my
>> environment.
> 
> I wonder if this works only by accident. Even if you run
> ipa-client-install --hostname then you'll see in the help this is
> supposed to be FQDN. Kerberos got less picky about hostnames in the
> recent releases, but still..
> 
>>
>> I had earlier tried with servername.domain ( qa-test1.yyz.com as the
>> hostname ) and my servers hostname would get changed to  qa-test1.yyz.com .
>> However, we do our deployments on glassfish and glassfish somehow started
>> having issue everytime we restart glassfish ( not an expert with glassfish
>> ) so not sure whats wrong there.
>>
>> With this approach , my hostname is now my ipaddress and  things are
>> working fine both at galssfish and IPA side.
>> But just want to confirm its ok to do that
>>
>>
>> Thanks,
>> Rakesh
>>
>>
>>
>>
>>
>>
>> On Fri, Jul 29, 2016 at 5:10 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>>
>>> On Tue, Jul 26, 2016 at 06:07:10PM +0530, Rakesh Rajasekharan wrote:
>>>>> Any change that it's running on a VM? If so, check your entropy:
>>>>
>>>>> cat /proc/sys/kernel/random/entropy_avail
>>>>
>>>>> If it's low (like < 1k), install haveged.
>>>>
>>>> this indeed is vm , am running it on azure . However, I have a similar
>>> set
>>>> up running on aws which works completely fine
>>>
>>> Sorry about the delay in replying..
>>>
>>>>
>>>> The entropy was low, around 180, I installed haveged and now its above 3k
>>>> cat /proc/sys/kernel/random/entropy_avail
>>>> 3178
>>>>
>>>> The timing though is still the same around 19s
>>>
>>> I have some comments inline about the config and logs.
>>>
>>>>
>>>> @jakub, i am reattaching the logs.
>>>>
>>>> The dns resoltion seems fast when I check using dig
>>>>
>>>> below is my sssd.conf
>>>> [domain/xyz.com]
>>>> selinux_provider=none
>>>> krb5_auth_timeout = 20
>>>> cache_credentials = True
>>>> krb5_store_password_if_offline = True
>>>> ipa_domain = xyz.com
>>>> id_provider = ipa
>>>> auth_provider = ipa
>>>> access_provider = ipa
>>>> ldap_tls_cacert = /etc/ipa/ca.crt
>>>> ipa_hostname = 10.65.16.4
>>>
>>> The ipa_hostname value is wrong. It's meant for systems where hostname
>>> reports a different name that what is the name the host is registered as
>>> in IPA. Including an IP address there doesn't make much sense.
>>>
>>>> chpass_provider = ipa
>>>> ipa_server = ipa-master-in.xyz.com
>>>> dns_discovery_domain = xyz.com
>>>> ignore_group_members=True
>>>> ldap_purge_cache_timeout = 0
>>>> debug_level=8
>>>> [sssd]
>>>> services = nss, sudo, pam, ssh
>>>> config_file_version = 2
>>>>
>>>> domains = xyz.com
>>>> [nss]
>>>> homedir_substring = /home
>>>>
>>>> [pam]
>>>> pam_id_timeout = 3
>>>>
>>>> [sudo]
>>>>
>>>> [autofs]
>>>>
>>>> [ssh]
>>>>
>>>> [pac]
>>>>
>>>> [ifp]
>>>>
>>>>
>>>>
>>>> And here is the login times and logs
>>>>
>>>> [root at ipa-client-1 :~] date;ssh testuser at localhost
>>>> Tue Jul 26 12:06:37 UTC 2016
>>>> testuser at localhost's password:
>>>> Last login: Tue Jul 26 12:03:53 2016 from 127.0.0.1
>>>> [testuser at ipa-client-1 :~] date
>>>> Tue Jul 26 12:06:55 UTC 2016
>>>>
>>>>
>>>> sssd_domain logs
>>>>
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method
>>>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>>> /org/freedesktop/sssd/dataprovider
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [be_get_account_info]
>>>> (0x0200): Got request for [0x3][1][name=testuser]
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
>>>> (0x0400): Changing request domain from [xyz.com] to [xyz.com]
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
>>>> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
>>>> domain SID from [(null)]
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
>>>> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
>>>> domain SID from [(null)]
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
>>> [sdap_get_initgr_next_base]
>>>> (0x0400): Searching for users with base [cn=accounts,dc=xyz,dc=com]
>>>
>>> --> A request for user's groups arrived.
>>>
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]] [sdap_print_server]
>>>> (0x2000): Searching 10.65.16.4
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
>>> [sdap_get_generic_ext_step]
>>>> (0x0400): calling ldap_search_ext with
>>>>
>>> [(&(uid=testuser)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=xyz,dc=com].
>>>> (Tue Jul 26 12:06:40 2016) [sssd[be[xyz.com]]]
>>> [sdap_get_generic_ext_step]
>>>> (0x1000): Requesting attrs: [objectClass]
>>>
>>> [...]
>>>
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [acctinfo_callback]
>>>> (0x0100): Request processed. Returned 0,0,Success (Success)
>>>
>>> ---> Here the request for user's groups finished. It took about a second
>>> in total.
>>>
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method
>>> org.freedesktop.sssd.dataprovider.pamHandler
>>>> on path /org/freedesktop/sssd/dataprovider
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
>>>> (0x0400): Changing request domain from [xyz.com] to [xyz.com]
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler]
>>> (0x0100):
>>>> Got request with the following data
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [pam_print_data]
>>> (0x0100):
>>>> command: SSS_PAM_PREAUTH
>>>
>>> Preauthentication checks for available login methods...
>>>
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Sending result [0][xyz.com]
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Sent result [0][xyz.com]
>>>
>>> ---> Here the preauth request finished, within a second.
>>>
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method
>>> org.freedesktop.sssd.dataprovider.pamHandler
>>>> on path /org/freedesktop/sssd/dataprovider
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
>>>> (0x0400): Changing request domain from [xyz.com] to [xyz.com]
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler]
>>> (0x0100):
>>>> Got request with the following data
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [pam_print_data]
>>> (0x0100):
>>>> command: PAM_AUTHENTICATE
>>>
>>> ---> Authentication request is recieved.
>>>
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [krb5_auth_queue_done]
>>>> (0x1000): krb5_auth_queue request [0x7f88d1142ab0] done.
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Sending result [0][xyz.com]
>>>> (Tue Jul 26 12:06:41 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Sent result [0][xyz.com]
>>>
>>> Here the authentication finished successfully, again within a second..
>>>
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path
>>>> /org/freedesktop/sssd/service
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method
>>> org.freedesktop.sssd.dataprovider.pamHandler
>>>> on path /org/freedesktop/sssd/dataprovider
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
>>>> (0x0400): Changing request domain from [xyz.com] to [xyz.com]
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler]
>>> (0x0100):
>>>> Got request with the following data
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [pam_print_data]
>>> (0x0100):
>>>> command: PAM_ACCT_MGMT
>>>
>>> ---> Access control request is received
>>>
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [ipa_hbac_evaluate_rules]
>>>> (0x0080): Access granted by HBAC rule [allow_all]
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
>>>
>>> --> User is granted access, we're within two seconds from the first
>>> request, still.
>>>
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0400): SELinux provider doesn't exist, not sending the request to it.
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Sending result [0][xyz.com]
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler_callback]
>>>> (0x0100): Sent result [0][xyz.com]
>>>
>>> --> The selinux provider is disabled and quits immediately.
>>>
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [pam_print_data]
>>> (0x0100):
>>>> command: PAM_SETCRED
>>>> (Tue Jul 26 12:06:42 2016) [sssd[be[xyz.com]]] [be_pam_handler]
>>> (0x0100):
>>>> Sending result [0][xyz.com]
>>>
>>> --> The setred PAM target does nothing, just returns success.
>>>
>>> ...And there nothing happens for 10 seconds, at least not in this log.
>>> Is there any activity in the other SSSD logs in the meantime?
>>>
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path
>>>> /org/freedesktop/sssd/service
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method
>>>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>>> /org/freedesktop/sssd/dataprovider
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [be_get_account_info]
>>>> (0x0200): Got request for [0x3][1][name=testuser]
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
>>>> (0x0400): Changing request domain from [xyz.com] to [xyz.com]
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]]
>>>> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
>>>> domain SID from [(null)]
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]]
>>>> [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse
>>>> domain SID from [(null)]
>>>> (Tue Jul 26 12:06:52 2016) [sssd[be[xyz.com]]]
>>> [sdap_get_initgr_next_base]
>>>> (0x0400): Searching for users with base [cn=accounts,dc=xyz,dc=com]
>>>
>>> ...Until a request for user groups arrives here..
>>>
>>>> (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [acctinfo_callback]
>>>> (0x0100): Request processed. Returned 0,0,Success (Success)
>>>
>>> ---> Is processed here.
>>>
>>>> (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [sbus_message_handler]
>>>> (0x2000): Received SBUS method
>>> org.freedesktop.sssd.dataprovider.pamHandler
>>>> on path /org/freedesktop/sssd/dataprovider
>>>> (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [sbus_get_sender_id_send]
>>>> (0x2000): Not a sysbus message, quit
>>>> (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [be_req_set_domain]
>>>> (0x0400): Changing request domain from [xyz.com] to [xyz.com]
>>>> (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [be_pam_handler]
>>> (0x0100):
>>>> Got request with the following data
>>>> (Tue Jul 26 12:06:53 2016) [sssd[be[xyz.com]]] [pam_print_data]
>>> (0x0100):
>>>> command: PAM_OPEN_SESSION
>>>
>>> And the session for the user is opened here.
>>>
>>> So my conclusion from the logs is that the delay is not within SSSD. The
>>> next things I would check are:
>>>     - are there any other NSS modules in nsswitch.conf except sss and
>>>       files?
>>>     - is there any other PAM module in the PAM stack except pam_sss.so
>>>       and pam_unix and those that you would expect after IPA client
>>>       installation?
>>>     - is there anything in syslog/journal?
>>>     - if you increase the SSHD debug level, is there anything of
>>>       interest in the SSHD log?
>>>     - if you strace sshd (make sure to strace the child processes also
>>>       and include the -tt flag to see the timestamps with a high
>>>       resultion), do you see any delay there?
>>>
> 


-- 
Petr^2 Spacek



From dkupka at redhat.com  Mon Aug  1 09:53:21 2016
From: dkupka at redhat.com (David Kupka)
Date: Mon, 1 Aug 2016 11:53:21 +0200
Subject: [Freeipa-users] Moving from ca to ca-less without pki
In-Reply-To: <579B5BA9.8060505@kit.edu>
References: <579B5BA9.8060505@kit.edu>
Message-ID: <1a97fd5f-a1ef-d66c-7a56-98beffdf9401@redhat.com>

On 29/07/16 15:35, Andreas Ladanyi wrote:
> Hi,
>
> is it simply possible to move from ca to a ca-less environment in ipa ?
> Because its ok for me to only use certificates in web and ldap
> components. I use freeipa 4.2 , fedora 23.
>
> regards,
> Andreas
>

Hello Andreas!

There is no tool that would do this for you, yet. You can manually 
remove CS entries from LDAP, remove CS instance, stop tracking 
certificates in certmonger and replace certificates for apache and 
dirsrv. But be very cautious any mistake may destroy the whole freeipa 
server and all data stored there.

ipa-cacert-manage does the opposite (installing CS on CA-less freeipa 
server). Feel free to file an RFE https://fedorahosted.org/freeipa/newticket

-- 
David Kupka



From alewis422 at gmail.com  Mon Aug  1 13:17:05 2016
From: alewis422 at gmail.com (Adam Lewis)
Date: Mon, 1 Aug 2016 09:17:05 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <579A5EAC.5000102@redhat.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
Message-ID: <CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>

Rob,
Thanks for pointing me in the right direction. However after following the
instructions in the above mentioned doc I noticed a few things that are odd
and have a new problem. The first odd thing I noticed is that when I run
service pki-cad status it shows that my PKI Subsystem Type is "CA Clone
(Security Domain)"
Shouldn't that say something like "CA Master"?
Second, when I ran the "ipa-getcert resubmit -I [ID]" commands they all
produced the same AUTH_FAIL message in the debug log.

Now the new problem...after pressing on and restarting things certmonger
fails to start with a segfault.
Starting certmonger: /bin/bash: line 1: 64935 Segmentation fault
/usr/sbin/certmonger -S -p /var/run certmonger.pid

Thanks!

On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Lewis, Adam M CIV NSWCDD, H11 wrote:
>
>> We are currently dead in the water. Our OCSP, CA Audit, CA Subsystem, and
>> IPA RA certs expired as of 7/23/16. I found and followed the instructions
>> to the letter (
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>> however the CA Subsystem and IPA RA certs will not renew. I've backdated
>> the server to make sure the system was within the renewal window, but that
>> has not help.
>>
>
> Those are the wrong instructions.
>
> You want this instead, https://access.redhat.com/solutions/643753
>
> A bunch of it is for 2.2 but it isn't exactly noted which parts. A general
> rule is that you don't/shouldn't need to directly tweak the dogtag
> configuration or do any of the start-tracking work (though you may want to
> verify that what/if anything you changed from that wrong doc).
>
> When I run getcert list it reports:
>> Ca-error: Sever at "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>> replied: 1: Authentication Error
>> for both the IPA RA and CA Subsystem certs
>>
>> The debug log shows:
>> SignedAuditEventFactory: create()
>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>> RA,O=MISS.ION] authentication failure
>> ReviewReqServlet: Invalid Credential.
>>
>
> The place to start is to get the serial # of the ipaCert:
>
> # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial
>
> Now get the user from the dogtag LDAP server:
>
> # ldapsearch -h `hostname` -p 7389 -x -D 'cn=directory manager' -W -b
> uid=ipara,ou=People,o=ipaca description
>
> The format is 2;<serial number>;<issuer subject>;<subject>
>
> See if the serial # matches ipaCert. I'm guessing it won't. Follow the
> instructions on the page I cited to update the entry with the current
> certificate and serial # values. That should get you going.
>
> rob
>
>
>
>> We are kind of in deep doo-doo until this gets resolved.
>>
>> We are running ipa-server-3.0.0-47.el6_7.2 on RHEL 6.5
>>
>> Any thoughts?
>>
>> Thanks!
>>
>> Adam M. Lewis
>>
>>
>>
>>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



-- 
Adam M. Lewis
alewis422 at gmail.com
10807 Allie Place
Fredericksburg, VA 22408
540-412-8643
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/814a22c8/attachment.htm>

From rcritten at redhat.com  Mon Aug  1 14:17:00 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 1 Aug 2016 10:17:00 -0400
Subject: [Freeipa-users] certificates expired - won't renew
In-Reply-To: <553193028.7011450.1469993058846.JavaMail.yahoo@mail.yahoo.com>
References: <1523620231.6242117.1469808365977.JavaMail.yahoo.ref@mail.yahoo.com>
	<1523620231.6242117.1469808365977.JavaMail.yahoo@mail.yahoo.com>
	<579BC65C.9040309@redhat.com>
	<253757691.6428616.1469833560661.JavaMail.yahoo@mail.yahoo.com>
	<553193028.7011450.1469993058846.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <579F59DC.2090602@redhat.com>

sipazzo wrote:
> I set time back on master ca and was able to renew its certs except for
> one that has yet to expire but should have renewed. I tried to resubmit
> it but it still does not renew and status says NEED_CSR_GEN_TOKEN. We do
> have a go daddy cert we use as well but it is valid still. Is it because
> of the nickname mismatches? I am not sure how to fix that.

There is no cert to renew. You replaced the IPA-issued certificates with 
GoDaddy certs. The NSS_CSR_GEN_TOKEN is there because there is no 
private key for a certificate named Server-Cert so certmonger doesn't 
know what to do. To make this go away you can tell certmonger to stop 
tracking this non-existent certificate with something like:

# ipa-getcert stop-tracking -i <request_id>

certmonger cannot auto-renew your GoDaddy certficate.

and see below.

>
> ipa1-example.com
>
> Request ID '20140729215756':
>      status: NEED_CSR_GEN_TOKEN
>      stuck: yes
>      key pair storage:
> type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt'
>      certificate:
> type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
> Certificate DB'
>      CA: IPA
>      issuer: CN=Certificate Authority,O=EXAMPLE.COM
>      subject: CN=ipa1.example.com,O=EXAMPLE.COM
>      expires: 2016-07-29 20:39:21 UTC
>      key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>      eku: id-kp-serverAuth,id-kp-clientAuth
>      pre-save command:
>      post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv EXAMPLE-COM
>      track: yes
>      auto-renew: yes
>
> certutil -L -d /etc/dirsrv/slapd-EXAMPLE-COM/
>
> Certificate Nickname                                         Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> NWF_GD                                                       u,u,u
> CN=Certificate Authority,O=EXAMPLE.COM                      CT,,C
> OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\,
> Inc.,C=US CT,,C
> GD_CA                                                        CT,,C
> CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\,
> Inc.,L=Scottsdale,ST=Arizona,C=US CT,,C
>
>
> certutil -L -d /etc/dirsrv/slapd-PKI-IPA/
>
> Certificate Nickname
> O=EXAMPLE.COM     Trust Attributes
>
> SSL,S/MIME,JAR/XPI
>
> EXAMPLE.COM IPA CA                                          CT,C,
> Server-Cert                                                  u,u,u
>
>
> certutil -L -d /etc/httpd/alias/
>
> Certificate Nickname                                         Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> EXAMPLE.COM IPA CA                                           CT,C,
> ipaCert                                                      u,u,u
> Server-Cert                                                  u,u,u
>
> My other servers had varying degrees of success with their expired
> certificates, I have one server that would not renew 6 of its certs, 1
> that would not renew 2 of its certs and 1 that would not renew 1 of its
> certs. These are examples of the last two - I will save the one that
> won't renew 6 as I am hoping I can apply same steps to those failures.
>
> *ipa2.example.com - 2 won't renew - one CA_unreachable even after
> successful restart of services and one NEED_CSR_GEN_TOKEN*
>
> Request ID '20140729215756':
>      status: NEED_CSR_GEN_TOKEN
>      stuck: yes
> key pair storage:
> type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt'
>      certificate:
> type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
> Certificate DB'
>      CA: IPA
>      issuer: CN=Certificate Authority,O=EXAMPLE.COM
>      subject: CN=ipa2.example.com,O=EXAMPLE.COM
>      expires: 2016-07-29 20:39:21 UTC
>      key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>      eku: id-kp-serverAuth,id-kp-clientAuth
>      pre-save command:
>      post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv EXAMPLE-COM
>      track: yes
>      auto-renew: yes

I'm guessing same GoDaddy issue.

> Request ID '20140729215712':
>      status: CA_UNREACHABLE
> ca-error: Error 60 connecting to
> https://ipa2.example.com:9443/ca/agent/ca/profileReview: Peer
> certificate cannot be authenticated with known CA certificates.
>      stuck: no
> key pair storage:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
> cert-pki-ca',token='NSS Certificate DB',pin set
>      certificate:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
> cert-pki-ca',token='NSS Certificate DB'
>      CA: dogtag-ipa-renew-agent
>      issuer: CN=Certificate Authority,O=EXAMPLE.COM
>      subject: CN=ipa2.example.com,O=EXAMPLE.COM
>      expires: 2016-07-18 21:57:06 UTC
>      key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>      eku: id-kp-serverAuth
>      pre-save command:
>      post-save command:
>      track: yes
>      auto-renew: yes

You should update certmonger. The version you have doesn't include the 
pre/save commands in its output.

But going back in time should get this one renewed.

> *ipa3 - 1 won't renew NEED_CSR_GEN_TOKEN*
>
> Request ID '20140729215511':
>      status: NEED_CSR_GEN_TOKEN
>      stuck: yes
>      key pair storage:
> type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/dirsrv/slapd-EXAMPLE-COM/pwdfile.txt'
>      certificate:
> type=NSSDB,location='/etc/dirsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
> Certificate DB'
>      CA: IPA
>      issuer: CN=Certificate Authority,O=EXAMPLE.COM
>      subject: CN=ipa3.example.com,O=EXAMPLE.COM
>      expires: 2016-07-29 20:38:41 UTC
>      key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>      eku: id-kp-serverAuth,id-kp-clientAuth
>      pre-save command:
>      post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv EXAMPLE-COM
>      track: yes
>      auto-renew: yes

More GoDaddy I assume.

rob

>
>
>
>
>
> ------------------------------------------------------------------------
> *From:* sipazzo <sipazzo at yahoo.com>
> *To:* Rob Crittenden <rcritten at redhat.com>; "freeipa-users at redhat.com"
> <freeipa-users at redhat.com>
> *Sent:* Friday, July 29, 2016 4:06 PM
> *Subject:* Re: [Freeipa-users] certificates expired - won't renew
>
> Rob you are awesome and I don't know what I would do without you. So I
> have two things going on obviously. Following your instructions it looks
> like the DM password has correctly been set. I cannot change the admin
> password as a test because I get the cert errors. I am going to retry
> setting dates back and requesting new certs again following some of the
> threads I have seen. Could you please just clarify two points? On my 4
> servers all running as CAs do I only need to set the date back to prior
> to expired certs running ipa-getcert list or the earliest expired date
> when running getcert list? The getcert list shows certs that have been
> expired since June but the ipa-getcert shows more recent. Also, does it
> matter which servers I do first? Meaning should I set time back on my
> "master" CA first.
>
> This is the expiration output info from my master:
>
> [root at ipa2 ~]# ipa-getcert list | grep expires
>      expires: 2016-08-26 16:41:24 UTC
>      expires: 2016-08-26 16:41:23 UTC
>      expires: 2016-08-26 16:41:24 UTC
> [root at ipa2 ~]# getcert list | grep expires
>      expires: 2016-08-26 16:41:24 UTC
>      expires: 2016-08-15 16:47:26 UTC
>      expires: 2016-08-26 16:41:23 UTC
>      expires: 2016-08-26 16:41:24 UTC
>      expires: 2016-06-06 23:36:29 UTC
>      expires: 2016-06-06 23:36:28 UTC
>      expires: 2016-06-06 23:36:28 UTC
>      expires: 2016-06-06 23:37:09 UTC
>
>
> Again thank you, as always.
>
>
> ------------------------------------------------------------------------
> *From:* Rob Crittenden <rcritten at redhat.com>
> *To:* sipazzo <sipazzo at yahoo.com>; "freeipa-users at redhat.com"
> <freeipa-users at redhat.com>
> *Sent:* Friday, July 29, 2016 2:10 PM
> *Subject:* Re: [Freeipa-users] certificates expired - won't renew
>
> sipazzo wrote:
>  > I have seen many threads on this so sorry to bring it up again but I
>  > have a freeipa domain, with 4 ipa servers running on redhat 6 version
>  > 3.0.0-50. The certificates are expired/expiring and will not renew and
>  > it is causing many issues for us. I have tried the many suggestions I
>  > have see in the archives such as changing the time to prior to
>  > expiration and attempting renew by resubmitting the requests but they
>  > never renew. An example of getcert list from the first server that
> expired:
>  >
>  > Number of certificates and requests being tracked: 8.
>
> [snip]
>
>
>  > localhost log in /var/log/pki-ca have errors like:
>  > tail localhost.2016-07-29.log
>  > Jul 29, 2016 8:55:51 AM org.apache.catalina.core.StandardWrapperValve
> invoke
>  > SEVERE: Servlet.service() for servlet caProfileSubmit threw exception
>  > java.io.IOException: CS server is not ready to serve.
>  >      at
>  > com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:441)
>  >      at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
>  >      at
>  >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>  >      at
>  >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>  >      at
>  >
> com.netscape.cms.servlet.filter.EERequestFilter.doFilter(EERequestFilter.java:176)
>  >      at
>  >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>  >      at org.
>  >
>  > Debug log in /var/log/pki-cacd
>  >  tail debug
>  > [29/Jul/2016:08:49:08][Timer-0]: CMSEngine: getPasswordStore(): password
>  > store initialized before.
>  > [29/Jul/2016:08:49:08][Timer-0]: CMSEngine: getPasswordStore(): password
>  > store initialized.
>  > [29/Jul/2016:08:49:08][Timer-0]: SecurityDomainSessionTable getLDAPConn:
>  > netscape.ldap.LDAPException: error result (49)
>  > [29/Jul/2016:08:49:08][Timer-0]: SecurityDomainSessionTable: unable to
>  > query sessionIds: java.io.IOException: Failed to connect to the internal
>  > database.
>  > [29/Jul/2016:08:49:08][Timer-0]: SecurityDomainSessionTable:
>  > getSessionIds: Error in disconnecting from database:
>  > java.lang.NullPointerException
>  > [29/Jul/2016:08:54:08][Timer-0]: CMSEngine: getPasswordStore(): password
>  > store initialized before.
>  > [29/Jul/2016:08:54:08][Timer-0]: CMSEngine: getPasswordStore(): password
>  > store initialized.
>  > [29/Jul/2016:08:54:08][Timer-0]: SecurityDomainSessionTable getLDAPConn:
>  > netscape.ldap.LDAPException: error result (49)
>  > [29/Jul/2016:08:54:08][Timer-0]: SecurityDomainSessionTable: unable to
>  > query sessionIds: java.io.IOException: Failed to connect to the internal
>  > database.
>  > [29/Jul/2016:08:54:08][Timer-0]: SecurityDomainSessionTable:
>  > getSessionIds: Error in disconnecting from database:
>  > java.lang.NullPointerException
>  >
>  >
>  > Performing most IPA commands results in errors such as ipa: ERROR: cert
>  > validation failed for "CN=ipa1.example.com,O=EXAMPLE.COM"
>  > ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
>  >
>  > Not sure if it is related but we lost our first IPA server some time ago
>  > and had to promote another to the CA master. Also, due to someone
>  > leaving the company at the beginning of the year we had to change the
>  > directory manager password. I followed all the directions to do so but
>  > it does not seem like it was a completely smooth transaction.
>
>
> It is related. Your CA can't connect to its database. You must have
> missed a step when updating the DM password.
>
> As a goof I just tried it on my RHEL 6 install and it seems to work,
> this is what I did:
>
> # service dirsrv stop
> # /usr/bin/pwdhash password
>
> edit both /etc/dirsrv/slapd-REALM/dse.ldif and
> /etc/dirsrv/slapd-PKI-IPA/dse.ldif to set nsslapd-rootpw
>
> # service dirsrv start
>
> Check both of the new passwords:
>
> # ldapsearch -x -D "cn=directory manager" -W -s base -b ""
> "objectclass=*"
> # ldapsearch -h localhost -po 7389 -x -D "cn=directory manager" -W -s
> base -b "" "objectclass=*"
>
> Update internaldb value in /etc/pki-ca/password.conf with the new password.
>
> Update and test the admin user password:
>
> # ldappasswd -h localhost -ZZ -p 7389 -x -D "cn=Directory Manager" -W -S
> uid=admin,ou=people,o=ipaca
> # ldapsearch -h localhost -ZZ -p 7389 -x -D
> "uid=admin,ou=people,o=ipaca" -W -b "" -s base
>
> Restart the CA
>
> # service pki-cad restart
>
> Note that things _still_ aren't going to work so hot with all the
> expired certs but if you go back in time you will at least have a chance
> of renewing things.
>
> rob
>
>
>
>
>



From nharrington at i-neda.com  Mon Aug  1 14:35:04 2016
From: nharrington at i-neda.com (Neal Harrington | i-Neda Ltd)
Date: Mon, 1 Aug 2016 14:35:04 +0000
Subject: [Freeipa-users] Slow logins with multi site replication
Message-ID: <HE1PR0601MB210808014652D54808AF744E8D040@HE1PR0601MB2108.eurprd06.prod.outlook.com>

Hi,


I am experiencing slow logins and sudo authentication for servers joined to my FreeIPA domain. I have been following the other recent thread on slow logins and believe my issue is different.


I have replication setup with 2 FreeIPA servers at each of 3 sites. The replication is working well and I am able to login correctly on client servers with correct sudo permissions etc. Logins seem to take a long time however. There seems to be some kind of DNS/connection timeout issues, see the example below where the client times out on the auth01 server, then retries and connects. I have also seen it switch to an alternate IPA server on timeout. Total delay in this example is about 10 seconds however it can take longer (approx 30 seconds). It is worth mentioning that client servers in each site cannot connect to IPA servers is a different site - however in the example below the auth01 IPA server is in the same site as the client server. I'm not sure if there is any way to make the IPA clients site aware so they prefer to log in to a local server?


On the IPA servers themselves there is no noticeable delay and once I have authenticated with sudo once, subsequent attempts in the same login are also near instant. I have not been able to find any reason for this delay in any logs (which probably just means I'm not looking in the right place).


DNS servers are running on each IPA server and responding well whenever I have tested.


IPA Servers: CentOS 7.2.1511 running IPA 4.2.0 (from standard CentOS repo)

Client servers: Ubuntu 14.04 running IPA 3.3.4 (From standard Ubuntu repo)


Any comments or suggestions greatly appreciated.


Thanks,

Neal.


Example sssd log for a "sudo -l" attempt.

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=neal]

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [sdap_attrs_get_sid_str] (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [be_pam_handler] (0x0100): Got request with the following data

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): domain: fqdn.com

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): user: neal

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): service: sudo

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): tty: /dev/pts/3

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): ruser: neal

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): rhost:

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): authtok type: 1

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): newauthtok type: 0

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): priv: 0

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): cli_pid: 7429

(Mon Aug 1 14:39:53 2016) [sssd[be[fqdn.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'

(Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_child_timeout] (0x0040): Timeout for child [7430] reached. In case KDC is distant or network is slow you may consider increasing value of krb5_auth_timeout.

(Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_auth_done] (0x0020): child timed out!

(Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'auth01.fqdn.com' as 'not working'

(Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'

(Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.

(Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [child_sig_handler] (0x0020): child [7430] was terminated by signal [9].

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'auth01.fqdn.com' as 'working'

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [set_server_common_status] (0x0100): Marking server 'auth01.fqdn.com' as 'working'

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler_callback] (0x0100): Sending result [0][fqdn.com]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler_callback] (0x0100): Sent result [0][fqdn.com]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [child_sig_handler] (0x0100): child [7431] finished successfully.

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_get_account_info] (0x0100): Got request for [3][1][name=neal]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [sdap_attrs_get_sid_str] (0x0080): No [objectSIDString] attribute while id-mapping. [0][Success]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain SID from [(null)]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler] (0x0100): Got request with the following data

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): command: PAM_ACCT_MGMT

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): domain: fqdn.com

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): user: neal

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): service: sudo

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): tty: /dev/pts/3

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): ruser: neal

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): rhost:

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): authtok type: 0

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): newauthtok type: 0

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): priv: 0

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [pam_print_data] (0x0100): cli_pid: 7429

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [hbac_user_attrs_to_rule] (0x0020): [uid=admin,cn=users,cn=accounts,dc=fqnd,dc=com] does not map to either a user or group. Skipping

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [global_login]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success) [Success]

(Mon Aug 1 14:40:04 2016) [sssd[be[fqdn.com]]] [be_pam_handler_callback] (0x0100): Sending result [0][fqdn.com]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/216dbbdd/attachment.htm>

From alewis422 at gmail.com  Mon Aug  1 14:58:49 2016
From: alewis422 at gmail.com (Adam Lewis)
Date: Mon, 1 Aug 2016 10:58:49 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
Message-ID: <CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>

A quick update. We did some digging on the segfault problem and I think it
was due to having to update the trusts on the CA cert. So we updated the
certmonger package and certmonger now starts again.
However we're kind of back to square one where we are still getting the
AUTH_FAIL messages in the debug log.
I have verified that the ipara entry's serial number and cert match the
serial number and cert from the one in /etc/httpd/alias.

Any other ideas?

Thanks!

On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis <alewis422 at gmail.com> wrote:

> Rob,
> Thanks for pointing me in the right direction. However after following the
> instructions in the above mentioned doc I noticed a few things that are odd
> and have a new problem. The first odd thing I noticed is that when I run
> service pki-cad status it shows that my PKI Subsystem Type is "CA Clone
> (Security Domain)"
> Shouldn't that say something like "CA Master"?
> Second, when I ran the "ipa-getcert resubmit -I [ID]" commands they all
> produced the same AUTH_FAIL message in the debug log.
>
> Now the new problem...after pressing on and restarting things certmonger
> fails to start with a segfault.
> Starting certmonger: /bin/bash: line 1: 64935 Segmentation fault
> /usr/sbin/certmonger -S -p /var/run certmonger.pid
>
> Thanks!
>
> On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> Lewis, Adam M CIV NSWCDD, H11 wrote:
>>
>>> We are currently dead in the water. Our OCSP, CA Audit, CA Subsystem,
>>> and IPA RA certs expired as of 7/23/16. I found and followed the
>>> instructions to the letter (
>>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>>> however the CA Subsystem and IPA RA certs will not renew. I've backdated
>>> the server to make sure the system was within the renewal window, but that
>>> has not help.
>>>
>>
>> Those are the wrong instructions.
>>
>> You want this instead, https://access.redhat.com/solutions/643753
>>
>> A bunch of it is for 2.2 but it isn't exactly noted which parts. A
>> general rule is that you don't/shouldn't need to directly tweak the dogtag
>> configuration or do any of the start-tracking work (though you may want to
>> verify that what/if anything you changed from that wrong doc).
>>
>> When I run getcert list it reports:
>>> Ca-error: Sever at "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>>> replied: 1: Authentication Error
>>> for both the IPA RA and CA Subsystem certs
>>>
>>> The debug log shows:
>>> SignedAuditEventFactory: create()
>>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>>> RA,O=MISS.ION] authentication failure
>>> ReviewReqServlet: Invalid Credential.
>>>
>>
>> The place to start is to get the serial # of the ipaCert:
>>
>> # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial
>>
>> Now get the user from the dogtag LDAP server:
>>
>> # ldapsearch -h `hostname` -p 7389 -x -D 'cn=directory manager' -W -b
>> uid=ipara,ou=People,o=ipaca description
>>
>> The format is 2;<serial number>;<issuer subject>;<subject>
>>
>> See if the serial # matches ipaCert. I'm guessing it won't. Follow the
>> instructions on the page I cited to update the entry with the current
>> certificate and serial # values. That should get you going.
>>
>> rob
>>
>>
>>
>>> We are kind of in deep doo-doo until this gets resolved.
>>>
>>> We are running ipa-server-3.0.0-47.el6_7.2 on RHEL 6.5
>>>
>>> Any thoughts?
>>>
>>> Thanks!
>>>
>>> Adam M. Lewis
>>>
>>>
>>>
>>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
>
> --
> Adam M. Lewis
> alewis422 at gmail.com
> 10807 Allie Place
> Fredericksburg, VA 22408
> 540-412-8643
>
>
>


-- 
Adam M. Lewis
alewis422 at gmail.com
10807 Allie Place
Fredericksburg, VA 22408
540-412-8643
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/59c895b6/attachment.htm>

From rcritten at redhat.com  Mon Aug  1 15:18:01 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 1 Aug 2016 11:18:01 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
Message-ID: <579F6829.5010103@redhat.com>

Adam Lewis wrote:
> A quick update. We did some digging on the segfault problem and I think
> it was due to having to update the trusts on the CA cert. So we updated
> the certmonger package and certmonger now starts again.
> However we're kind of back to square one where we are still getting the
> AUTH_FAIL messages in the debug log.
> I have verified that the ipara entry's serial number and cert match the
> serial number and cert from the one in /etc/httpd/alias.

How about the certificate PEM? Does it match the usercertificate in the 
dogtag LDAP server?

rob

>
> Any other ideas?
>
> Thanks!
>
> On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis <alewis422 at gmail.com
> <mailto:alewis422 at gmail.com>> wrote:
>
>     Rob,
>     Thanks for pointing me in the right direction. However after
>     following the instructions in the above mentioned doc I noticed a
>     few things that are odd and have a new problem. The first odd thing
>     I noticed is that when I run service pki-cad status it shows that my
>     PKI Subsystem Type is "CA Clone (Security Domain)"
>     Shouldn't that say something like "CA Master"?
>     Second, when I ran the "ipa-getcert resubmit -I [ID]" commands they
>     all produced the same AUTH_FAIL message in the debug log.
>
>     Now the new problem...after pressing on and restarting things
>     certmonger fails to start with a segfault.
>     Starting certmonger: /bin/bash: line 1: 64935 Segmentation
>     fault      /usr/sbin/certmonger -S -p /var/run certmonger.pid
>
>     Thanks!
>
>     On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden <rcritten at redhat.com
>     <mailto:rcritten at redhat.com>> wrote:
>
>         Lewis, Adam M CIV NSWCDD, H11 wrote:
>
>             We are currently dead in the water. Our OCSP, CA Audit, CA
>             Subsystem, and IPA RA certs expired as of 7/23/16. I found
>             and followed the instructions to the letter
>             (http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>             however the CA Subsystem and IPA RA certs will not renew.
>             I've backdated the server to make sure the system was within
>             the renewal window, but that has not help.
>
>
>         Those are the wrong instructions.
>
>         You want this instead, https://access.redhat.com/solutions/643753
>
>         A bunch of it is for 2.2 but it isn't exactly noted which parts.
>         A general rule is that you don't/shouldn't need to directly
>         tweak the dogtag configuration or do any of the start-tracking
>         work (though you may want to verify that what/if anything you
>         changed from that wrong doc).
>
>             When I run getcert list it reports:
>             Ca-error: Sever at
>             "https://<fqdn>:9443/ca/agent/ca/profileProcess" replied: 1:
>             Authentication Error
>             for both the IPA RA and CA Subsystem certs
>
>             The debug log shows:
>             SignedAuditEventFactory: create()
>             message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>             RA,O=MISS.ION] authentication failure
>             ReviewReqServlet: Invalid Credential.
>
>
>         The place to start is to get the serial # of the ipaCert:
>
>         # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial
>
>         Now get the user from the dogtag LDAP server:
>
>         # ldapsearch -h `hostname` -p 7389 -x -D 'cn=directory manager'
>         -W -b uid=ipara,ou=People,o=ipaca description
>
>         The format is 2;<serial number>;<issuer subject>;<subject>
>
>         See if the serial # matches ipaCert. I'm guessing it won't.
>         Follow the instructions on the page I cited to update the entry
>         with the current certificate and serial # values. That should
>         get you going.
>
>         rob
>
>
>
>             We are kind of in deep doo-doo until this gets resolved.
>
>             We are running ipa-server-3.0.0-47.el6_7.2 on RHEL 6.5
>
>             Any thoughts?
>
>             Thanks!
>
>             Adam M. Lewis
>
>
>
>
>         --
>         Manage your subscription for the Freeipa-users mailing list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>         Go to http://freeipa.org for more info on the project
>
>
>
>
>     --
>     Adam M. Lewis
>     alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>     10807 Allie Place
>     Fredericksburg, VA 22408
>     540-412-8643 <tel:540-412-8643>
>
>
>
>
>
> --
> Adam M. Lewis
> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
> 10807 Allie Place
> Fredericksburg, VA 22408
> 540-412-8643
>
>
>
>



From alewis422 at gmail.com  Mon Aug  1 15:23:13 2016
From: alewis422 at gmail.com (Adam Lewis)
Date: Mon, 1 Aug 2016 11:23:13 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <579F6829.5010103@redhat.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
Message-ID: <CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>

If you mean the usercertificate value from the ldapsearch command, then
yes. That value matches the value from the certutil output.

Thanks

On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden <rcritten at redhat.com> wrote:

> Adam Lewis wrote:
>
>> A quick update. We did some digging on the segfault problem and I think
>> it was due to having to update the trusts on the CA cert. So we updated
>> the certmonger package and certmonger now starts again.
>> However we're kind of back to square one where we are still getting the
>> AUTH_FAIL messages in the debug log.
>> I have verified that the ipara entry's serial number and cert match the
>> serial number and cert from the one in /etc/httpd/alias.
>>
>
> How about the certificate PEM? Does it match the usercertificate in the
> dogtag LDAP server?
>
> rob
>
>
>> Any other ideas?
>>
>> Thanks!
>>
>> On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis <alewis422 at gmail.com
>> <mailto:alewis422 at gmail.com>> wrote:
>>
>>     Rob,
>>     Thanks for pointing me in the right direction. However after
>>     following the instructions in the above mentioned doc I noticed a
>>     few things that are odd and have a new problem. The first odd thing
>>     I noticed is that when I run service pki-cad status it shows that my
>>     PKI Subsystem Type is "CA Clone (Security Domain)"
>>     Shouldn't that say something like "CA Master"?
>>     Second, when I ran the "ipa-getcert resubmit -I [ID]" commands they
>>     all produced the same AUTH_FAIL message in the debug log.
>>
>>     Now the new problem...after pressing on and restarting things
>>     certmonger fails to start with a segfault.
>>     Starting certmonger: /bin/bash: line 1: 64935 Segmentation
>>     fault      /usr/sbin/certmonger -S -p /var/run certmonger.pid
>>
>>     Thanks!
>>
>>     On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden <rcritten at redhat.com
>>     <mailto:rcritten at redhat.com>> wrote:
>>
>>         Lewis, Adam M CIV NSWCDD, H11 wrote:
>>
>>             We are currently dead in the water. Our OCSP, CA Audit, CA
>>             Subsystem, and IPA RA certs expired as of 7/23/16. I found
>>             and followed the instructions to the letter
>>             (
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0
>> )
>>             however the CA Subsystem and IPA RA certs will not renew.
>>             I've backdated the server to make sure the system was within
>>             the renewal window, but that has not help.
>>
>>
>>         Those are the wrong instructions.
>>
>>         You want this instead, https://access.redhat.com/solutions/643753
>>
>>         A bunch of it is for 2.2 but it isn't exactly noted which parts.
>>         A general rule is that you don't/shouldn't need to directly
>>         tweak the dogtag configuration or do any of the start-tracking
>>         work (though you may want to verify that what/if anything you
>>         changed from that wrong doc).
>>
>>             When I run getcert list it reports:
>>             Ca-error: Sever at
>>             "https://<fqdn>:9443/ca/agent/ca/profileProcess" replied: 1:
>>             Authentication Error
>>             for both the IPA RA and CA Subsystem certs
>>
>>             The debug log shows:
>>             SignedAuditEventFactory: create()
>>
>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>>             RA,O=MISS.ION] authentication failure
>>             ReviewReqServlet: Invalid Credential.
>>
>>
>>         The place to start is to get the serial # of the ipaCert:
>>
>>         # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial
>>
>>         Now get the user from the dogtag LDAP server:
>>
>>         # ldapsearch -h `hostname` -p 7389 -x -D 'cn=directory manager'
>>         -W -b uid=ipara,ou=People,o=ipaca description
>>
>>         The format is 2;<serial number>;<issuer subject>;<subject>
>>
>>         See if the serial # matches ipaCert. I'm guessing it won't.
>>         Follow the instructions on the page I cited to update the entry
>>         with the current certificate and serial # values. That should
>>         get you going.
>>
>>         rob
>>
>>
>>
>>             We are kind of in deep doo-doo until this gets resolved.
>>
>>             We are running ipa-server-3.0.0-47.el6_7.2 on RHEL 6.5
>>
>>             Any thoughts?
>>
>>             Thanks!
>>
>>             Adam M. Lewis
>>
>>
>>
>>
>>         --
>>         Manage your subscription for the Freeipa-users mailing list:
>>         https://www.redhat.com/mailman/listinfo/freeipa-users
>>         Go to http://freeipa.org for more info on the project
>>
>>
>>
>>
>>     --
>>     Adam M. Lewis
>>     alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>     10807 Allie Place
>>     Fredericksburg, VA 22408
>>     540-412-8643 <tel:540-412-8643>
>>
>>
>>
>>
>>
>> --
>> Adam M. Lewis
>> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>> 10807 Allie Place
>> Fredericksburg, VA 22408
>> 540-412-8643
>>
>>
>>
>>
>>
>


-- 
Adam M. Lewis
alewis422 at gmail.com
10807 Allie Place
Fredericksburg, VA 22408
540-412-8643
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/9336adae/attachment.htm>

From pvoborni at redhat.com  Mon Aug  1 17:15:37 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Mon, 1 Aug 2016 19:15:37 +0200
Subject: [Freeipa-users] ipa-server-install --external-cert-file and
 exporting dogtag certificates
In-Reply-To: <CACHJYOsefMx2bmWFSsPT_nFNX9o8+EFUaz1sqc4Xq11y2NrgOg@mail.gmail.com>
References: <CACHJYOsefMx2bmWFSsPT_nFNX9o8+EFUaz1sqc4Xq11y2NrgOg@mail.gmail.com>
Message-ID: <4cc4b68d-9bea-99d2-1264-e49c35c80f04@redhat.com>

On 07/31/2016 07:45 AM, Richard Harmonson wrote:
> I having challenges resuming ipa-server-install --external-ca. I am reasonably 
> confident I am not providing the right certificate and/or format from my 
> off-line root CA using 389 and Dogtag.
> 
> Does anyone have instructions on how to accomplish the task of exporting the 
> correct certificates in the expected format?
> 
> Thank you.
> 

The IPA procedure with prerequisites is described at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-server-external-ca

Or are you rather asking for specific PKI instructions?

e.g.
*
http://pki.fedoraproject.org/wiki/PKI_Certificate_CLI#Submitting_a_Certificate_Request

*
http://pki.fedoraproject.org/wiki/CA_Certificate_Profiles#caCACert:_Manual_Certificate_Manager_Signing_Certificate_Enrollment
-- 
Petr Vobornik



From jcnt at use.startmail.com  Mon Aug  1 18:37:44 2016
From: jcnt at use.startmail.com (Josh)
Date: Mon, 1 Aug 2016 14:37:44 -0400
Subject: [Freeipa-users] updating certificates
In-Reply-To: <5783A8E6.4010407@redhat.com>
References: <961a039c237577e3b3a460ab3a33e6d5.startmail@www.startmail.com>
	<57728EB8.2050805@redhat.com>
	<a47a32f504dd060ebd87417765d0596f.startmail@www.startmail.com>
	<5783A8E6.4010407@redhat.com>
Message-ID: <6679eb63-04ec-f55e-9dd9-fc736fa6a8f2@use.startmail.com>

Hi Rob,

Just a quick summary on my certificate renew experience.

I started with a worst case scenario assumption - original CSR and key 
is no longer available.
1. export old certificate in pkcs12 format
pk12util -d /etc/httpd/alias -n 'certificate alias' -o /tmp/ipa.p12 -k 
/etc/httpd/alias/pwdfile.txt
2. extract original certificate key
openssl pkcs12 -in /tmp/ipa.p12 -out /tmp/ipa.key -nocerts
3. generate new CSR
openssl req -out CSR.csr -key  /tmp/ipa.key -new

above commands just for reference and require significant interactive input.
I wonder if anyone can wrap all in one script.

Regarding installing new certificate I found that simplest method is to 
delete expired certificate first and import new one using the same 
alias, adding intermediate certificate if changed. Steps are identical 
for both apache and directory server.
1. certutil -D -d /etc/httpd/alias -n original_alias
2. certutil -A -n Intermediate -d /etc/httpd/alias -a -i 
intermediate.pem -t "C,,"
3. certutil -A -n original_alias -d /etc/httpd/alias -t u,u,u -a -i 
myipanew.pem


Josh.

On 07/11/2016 10:10 AM, Rob Crittenden wrote:
> jcnt at use.startmail.com wrote:
>> On Tuesday, June 28, 2016 10:50 AM, Rob Crittenden 
>> <rcritten at redhat.com> wrote:
>>> jcnt at use.startmail.com wrote:
>>>> Greetings,
>>>>
>>>> About a year ago I installed my freeipa server with certificates from
>>>> startssl using command line options --dirsrv-cert-file 
>>>> --http-cert-file
>>>> etc.
>>>> The certificate is about to expire, what is the proper way to 
>>>> update it
>>>> in all places?
>>>
>>> It depends on whether you kept the original CSR or not. If you kept the
>>> original CSR and are just renewing the certificate(s) then when you get
>>> the new one, use certutil to add the updated cert to the appropriate 
>>> NSS
>>> database like:
>>>
>>> # certutil -A -n Server-Cert -d /etc/httpd/alias -t u,u,u -a -i
>>> /path/to/new.crt
>>>
>>
>> Rob,
>>
>> Thank you, that worked just fine, except that I had to update an 
>> intermediate certificate as well.
>>
>> Two questions, please:
>>
>> 1. I noticed a strange discrepancy in behavior between 
>> /etc/httpd/alias and /etc/dirsrv/slapd-domain.
>> In both places original intermediate certificate is listed with empty 
>> ",," trust attributes so I initially added new intermediate 
>> certificate with empty attributes as well.
>> certutils -V showed valid certificate in /etc/httpd/alias and not 
>> trusted in /etc/dirsrv/slapd-domain so I had to modify intermediate 
>> certificate with -t "C,,"
>
> Hmm, not sure. Did the CA chain change in between the issuance of the 
> two certs?
>
> Adding a new certificate shouldn't affect the trust of any other certs 
> so I'm not sure what happened. It could be that those subordinate CAs 
> were loaded the first time incorrectly but weren't used so it wasn't 
> noticed, I'm not really sure.
>
>> 2. Just out of curiosity I wanted to list private keys and is 
>> prompted for a password:
>> # certutil -K -d /etc/httpd/alias/
>> certutil: Checking token "NSS Certificate DB" in slot "NSS User 
>> Private Key and Certificate Services"
>> Enter Password or Pin for "NSS Certificate DB":
>>
>> Which one of the many provided by a user passwords is used by 
>> ipa-server-install command during NSS database initialization?
>
> In each NSS directory there is a pwdfile.txt which contains the PIN 
> for the internal token. You can add -f /etc/httpd/alias/pwdfile.txt to 
> your command to list the private keys.
>
> rob




From rcritten at redhat.com  Mon Aug  1 19:00:15 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 1 Aug 2016 15:00:15 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
Message-ID: <579F9C3F.7090804@redhat.com>

Adam Lewis wrote:
> If you mean the usercertificate value from the ldapsearch command, then
> yes. That value matches the value from the certutil output.

The usercertificate in LDAP had the BEGIN/END stripped, right?

I'll cc a couple of the dogtag developers to see what they think.

rob

>
> Thanks
>
> On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Adam Lewis wrote:
>
>         A quick update. We did some digging on the segfault problem and
>         I think
>         it was due to having to update the trusts on the CA cert. So we
>         updated
>         the certmonger package and certmonger now starts again.
>         However we're kind of back to square one where we are still
>         getting the
>         AUTH_FAIL messages in the debug log.
>         I have verified that the ipara entry's serial number and cert
>         match the
>         serial number and cert from the one in /etc/httpd/alias.
>
>
>     How about the certificate PEM? Does it match the usercertificate in
>     the dogtag LDAP server?
>
>     rob
>
>
>         Any other ideas?
>
>         Thanks!
>
>         On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis <alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>> wrote:
>
>              Rob,
>              Thanks for pointing me in the right direction. However after
>              following the instructions in the above mentioned doc I
>         noticed a
>              few things that are odd and have a new problem. The first
>         odd thing
>              I noticed is that when I run service pki-cad status it
>         shows that my
>              PKI Subsystem Type is "CA Clone (Security Domain)"
>              Shouldn't that say something like "CA Master"?
>              Second, when I ran the "ipa-getcert resubmit -I [ID]"
>         commands they
>              all produced the same AUTH_FAIL message in the debug log.
>
>              Now the new problem...after pressing on and restarting things
>              certmonger fails to start with a segfault.
>              Starting certmonger: /bin/bash: line 1: 64935 Segmentation
>              fault      /usr/sbin/certmonger -S -p /var/run certmonger.pid
>
>              Thanks!
>
>              On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden
>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>              <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>>
>         wrote:
>
>                  Lewis, Adam M CIV NSWCDD, H11 wrote:
>
>                      We are currently dead in the water. Our OCSP, CA
>         Audit, CA
>                      Subsystem, and IPA RA certs expired as of 7/23/16.
>         I found
>                      and followed the instructions to the letter
>
>         (http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>                      however the CA Subsystem and IPA RA certs will not
>         renew.
>                      I've backdated the server to make sure the system
>         was within
>                      the renewal window, but that has not help.
>
>
>                  Those are the wrong instructions.
>
>                  You want this instead,
>         https://access.redhat.com/solutions/643753
>
>                  A bunch of it is for 2.2 but it isn't exactly noted
>         which parts.
>                  A general rule is that you don't/shouldn't need to directly
>                  tweak the dogtag configuration or do any of the
>         start-tracking
>                  work (though you may want to verify that what/if
>         anything you
>                  changed from that wrong doc).
>
>                      When I run getcert list it reports:
>                      Ca-error: Sever at
>                      "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>         replied: 1:
>                      Authentication Error
>                      for both the IPA RA and CA Subsystem certs
>
>                      The debug log shows:
>                      SignedAuditEventFactory: create()
>
>         message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>                      RA,O=MISS.ION] authentication failure
>                      ReviewReqServlet: Invalid Credential.
>
>
>                  The place to start is to get the serial # of the ipaCert:
>
>                  # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial
>
>                  Now get the user from the dogtag LDAP server:
>
>                  # ldapsearch -h `hostname` -p 7389 -x -D 'cn=directory
>         manager'
>                  -W -b uid=ipara,ou=People,o=ipaca description
>
>                  The format is 2;<serial number>;<issuer subject>;<subject>
>
>                  See if the serial # matches ipaCert. I'm guessing it won't.
>                  Follow the instructions on the page I cited to update
>         the entry
>                  with the current certificate and serial # values. That
>         should
>                  get you going.
>
>                  rob
>
>
>
>                      We are kind of in deep doo-doo until this gets
>         resolved.
>
>                      We are running ipa-server-3.0.0-47.el6_7.2 on RHEL 6.5
>
>                      Any thoughts?
>
>                      Thanks!
>
>                      Adam M. Lewis
>
>
>
>
>                  --
>                  Manage your subscription for the Freeipa-users mailing
>         list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>                  Go to http://freeipa.org for more info on the project
>
>
>
>
>              --
>              Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>              10807 Allie Place
>              Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>>
>
>
>
>
>
>         --
>         Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>         10807 Allie Place
>         Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643>
>
>
>
>
>
>
>
>
> --
> Adam M. Lewis
> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
> 10807 Allie Place
> Fredericksburg, VA 22408
> 540-412-8643
>
>



From alewis422 at gmail.com  Mon Aug  1 19:02:43 2016
From: alewis422 at gmail.com (Adam Lewis)
Date: Mon, 1 Aug 2016 15:02:43 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <579F9C3F.7090804@redhat.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
	<579F9C3F.7090804@redhat.com>
Message-ID: <CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>

Yup, It's just the text string. I don't know how much this matters but when
I ran the start-tracking for the ipaCert it didn't generate a new
certificate. I'm still working off of serial number 7, which is what it's
been since we installed IPA. Is there some way/reason for me to generate a
whole new ipaCert?

Thanks

On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Adam Lewis wrote:
>
>> If you mean the usercertificate value from the ldapsearch command, then
>> yes. That value matches the value from the certutil output.
>>
>
> The usercertificate in LDAP had the BEGIN/END stripped, right?
>
> I'll cc a couple of the dogtag developers to see what they think.
>
> rob
>
>
>> Thanks
>>
>> On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>     Adam Lewis wrote:
>>
>>         A quick update. We did some digging on the segfault problem and
>>         I think
>>         it was due to having to update the trusts on the CA cert. So we
>>         updated
>>         the certmonger package and certmonger now starts again.
>>         However we're kind of back to square one where we are still
>>         getting the
>>         AUTH_FAIL messages in the debug log.
>>         I have verified that the ipara entry's serial number and cert
>>         match the
>>         serial number and cert from the one in /etc/httpd/alias.
>>
>>
>>     How about the certificate PEM? Does it match the usercertificate in
>>     the dogtag LDAP server?
>>
>>     rob
>>
>>
>>         Any other ideas?
>>
>>         Thanks!
>>
>>         On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis <alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>> wrote:
>>
>>              Rob,
>>              Thanks for pointing me in the right direction. However after
>>              following the instructions in the above mentioned doc I
>>         noticed a
>>              few things that are odd and have a new problem. The first
>>         odd thing
>>              I noticed is that when I run service pki-cad status it
>>         shows that my
>>              PKI Subsystem Type is "CA Clone (Security Domain)"
>>              Shouldn't that say something like "CA Master"?
>>              Second, when I ran the "ipa-getcert resubmit -I [ID]"
>>         commands they
>>              all produced the same AUTH_FAIL message in the debug log.
>>
>>              Now the new problem...after pressing on and restarting things
>>              certmonger fails to start with a segfault.
>>              Starting certmonger: /bin/bash: line 1: 64935 Segmentation
>>              fault      /usr/sbin/certmonger -S -p /var/run certmonger.pid
>>
>>              Thanks!
>>
>>              On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden
>>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>              <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>>
>>
>>         wrote:
>>
>>                  Lewis, Adam M CIV NSWCDD, H11 wrote:
>>
>>                      We are currently dead in the water. Our OCSP, CA
>>         Audit, CA
>>                      Subsystem, and IPA RA certs expired as of 7/23/16.
>>         I found
>>                      and followed the instructions to the letter
>>
>>         (
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0
>> )
>>                      however the CA Subsystem and IPA RA certs will not
>>         renew.
>>                      I've backdated the server to make sure the system
>>         was within
>>                      the renewal window, but that has not help.
>>
>>
>>                  Those are the wrong instructions.
>>
>>                  You want this instead,
>>         https://access.redhat.com/solutions/643753
>>
>>                  A bunch of it is for 2.2 but it isn't exactly noted
>>         which parts.
>>                  A general rule is that you don't/shouldn't need to
>> directly
>>                  tweak the dogtag configuration or do any of the
>>         start-tracking
>>                  work (though you may want to verify that what/if
>>         anything you
>>                  changed from that wrong doc).
>>
>>                      When I run getcert list it reports:
>>                      Ca-error: Sever at
>>                      "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>>         replied: 1:
>>                      Authentication Error
>>                      for both the IPA RA and CA Subsystem certs
>>
>>                      The debug log shows:
>>                      SignedAuditEventFactory: create()
>>
>>
>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>>                      RA,O=MISS.ION] authentication failure
>>                      ReviewReqServlet: Invalid Credential.
>>
>>
>>                  The place to start is to get the serial # of the ipaCert:
>>
>>                  # certutil -L -d /etc/httpd/alias -n ipaCert |grep Serial
>>
>>                  Now get the user from the dogtag LDAP server:
>>
>>                  # ldapsearch -h `hostname` -p 7389 -x -D 'cn=directory
>>         manager'
>>                  -W -b uid=ipara,ou=People,o=ipaca description
>>
>>                  The format is 2;<serial number>;<issuer
>> subject>;<subject>
>>
>>                  See if the serial # matches ipaCert. I'm guessing it
>> won't.
>>                  Follow the instructions on the page I cited to update
>>         the entry
>>                  with the current certificate and serial # values. That
>>         should
>>                  get you going.
>>
>>                  rob
>>
>>
>>
>>                      We are kind of in deep doo-doo until this gets
>>         resolved.
>>
>>                      We are running ipa-server-3.0.0-47.el6_7.2 on RHEL
>> 6.5
>>
>>                      Any thoughts?
>>
>>                      Thanks!
>>
>>                      Adam M. Lewis
>>
>>
>>
>>
>>                  --
>>                  Manage your subscription for the Freeipa-users mailing
>>         list:
>>         https://www.redhat.com/mailman/listinfo/freeipa-users
>>                  Go to http://freeipa.org for more info on the project
>>
>>
>>
>>
>>              --
>>              Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>              10807 Allie Place
>>              Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>>
>>
>>
>>
>>
>>
>>         --
>>         Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>         10807 Allie Place
>>         Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Adam M. Lewis
>> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>> 10807 Allie Place
>> Fredericksburg, VA 22408
>> 540-412-8643
>>
>>
>>
>


-- 
Adam M. Lewis
alewis422 at gmail.com
10807 Allie Place
Fredericksburg, VA 22408
540-412-8643
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/04e7343d/attachment.htm>

From rcritten at redhat.com  Mon Aug  1 19:11:59 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 1 Aug 2016 15:11:59 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
	<579F9C3F.7090804@redhat.com>
	<CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>
Message-ID: <579F9EFF.6040804@redhat.com>

Adam Lewis wrote:
> Yup, It's just the text string. I don't know how much this matters but
> when I ran the start-tracking for the ipaCert it didn't generate a new
> certificate. I'm still working off of serial number 7, which is what
> it's been since we installed IPA. Is there some way/reason for me to
> generate a whole new ipaCert?

certmonger will take care of that when renewal happens.

Did you go back in time to when this cert was valid?

rob

>
> Thanks
>
> On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Adam Lewis wrote:
>
>         If you mean the usercertificate value from the ldapsearch
>         command, then
>         yes. That value matches the value from the certutil output.
>
>
>     The usercertificate in LDAP had the BEGIN/END stripped, right?
>
>     I'll cc a couple of the dogtag developers to see what they think.
>
>     rob
>
>
>         Thanks
>
>         On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden
>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
>              Adam Lewis wrote:
>
>                  A quick update. We did some digging on the segfault
>         problem and
>                  I think
>                  it was due to having to update the trusts on the CA
>         cert. So we
>                  updated
>                  the certmonger package and certmonger now starts again.
>                  However we're kind of back to square one where we are still
>                  getting the
>                  AUTH_FAIL messages in the debug log.
>                  I have verified that the ipara entry's serial number
>         and cert
>                  match the
>                  serial number and cert from the one in /etc/httpd/alias.
>
>
>              How about the certificate PEM? Does it match the
>         usercertificate in
>              the dogtag LDAP server?
>
>              rob
>
>
>                  Any other ideas?
>
>                  Thanks!
>
>                  On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis
>         <alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>> wrote:
>
>                       Rob,
>                       Thanks for pointing me in the right direction.
>         However after
>                       following the instructions in the above mentioned
>         doc I
>                  noticed a
>                       few things that are odd and have a new problem.
>         The first
>                  odd thing
>                       I noticed is that when I run service pki-cad status it
>                  shows that my
>                       PKI Subsystem Type is "CA Clone (Security Domain)"
>                       Shouldn't that say something like "CA Master"?
>                       Second, when I ran the "ipa-getcert resubmit -I [ID]"
>                  commands they
>                       all produced the same AUTH_FAIL message in the
>         debug log.
>
>                       Now the new problem...after pressing on and
>         restarting things
>                       certmonger fails to start with a segfault.
>                       Starting certmonger: /bin/bash: line 1: 64935
>         Segmentation
>                       fault      /usr/sbin/certmonger -S -p /var/run
>         certmonger.pid
>
>                       Thanks!
>
>                       On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden
>                  <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>
>                       <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>>
>
>                  wrote:
>
>                           Lewis, Adam M CIV NSWCDD, H11 wrote:
>
>                               We are currently dead in the water. Our
>         OCSP, CA
>                  Audit, CA
>                               Subsystem, and IPA RA certs expired as of
>         7/23/16.
>                  I found
>                               and followed the instructions to the letter
>
>
>         (http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>                               however the CA Subsystem and IPA RA certs
>         will not
>                  renew.
>                               I've backdated the server to make sure the
>         system
>                  was within
>                               the renewal window, but that has not help.
>
>
>                           Those are the wrong instructions.
>
>                           You want this instead,
>         https://access.redhat.com/solutions/643753
>
>                           A bunch of it is for 2.2 but it isn't exactly
>         noted
>                  which parts.
>                           A general rule is that you don't/shouldn't
>         need to directly
>                           tweak the dogtag configuration or do any of the
>                  start-tracking
>                           work (though you may want to verify that what/if
>                  anything you
>                           changed from that wrong doc).
>
>                               When I run getcert list it reports:
>                               Ca-error: Sever at
>
>           "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>                  replied: 1:
>                               Authentication Error
>                               for both the IPA RA and CA Subsystem certs
>
>                               The debug log shows:
>                               SignedAuditEventFactory: create()
>
>
>         message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>                               RA,O=MISS.ION] authentication failure
>                               ReviewReqServlet: Invalid Credential.
>
>
>                           The place to start is to get the serial # of
>         the ipaCert:
>
>                           # certutil -L -d /etc/httpd/alias -n ipaCert
>         |grep Serial
>
>                           Now get the user from the dogtag LDAP server:
>
>                           # ldapsearch -h `hostname` -p 7389 -x -D
>         'cn=directory
>                  manager'
>                           -W -b uid=ipara,ou=People,o=ipaca description
>
>                           The format is 2;<serial number>;<issuer
>         subject>;<subject>
>
>                           See if the serial # matches ipaCert. I'm
>         guessing it won't.
>                           Follow the instructions on the page I cited to
>         update
>                  the entry
>                           with the current certificate and serial #
>         values. That
>                  should
>                           get you going.
>
>                           rob
>
>
>
>                               We are kind of in deep doo-doo until this gets
>                  resolved.
>
>                               We are running ipa-server-3.0.0-47.el6_7.2
>         on RHEL 6.5
>
>                               Any thoughts?
>
>                               Thanks!
>
>                               Adam M. Lewis
>
>
>
>
>                           --
>                           Manage your subscription for the Freeipa-users
>         mailing
>                  list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>                           Go to http://freeipa.org for more info on the
>         project
>
>
>
>
>                       --
>                       Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                       10807 Allie Place
>                       Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>                  <tel:540-412-8643 <tel:540-412-8643>>>
>
>
>
>
>
>                  --
>                  Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                  10807 Allie Place
>                  Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>>
>
>
>
>
>
>
>
>
>         --
>         Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>         10807 Allie Place
>         Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643>
>
>
>
>
>
>
> --
> Adam M. Lewis
> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
> 10807 Allie Place
> Fredericksburg, VA 22408
> 540-412-8643
>
>



From alewis422 at gmail.com  Mon Aug  1 19:15:55 2016
From: alewis422 at gmail.com (Adam Lewis)
Date: Mon, 1 Aug 2016 15:15:55 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <579F9EFF.6040804@redhat.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
	<579F9C3F.7090804@redhat.com>
	<CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>
	<579F9EFF.6040804@redhat.com>
Message-ID: <CADA3x2=7Z70oAytUZPrhsUzRsEOP3JiDEBm_qTzS8B54B9RKRw@mail.gmail.com>

Yup. I'm currently still sitting back in time. But any time I try to
resubmit either the ipaCert or the subsystemCert it errors out.

getcert list shows :
ca-error: Server at "
https://ipa.local.domain:9443/ca/agent/ca/profileProcess" replied: 1:
Authentication Error

And the debug log shows:
SignedAuditEventFactory: create()
message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
RA,O=MISS.ION] authentication failure
ReviewReqServlet: Invalid Credential.

Those appear to be the most significant messages. I'm disconnected so
getting the full log info is difficult. If it's the only way let me know
and I'll see what I can do. Worst case it'll just take me a while to
re-type it.

Thanks


On Mon, Aug 1, 2016 at 3:11 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Adam Lewis wrote:
>
>> Yup, It's just the text string. I don't know how much this matters but
>> when I ran the start-tracking for the ipaCert it didn't generate a new
>> certificate. I'm still working off of serial number 7, which is what
>> it's been since we installed IPA. Is there some way/reason for me to
>> generate a whole new ipaCert?
>>
>
> certmonger will take care of that when renewal happens.
>
> Did you go back in time to when this cert was valid?
>
> rob
>
>
>> Thanks
>>
>> On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>     Adam Lewis wrote:
>>
>>         If you mean the usercertificate value from the ldapsearch
>>         command, then
>>         yes. That value matches the value from the certutil output.
>>
>>
>>     The usercertificate in LDAP had the BEGIN/END stripped, right?
>>
>>     I'll cc a couple of the dogtag developers to see what they think.
>>
>>     rob
>>
>>
>>         Thanks
>>
>>         On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden
>>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>>
>>              Adam Lewis wrote:
>>
>>                  A quick update. We did some digging on the segfault
>>         problem and
>>                  I think
>>                  it was due to having to update the trusts on the CA
>>         cert. So we
>>                  updated
>>                  the certmonger package and certmonger now starts again.
>>                  However we're kind of back to square one where we are
>> still
>>                  getting the
>>                  AUTH_FAIL messages in the debug log.
>>                  I have verified that the ipara entry's serial number
>>         and cert
>>                  match the
>>                  serial number and cert from the one in /etc/httpd/alias.
>>
>>
>>              How about the certificate PEM? Does it match the
>>         usercertificate in
>>              the dogtag LDAP server?
>>
>>              rob
>>
>>
>>                  Any other ideas?
>>
>>                  Thanks!
>>
>>                  On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis
>>         <alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com
>> >>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>> wrote:
>>
>>                       Rob,
>>                       Thanks for pointing me in the right direction.
>>         However after
>>                       following the instructions in the above mentioned
>>         doc I
>>                  noticed a
>>                       few things that are odd and have a new problem.
>>         The first
>>                  odd thing
>>                       I noticed is that when I run service pki-cad status
>> it
>>                  shows that my
>>                       PKI Subsystem Type is "CA Clone (Security Domain)"
>>                       Shouldn't that say something like "CA Master"?
>>                       Second, when I ran the "ipa-getcert resubmit -I
>> [ID]"
>>                  commands they
>>                       all produced the same AUTH_FAIL message in the
>>         debug log.
>>
>>                       Now the new problem...after pressing on and
>>         restarting things
>>                       certmonger fails to start with a segfault.
>>                       Starting certmonger: /bin/bash: line 1: 64935
>>         Segmentation
>>                       fault      /usr/sbin/certmonger -S -p /var/run
>>         certmonger.pid
>>
>>                       Thanks!
>>
>>                       On Thu, Jul 28, 2016 at 3:36 PM, Rob Crittenden
>>                  <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>
>>                       <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>>>>
>>
>>                  wrote:
>>
>>                           Lewis, Adam M CIV NSWCDD, H11 wrote:
>>
>>                               We are currently dead in the water. Our
>>         OCSP, CA
>>                  Audit, CA
>>                               Subsystem, and IPA RA certs expired as of
>>         7/23/16.
>>                  I found
>>                               and followed the instructions to the letter
>>
>>
>>         (
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0
>> )
>>                               however the CA Subsystem and IPA RA certs
>>         will not
>>                  renew.
>>                               I've backdated the server to make sure the
>>         system
>>                  was within
>>                               the renewal window, but that has not help.
>>
>>
>>                           Those are the wrong instructions.
>>
>>                           You want this instead,
>>         https://access.redhat.com/solutions/643753
>>
>>                           A bunch of it is for 2.2 but it isn't exactly
>>         noted
>>                  which parts.
>>                           A general rule is that you don't/shouldn't
>>         need to directly
>>                           tweak the dogtag configuration or do any of the
>>                  start-tracking
>>                           work (though you may want to verify that what/if
>>                  anything you
>>                           changed from that wrong doc).
>>
>>                               When I run getcert list it reports:
>>                               Ca-error: Sever at
>>
>>           "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>>                  replied: 1:
>>                               Authentication Error
>>                               for both the IPA RA and CA Subsystem certs
>>
>>                               The debug log shows:
>>                               SignedAuditEventFactory: create()
>>
>>
>>
>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>>                               RA,O=MISS.ION] authentication failure
>>                               ReviewReqServlet: Invalid Credential.
>>
>>
>>                           The place to start is to get the serial # of
>>         the ipaCert:
>>
>>                           # certutil -L -d /etc/httpd/alias -n ipaCert
>>         |grep Serial
>>
>>                           Now get the user from the dogtag LDAP server:
>>
>>                           # ldapsearch -h `hostname` -p 7389 -x -D
>>         'cn=directory
>>                  manager'
>>                           -W -b uid=ipara,ou=People,o=ipaca description
>>
>>                           The format is 2;<serial number>;<issuer
>>         subject>;<subject>
>>
>>                           See if the serial # matches ipaCert. I'm
>>         guessing it won't.
>>                           Follow the instructions on the page I cited to
>>         update
>>                  the entry
>>                           with the current certificate and serial #
>>         values. That
>>                  should
>>                           get you going.
>>
>>                           rob
>>
>>
>>
>>                               We are kind of in deep doo-doo until this
>> gets
>>                  resolved.
>>
>>                               We are running ipa-server-3.0.0-47.el6_7.2
>>         on RHEL 6.5
>>
>>                               Any thoughts?
>>
>>                               Thanks!
>>
>>                               Adam M. Lewis
>>
>>
>>
>>
>>                           --
>>                           Manage your subscription for the Freeipa-users
>>         mailing
>>                  list:
>>         https://www.redhat.com/mailman/listinfo/freeipa-users
>>                           Go to http://freeipa.org for more info on the
>>         project
>>
>>
>>
>>
>>                       --
>>                       Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>
>>                       10807 Allie Place
>>                       Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>>                  <tel:540-412-8643 <tel:540-412-8643>>>
>>
>>
>>
>>
>>
>>                  --
>>                  Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>
>>                  10807 Allie Place
>>                  Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>>
>>
>>
>>
>>
>>
>>
>>
>>
>>         --
>>         Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>         10807 Allie Place
>>         Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643>
>>
>>
>>
>>
>>
>>
>> --
>> Adam M. Lewis
>> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>> 10807 Allie Place
>> Fredericksburg, VA 22408
>> 540-412-8643
>>
>>
>>
>


-- 
Adam M. Lewis
alewis422 at gmail.com
10807 Allie Place
Fredericksburg, VA 22408
540-412-8643
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/65365340/attachment.htm>

From rcritten at redhat.com  Mon Aug  1 19:29:37 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 1 Aug 2016 15:29:37 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <CADA3x2=7Z70oAytUZPrhsUzRsEOP3JiDEBm_qTzS8B54B9RKRw@mail.gmail.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
	<579F9C3F.7090804@redhat.com>
	<CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>
	<579F9EFF.6040804@redhat.com>
	<CADA3x2=7Z70oAytUZPrhsUzRsEOP3JiDEBm_qTzS8B54B9RKRw@mail.gmail.com>
Message-ID: <579FA321.6000708@redhat.com>

Adam Lewis wrote:
> Yup. I'm currently still sitting back in time. But any time I try to
> resubmit either the ipaCert or the subsystemCert it errors out.
>
> getcert list shows :
> ca-error: Server at
> "https://ipa.local.domain:9443/ca/agent/ca/profileProcess" replied: 1:
> Authentication Error
>
> And the debug log shows:
> SignedAuditEventFactory: create()
> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
> RA,O=MISS.ION] authentication failure
> ReviewReqServlet: Invalid Credential.

I'd look at the lines above that for clues, and check the 389-ds access 
log. I assume it is finding an entry for uid=ipara, right?

The way the auth works as I understand it is dogtag first compares the 
serial number, issuer and subject of the provided certificate with the 
description attribute in the entry it finds in LDAP. Then it compares 
the full certificate. If things match up then you are authenticated. It 
then does some authorization work.

For reference, mine looks like:

dn: uid=ipara,ou=people,o=ipaca
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: cmsuser
uid: ipara
sn: ipara
cn: ipara
usertype: agentType
userstate: 1
userCertificate:: 
MIIDbTCCAlWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtH
  [snip]
  o0i1CCw1v++2tgvHiiZEEeeuOEMGEdXZfv4Xw=
description: 2;7;CN=Certificate Authority,O=EXAMPLE.COM;CN=IPA 
RA,O=EXAMPLE.COM

> Those appear to be the most significant messages. I'm disconnected so
> getting the full log info is difficult. If it's the only way let me know
> and I'll see what I can do. Worst case it'll just take me a while to
> re-type it.

Understood.


>
> Thanks
>
>
> On Mon, Aug 1, 2016 at 3:11 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Adam Lewis wrote:
>
>         Yup, It's just the text string. I don't know how much this
>         matters but
>         when I ran the start-tracking for the ipaCert it didn't generate
>         a new
>         certificate. I'm still working off of serial number 7, which is what
>         it's been since we installed IPA. Is there some way/reason for me to
>         generate a whole new ipaCert?
>
>
>     certmonger will take care of that when renewal happens.
>
>     Did you go back in time to when this cert was valid?
>
>     rob
>
>
>         Thanks
>
>         On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden
>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
>              Adam Lewis wrote:
>
>                  If you mean the usercertificate value from the ldapsearch
>                  command, then
>                  yes. That value matches the value from the certutil output.
>
>
>              The usercertificate in LDAP had the BEGIN/END stripped, right?
>
>              I'll cc a couple of the dogtag developers to see what they
>         think.
>
>              rob
>
>
>                  Thanks
>
>                  On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden
>                  <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>> wrote:
>
>                       Adam Lewis wrote:
>
>                           A quick update. We did some digging on the
>         segfault
>                  problem and
>                           I think
>                           it was due to having to update the trusts on
>         the CA
>                  cert. So we
>                           updated
>                           the certmonger package and certmonger now
>         starts again.
>                           However we're kind of back to square one where
>         we are still
>                           getting the
>                           AUTH_FAIL messages in the debug log.
>                           I have verified that the ipara entry's serial
>         number
>                  and cert
>                           match the
>                           serial number and cert from the one in
>         /etc/httpd/alias.
>
>
>                       How about the certificate PEM? Does it match the
>                  usercertificate in
>                       the dogtag LDAP server?
>
>                       rob
>
>
>                           Any other ideas?
>
>                           Thanks!
>
>                           On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis
>                  <alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>>> wrote:
>
>                                Rob,
>                                Thanks for pointing me in the right
>         direction.
>                  However after
>                                following the instructions in the above
>         mentioned
>                  doc I
>                           noticed a
>                                few things that are odd and have a new
>         problem.
>                  The first
>                           odd thing
>                                I noticed is that when I run service
>         pki-cad status it
>                           shows that my
>                                PKI Subsystem Type is "CA Clone (Security
>         Domain)"
>                                Shouldn't that say something like "CA
>         Master"?
>                                Second, when I ran the "ipa-getcert
>         resubmit -I [ID]"
>                           commands they
>                                all produced the same AUTH_FAIL message
>         in the
>                  debug log.
>
>                                Now the new problem...after pressing on and
>                  restarting things
>                                certmonger fails to start with a segfault.
>                                Starting certmonger: /bin/bash: line 1: 64935
>                  Segmentation
>                                fault      /usr/sbin/certmonger -S -p
>         /var/run
>                  certmonger.pid
>
>                                Thanks!
>
>                                On Thu, Jul 28, 2016 at 3:36 PM, Rob
>         Crittenden
>                           <rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>
>                                <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>>>
>
>                           wrote:
>
>                                    Lewis, Adam M CIV NSWCDD, H11 wrote:
>
>                                        We are currently dead in the
>         water. Our
>                  OCSP, CA
>                           Audit, CA
>                                        Subsystem, and IPA RA certs
>         expired as of
>                  7/23/16.
>                           I found
>                                        and followed the instructions to
>         the letter
>
>
>
>         (http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>                                        however the CA Subsystem and IPA
>         RA certs
>                  will not
>                           renew.
>                                        I've backdated the server to make
>         sure the
>                  system
>                           was within
>                                        the renewal window, but that has
>         not help.
>
>
>                                    Those are the wrong instructions.
>
>                                    You want this instead,
>         https://access.redhat.com/solutions/643753
>
>                                    A bunch of it is for 2.2 but it isn't
>         exactly
>                  noted
>                           which parts.
>                                    A general rule is that you
>         don't/shouldn't
>                  need to directly
>                                    tweak the dogtag configuration or do
>         any of the
>                           start-tracking
>                                    work (though you may want to verify
>         that what/if
>                           anything you
>                                    changed from that wrong doc).
>
>                                        When I run getcert list it reports:
>                                        Ca-error: Sever at
>
>                    "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>                           replied: 1:
>                                        Authentication Error
>                                        for both the IPA RA and CA
>         Subsystem certs
>
>                                        The debug log shows:
>                                        SignedAuditEventFactory: create()
>
>
>
>         message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>                                        RA,O=MISS.ION] authentication failure
>                                        ReviewReqServlet: Invalid Credential.
>
>
>                                    The place to start is to get the
>         serial # of
>                  the ipaCert:
>
>                                    # certutil -L -d /etc/httpd/alias -n
>         ipaCert
>                  |grep Serial
>
>                                    Now get the user from the dogtag LDAP
>         server:
>
>                                    # ldapsearch -h `hostname` -p 7389 -x -D
>                  'cn=directory
>                           manager'
>                                    -W -b uid=ipara,ou=People,o=ipaca
>         description
>
>                                    The format is 2;<serial number>;<issuer
>                  subject>;<subject>
>
>                                    See if the serial # matches ipaCert. I'm
>                  guessing it won't.
>                                    Follow the instructions on the page I
>         cited to
>                  update
>                           the entry
>                                    with the current certificate and serial #
>                  values. That
>                           should
>                                    get you going.
>
>                                    rob
>
>
>
>                                        We are kind of in deep doo-doo
>         until this gets
>                           resolved.
>
>                                        We are running
>         ipa-server-3.0.0-47.el6_7.2
>                  on RHEL 6.5
>
>                                        Any thoughts?
>
>                                        Thanks!
>
>                                        Adam M. Lewis
>
>
>
>
>                                    --
>                                    Manage your subscription for the
>         Freeipa-users
>                  mailing
>                           list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>                                    Go to http://freeipa.org for more
>         info on the
>                  project
>
>
>
>
>                                --
>                                Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>>>
>                                10807 Allie Place
>                                Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>                  <tel:540-412-8643 <tel:540-412-8643>>>
>         <tel:540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>>
>                           <tel:540-412-8643 <tel:540-412-8643>
>         <tel:540-412-8643 <tel:540-412-8643>>>>
>
>
>
>
>
>                           --
>                           Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>>>
>                           10807 Allie Place
>                           Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>                  <tel:540-412-8643 <tel:540-412-8643>>>
>
>
>
>
>
>
>
>
>                  --
>                  Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                  10807 Allie Place
>                  Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>>
>
>
>
>
>
>
>         --
>         Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>         10807 Allie Place
>         Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643>
>
>
>
>
>
>
> --
> Adam M. Lewis
> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
> 10807 Allie Place
> Fredericksburg, VA 22408
> 540-412-8643
>
>



From mike.losapio at gmail.com  Mon Aug  1 20:50:01 2016
From: mike.losapio at gmail.com (Mike LoSapio)
Date: Mon, 1 Aug 2016 16:50:01 -0400
Subject: [Freeipa-users] Declarative configuration options?
Message-ID: <CAA4LE3bYVWFG-Kg=6KMZpjTmH-p=Hxx08s57KYDADd7aVdK3HQ@mail.gmail.com>

Hi there,

Is there anyone out there with a good system for storing users,
groups, hosts, etc.. in some sort of version controlled repo w/ flat
files that could plug into "two-man" workflows for user-account
creation and privilege/group membership changes, etc.

There's some github projects out there to help installing FreeIPA
server and a few to get clients up and running, but nothing (that I
could find) for the on-going management of FreeIPA resources.



So in puppet world (just as an example) - I'd be looking for something
like a puppet-defined-type freeipa_user with all the attributes
required and more-importantly all the code-glue that puts it all
together...


Figured I'd ask if there if there's anything already out there before
I re-invent the wheel.


TIA,
--Mike



From mmalek at iisg.agh.edu.pl  Mon Aug  1 21:20:33 2016
From: mmalek at iisg.agh.edu.pl (=?UTF-8?Q?Mateusz_Ma=c5=82ek?=)
Date: Mon, 1 Aug 2016 23:20:33 +0200
Subject: [Freeipa-users] PKI signing certificate question
In-Reply-To: <CAE9rU+4jrnuyMgXm4pfU2bYG-Z_x8i_4x+aU22E-mnvkkK2rmQ@mail.gmail.com>
References: <CAE9rU+65X8Rrv6TvGv9-KXAF9WkAiUUP8euzbvC_kmSozW44Yw@mail.gmail.com>
	<CAJGYKdOz66p76=Zv6MAy3B0+K=FsvCJm5gKv7i8omC05AiEkrg@mail.gmail.com>
	<CAE9rU+6FNeSLSegXaRnb1W10b5+3hONCa-_3sKgWi7eHEzRFMw@mail.gmail.com>
	<CAE9rU+6zoCtion4P6UzLf0_9bR01eusi-ZKrA_rqtUGZXQgX3w@mail.gmail.com>
	<CAE9rU+7Yc3tO_R+9PvpFsvhx73YA10uvD4QiYewd5dJr_GMQeg@mail.gmail.com>
	<CAE9rU+7guovCv0m5EUDWU2DSUeCfZM7bm3cdg9VN+36CWSMVFQ@mail.gmail.com>
	<CAE9rU+4xf+-iM0f08zuEz0fRCpJK=-HxdhfYRfjp_=Wz=o7LZg@mail.gmail.com>
	<CAE9rU+4+CXzsnisbGnVtExMzSKcMgx-CHwnkO2t+B+cSSbc9eg@mail.gmail.com>
	<CAE9rU+74=w9CdF28BWoLSgmmUvoAxJ2yrhqEaWAQuNeYOUB6-Q@mail.gmail.com>
	<CAE9rU+7wGsfrXv5PgTo9VrwLf8UgUe3mtoGMrKgE-gjjVLj--A@mail.gmail.com>
	<CAE9rU+6=fAoUFJoMdGFQH2HEWmpMD2SfNS8uRLFoEntVk3N=4A@mail.gmail.com>
	<CAE9rU+4OhqajY83e5YxDbeVAxd4HpU01JrS_8_-_OjEHWjogGw@mail.gmail.com>
	<CAE9rU+4jrnuyMgXm4pfU2bYG-Z_x8i_4x+aU22E-mnvkkK2rmQ@mail.gmail.com>
Message-ID: <9c6148b9-3900-2d4b-eacc-ebc64e3d3a6b@iisg.agh.edu.pl>

William,

On 29.07.2016 at 22:27, William Muriithi wrote:

 > Is anyone here been successful in getting external CA to sign this 
kind of certificate?  I have just tried to convince DigiCert for 2 days 
that there is no harm issuing this kind of certificate as long us it's 
restricted to one domain without success.
 >
 > Which external CA would be more open to signing this kind of certificate?

I'm afraid that there is not a single external CA that would sign 
request for CA certificate. They need to make sure that certificate 
would not be used for fraudulent purposes (for e.g. Man-in-the-Middle 
attacks) which usually means that they keep control of all subordinate 
CAs they create (you can only place requests for client or server 
certificates - but domain ownership validation and certificate issuance 
takes place in their infrastructure) or they verified that you securely 
store your private key in dedicated HSM and have adequate policies and 
rules regarding certificate issuance.

There is "X.509 Name Constraints" extension for certificates, however 
external CA would have to make this extension as "critical" (which would 
probably cause compatibility issues with some software - "critical" 
means that if some app doesn't know how to handle this extension, it has 
to report error and do not proceed with establishing secure connection). 
Also, if they decide to sell such CA certificate, it would probably be 
much more expensive than "simple" one (as this would allow you to issue 
further certificates for your domain without paying external CAs for them).

You can either go CA-less and buy certificates for all your services or 
use free certificates from Let's Encrypt (if you want to want your 
certificates to validate "nicely" on users own devices) or use internal 
CA and install its root certificate on all hosts using your IPA server. 
As I understand, --external-ca option should be used when you already 
have configured PKI infrastructure in your network (for example Active 
Directory Certificate Services) and spinning another internal CA is not 
a big deal. You've mentioned that there is already an Active Directory 
domain, so the last options seems the easiest one - internal CA root 
certificate can be deployed to Windows workstation using AD and IPA 
configured with external CA would automatically deploy internal root CA 
to Linux workstations on during ipa-client-install.

-- 
Best regards
Mateusz Ma?ek

Network and Computer Systems Administrator
Intelligent Information Systems Group
Department of Computer Science
AGH University of Science and Technology



From william.muriithi at gmail.com  Mon Aug  1 22:41:15 2016
From: william.muriithi at gmail.com (William Muriithi)
Date: Mon, 1 Aug 2016 18:41:15 -0400
Subject: [Freeipa-users] PKI signing certificate question
In-Reply-To: <9c6148b9-3900-2d4b-eacc-ebc64e3d3a6b@iisg.agh.edu.pl>
References: <CAE9rU+65X8Rrv6TvGv9-KXAF9WkAiUUP8euzbvC_kmSozW44Yw@mail.gmail.com>
	<CAJGYKdOz66p76=Zv6MAy3B0+K=FsvCJm5gKv7i8omC05AiEkrg@mail.gmail.com>
	<CAE9rU+6FNeSLSegXaRnb1W10b5+3hONCa-_3sKgWi7eHEzRFMw@mail.gmail.com>
	<CAE9rU+6zoCtion4P6UzLf0_9bR01eusi-ZKrA_rqtUGZXQgX3w@mail.gmail.com>
	<CAE9rU+7Yc3tO_R+9PvpFsvhx73YA10uvD4QiYewd5dJr_GMQeg@mail.gmail.com>
	<CAE9rU+7guovCv0m5EUDWU2DSUeCfZM7bm3cdg9VN+36CWSMVFQ@mail.gmail.com>
	<CAE9rU+4xf+-iM0f08zuEz0fRCpJK=-HxdhfYRfjp_=Wz=o7LZg@mail.gmail.com>
	<CAE9rU+4+CXzsnisbGnVtExMzSKcMgx-CHwnkO2t+B+cSSbc9eg@mail.gmail.com>
	<CAE9rU+74=w9CdF28BWoLSgmmUvoAxJ2yrhqEaWAQuNeYOUB6-Q@mail.gmail.com>
	<CAE9rU+7wGsfrXv5PgTo9VrwLf8UgUe3mtoGMrKgE-gjjVLj--A@mail.gmail.com>
	<CAE9rU+6=fAoUFJoMdGFQH2HEWmpMD2SfNS8uRLFoEntVk3N=4A@mail.gmail.com>
	<CAE9rU+4OhqajY83e5YxDbeVAxd4HpU01JrS_8_-_OjEHWjogGw@mail.gmail.com>
	<CAE9rU+4jrnuyMgXm4pfU2bYG-Z_x8i_4x+aU22E-mnvkkK2rmQ@mail.gmail.com>
	<9c6148b9-3900-2d4b-eacc-ebc64e3d3a6b@iisg.agh.edu.pl>
Message-ID: <CAE9rU+4m1Ya2jy_58U=sayFWoicytdEi7VHzk1YgWdBRvdDFQw@mail.gmail.com>

Mateusz

> >
> > Which external CA would be more open to signing this kind of
certificate?
>
> I'm afraid that there is not a single external CA that would sign request
for CA certificate. They need to make sure that certificate would not be
used for fraudulent purposes (for e.g. Man-in-the-Middle attacks) which
usually means that they keep control of all subordinate CAs they create
(you can only place requests for client or server certificates - but domain
ownership validation and certificate issuance takes place in their
infrastructure) or they verified that you securely store your private key
in dedicated HSM and have adequate policies and rules regarding certificate
issuance.

Understandable. Did speak with them and realised its not a straight forward
thing. As I understand, some CA like Symantec may allow sub CA.
>
> There is "X.509 Name Constraints" extension for certificates, however
external CA would have to make this extension as "critical" (which would
probably cause compatibility issues with some software - "critical" means
that if some app doesn't know how to handle this extension, it has to
report error and do not proceed with establishing secure connection).

The certificate with CA basic constraint would only have been used on
freeIPA, not on other servers. I believe freeIPA could handle such a
certificate.

> As I understand, --external-ca option should be used when you already
have configured PKI infrastructure in your network (for example Active
Directory Certificate Services) and spinning another internal CA is not a
big deal. You've mentioned that there is already an Active Directory
domain, so the last options seems the easiest one - internal CA root
certificate can be deployed to Windows workstation using AD and IPA
configured with external CA would automatically deploy internal root CA to
Linux workstations on during ipa-client-install.
>
Interesting. Active Directory certificate service would also be using self
signed certificate, correct?

Saw another thread today of someone using --external-ca flag. Wish someone
who has gone through the process could document the process including if
they are using external CA
> --
> Best regards
> Mateusz Ma?ek
Appreciate your feedback a lot.

William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/3e7ac46f/attachment.htm>

From mmalek at iisg.agh.edu.pl  Tue Aug  2 01:17:47 2016
From: mmalek at iisg.agh.edu.pl (=?UTF-8?Q?Mateusz_Ma=c5=82ek?=)
Date: Tue, 2 Aug 2016 03:17:47 +0200
Subject: [Freeipa-users] PKI signing certificate question
In-Reply-To: <CAE9rU+4m1Ya2jy_58U=sayFWoicytdEi7VHzk1YgWdBRvdDFQw@mail.gmail.com>
References: <CAE9rU+65X8Rrv6TvGv9-KXAF9WkAiUUP8euzbvC_kmSozW44Yw@mail.gmail.com>
	<CAE9rU+6FNeSLSegXaRnb1W10b5+3hONCa-_3sKgWi7eHEzRFMw@mail.gmail.com>
	<CAE9rU+6zoCtion4P6UzLf0_9bR01eusi-ZKrA_rqtUGZXQgX3w@mail.gmail.com>
	<CAE9rU+7Yc3tO_R+9PvpFsvhx73YA10uvD4QiYewd5dJr_GMQeg@mail.gmail.com>
	<CAE9rU+7guovCv0m5EUDWU2DSUeCfZM7bm3cdg9VN+36CWSMVFQ@mail.gmail.com>
	<CAE9rU+4xf+-iM0f08zuEz0fRCpJK=-HxdhfYRfjp_=Wz=o7LZg@mail.gmail.com>
	<CAE9rU+4+CXzsnisbGnVtExMzSKcMgx-CHwnkO2t+B+cSSbc9eg@mail.gmail.com>
	<CAE9rU+74=w9CdF28BWoLSgmmUvoAxJ2yrhqEaWAQuNeYOUB6-Q@mail.gmail.com>
	<CAE9rU+7wGsfrXv5PgTo9VrwLf8UgUe3mtoGMrKgE-gjjVLj--A@mail.gmail.com>
	<CAE9rU+6=fAoUFJoMdGFQH2HEWmpMD2SfNS8uRLFoEntVk3N=4A@mail.gmail.com>
	<CAE9rU+4OhqajY83e5YxDbeVAxd4HpU01JrS_8_-_OjEHWjogGw@mail.gmail.com>
	<CAE9rU+4jrnuyMgXm4pfU2bYG-Z_x8i_4x+aU22E-mnvkkK2rmQ@mail.gmail.com>
	<9c6148b9-3900-2d4b-eacc-ebc64e3d3a6b@iisg.agh.edu.pl>
	<CAE9rU+4m1Ya2jy_58U=sayFWoicytdEi7VHzk1YgWdBRvdDFQw@mail.gmail.com>
Message-ID: <3914a932-cb9d-acc1-e3ca-8e228d9916fd@iisg.agh.edu.pl>

William,

On 02.08.2016 at 00:41, William Muriithi wrote:
 >
 > > > Which external CA would be more open to signing this kind of 
certificate?
 > >
 > > I'm afraid that there is not a single external CA that would sign 
request for CA certificate. (...)
 >
 > Understandable. Did speak with them and realised its not a straight 
forward thing. As I understand, some CA like Symantec may allow sub CA.

They still would not allow you to have control of sub-CA private key, 
probably. After numerous incidents with mis-issued certificates, browser 
vendors want to be rather safe than sorry - and they have "no mercy" 
policy for any incidents (Symantec is forced to report every certificate 
issued to publicly available certificate transparency logservers, CNNIC 
can no longer issue valid certificates), which makes CA owners rather 
cautious. Revoking trust in one's root CA can even result in bankruptcy 
of such company (see DigiNotar case).

 > > There is "X.509 Name Constraints" extension for certificates, 
however external CA would have to make this extension as "critical" 
(which would probably cause compatibility issues with some software - 
"critical" means that if some app doesn't know how to handle this 
extension, it has to report error and do not proceed with establishing 
secure connection).
 >
 > The certificate with CA basic constraint would only have been used on 
freeIPA, not on other servers. I believe freeIPA could handle such a 
certificate.

FreeIPA should be perfectly fine, the problem is with workstations. 
While (almost?) all software is capable of understanding CA basic 
constraint (as it was known and used for ages), limiting CA to single 
domain zone using X.509 Name Constraints can have some side effects 
(apps on user workstation have to validate all certificates up to root 
CA - if it happens that they don't understand name constraints, they 
will choke on IPA CA certificate if such extension is marked "critical"; 
I think that's the case with majority of Apple devices). I'm not aware 
of any CA that issues technically constrained sub-CAs and I think that 
according to latest guidelines, they are required to publicly disclose 
other sub-CAs issued (and such CAs have to undergo full WebTrust audit 
and have CPS just like regular CA).

I'm using name-constrained CA certificate from our internal root CA, 
however, name constraints extension is not marked as critical. Our 
internally-issued certificates are to be seen only by admins, so it's 
just additional precaution (in case some admin would find it funny to 
use certificate issued from internal CA to MitM another admin) rather 
than security measure.

 > > As I understand, --external-ca option should be used when you 
already have configured PKI infrastructure in your network (for example 
Active Directory Certificate Services) and spinning another internal CA 
is not a big deal. You've mentioned that there is already an Active 
Directory domain, (...)
 > >
 > Interesting. Active Directory certificate service would also be using 
self signed certificate, correct?

Correct. AD Certificate Service can generate its own self-signed root CA 
certificate, just like FreeIPA with internal CA does. As far as I know, 
depending on how you initialize AD CS, this certificate would be 
deployed to domain-joined machines automatically or you would have to 
push it through Group Policies.

 > Saw another thread today of someone using --external-ca flag. Wish 
someone who has gone through the process could document the process 
including if they are using external CA

Installation with external CA is quite similar to default setup - when 
you indicate that you want to use external CA, installation process has 
two phases. First, ipa-server-install performs some tasks and generates 
CSR request file. Then, you sign it using your other CA (just make sure 
it preserves CA constraint; we were using EasyRSA, which has separate 
command/profile for creating subordinate CAs). Next, you save your 
signed certificate back to your new IPA server and invoke installer once 
again with additional arguments (this command is shown when first stage 
finishes) - and configuration process continues just like without 
external CA.

-- 
Best regards
Mateusz Ma?ek

Network and Computer Systems Administrator
Intelligent Information Systems Group
Department of Computer Science
AGH University of Science and Technology



From richard.harmonson at gmail.com  Tue Aug  2 02:52:58 2016
From: richard.harmonson at gmail.com (Richard Harmonson)
Date: Mon, 1 Aug 2016 19:52:58 -0700
Subject: [Freeipa-users] ipa-server-install --external-cert-file and
 exporting dogtag certificates
In-Reply-To: <4cc4b68d-9bea-99d2-1264-e49c35c80f04@redhat.com>
References: <CACHJYOsefMx2bmWFSsPT_nFNX9o8+EFUaz1sqc4Xq11y2NrgOg@mail.gmail.com>
	<4cc4b68d-9bea-99d2-1264-e49c35c80f04@redhat.com>
Message-ID: <CACHJYOvSGaSr+9-CkFE4SQky36OwVjUJWgxzd+Uqgyn4XTH0Rg@mail.gmail.com>

On Mon, Aug 1, 2016 at 10:15 AM, Petr Vobornik <pvoborni at redhat.com> wrote:

> On 07/31/2016 07:45 AM, Richard Harmonson wrote:
> > I having challenges resuming ipa-server-install --external-ca. I am
> reasonably
> > confident I am not providing the right certificate and/or format from my
> > off-line root CA using 389 and Dogtag.
> >
> > Does anyone have instructions on how to accomplish the task of exporting
> the
> > correct certificates in the expected format?
> >
> > Thank you.
> >
>
> The IPA procedure with prerequisites is described at
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-server-external-ca
>
> Or are you rather asking for specific PKI instructions?
>
> e.g.
> *
>
> http://pki.fedoraproject.org/wiki/PKI_Certificate_CLI#Submitting_a_Certificate_Request
>
> *
>
> http://pki.fedoraproject.org/wiki/CA_Certificate_Profiles#caCACert:_Manual_Certificate_Manager_Signing_Certificate_Enrollment
> --
> Petr Vobornik
>

I read the suggested document, previously, but its an excellent shared
reference for this discussion.

I have successfully submitted and approved the csr. Dogtag provides a web
UI which provides a Base 64 encoded certificate or Base 64 encoded
certificate with CA certificate chain in pkcs7 format.

For the servercert2010601.pem (the signed CSR request signing CA
certificate 0x9) referenced in the article, do I  copy and paste
(-----BEGIN .. END-----) the base 64 (not pkcs7) to a file using *.pem then
submit using one of the two --external-cert-file?

For the cacert.pem (the Root CA signing certificate 0x1) referenced in the
article, do I copy and paste the base 64 with ca in pkcs7 format to a file
using *.pkcs7 (or pem or does it matter?) then submit using the second
--external-cert-file?

Your guidance is much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160801/1e4e9c6f/attachment.htm>

From jhrozek at redhat.com  Tue Aug  2 06:10:37 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 2 Aug 2016 08:10:37 +0200
Subject: [Freeipa-users] Slow logins with multi site replication
In-Reply-To: <HE1PR0601MB210808014652D54808AF744E8D040@HE1PR0601MB2108.eurprd06.prod.outlook.com>
References: <HE1PR0601MB210808014652D54808AF744E8D040@HE1PR0601MB2108.eurprd06.prod.outlook.com>
Message-ID: <20160802061037.GB30061@hendrix>

On Mon, Aug 01, 2016 at 02:35:04PM +0000, Neal Harrington | i-Neda Ltd wrote:
> Hi,
> 
> 
> I am experiencing slow logins and sudo authentication for servers joined to my FreeIPA domain. I have been following the other recent thread on slow logins and believe my issue is different.
> 
> 
> I have replication setup with 2 FreeIPA servers at each of 3 sites. The replication is working well and I am able to login correctly on client servers with correct sudo permissions etc. Logins seem to take a long time however. There seems to be some kind of DNS/connection timeout issues, see the example below where the client times out on the auth01 server, then retries and connects. I have also seen it switch to an alternate IPA server on timeout. Total delay in this example is about 10 seconds however it can take longer (approx 30 seconds). It is worth mentioning that client servers in each site cannot connect to IPA servers is a different site - however in the example below the auth01 IPA server is in the same site as the client server. I'm not sure if there is any way to make the IPA clients site aware so they prefer to log in to a local server?
> 
> 
> On the IPA servers themselves there is no noticeable delay and once I have authenticated with sudo once, subsequent attempts in the same login are also near instant. I have not been able to find any reason for this delay in any logs (which probably just means I'm not looking in the right place).
> 
> 
> DNS servers are running on each IPA server and responding well whenever I have tested.
> 
> 
> IPA Servers: CentOS 7.2.1511 running IPA 4.2.0 (from standard CentOS repo)
> 
> Client servers: Ubuntu 14.04 running IPA 3.3.4 (From standard Ubuntu repo)
> 
> 
> Any comments or suggestions greatly appreciated.
> 
> 
> Thanks,
> 
> Neal.
> 
> 
> Example sssd log for a "sudo -l" attempt.
> 
> (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_child_timeout]
> (0x0040): Timeout for child [7430] reached. In case KDC is distant or
> network is slow you may consider increasing value of krb5_auth_timeout.
> (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_auth_done] (0x0020):
> child timed out!

These debug messages seem to be telling you what the problem is. Have
you tried how long does it take to kinit (preferably with
KRB5_TRACE=/dev/stderr prepended) ?



From william.muriithi at gmail.com  Tue Aug  2 11:52:25 2016
From: william.muriithi at gmail.com (William Muriithi)
Date: Tue, 2 Aug 2016 07:52:25 -0400
Subject: [Freeipa-users] PKI signing certificate question
In-Reply-To: <3914a932-cb9d-acc1-e3ca-8e228d9916fd@iisg.agh.edu.pl>
References: <CAE9rU+65X8Rrv6TvGv9-KXAF9WkAiUUP8euzbvC_kmSozW44Yw@mail.gmail.com>
	<CAE9rU+6FNeSLSegXaRnb1W10b5+3hONCa-_3sKgWi7eHEzRFMw@mail.gmail.com>
	<CAE9rU+6zoCtion4P6UzLf0_9bR01eusi-ZKrA_rqtUGZXQgX3w@mail.gmail.com>
	<CAE9rU+7Yc3tO_R+9PvpFsvhx73YA10uvD4QiYewd5dJr_GMQeg@mail.gmail.com>
	<CAE9rU+7guovCv0m5EUDWU2DSUeCfZM7bm3cdg9VN+36CWSMVFQ@mail.gmail.com>
	<CAE9rU+4xf+-iM0f08zuEz0fRCpJK=-HxdhfYRfjp_=Wz=o7LZg@mail.gmail.com>
	<CAE9rU+4+CXzsnisbGnVtExMzSKcMgx-CHwnkO2t+B+cSSbc9eg@mail.gmail.com>
	<CAE9rU+74=w9CdF28BWoLSgmmUvoAxJ2yrhqEaWAQuNeYOUB6-Q@mail.gmail.com>
	<CAE9rU+7wGsfrXv5PgTo9VrwLf8UgUe3mtoGMrKgE-gjjVLj--A@mail.gmail.com>
	<CAE9rU+6=fAoUFJoMdGFQH2HEWmpMD2SfNS8uRLFoEntVk3N=4A@mail.gmail.com>
	<CAE9rU+4OhqajY83e5YxDbeVAxd4HpU01JrS_8_-_OjEHWjogGw@mail.gmail.com>
	<CAE9rU+4jrnuyMgXm4pfU2bYG-Z_x8i_4x+aU22E-mnvkkK2rmQ@mail.gmail.com>
	<9c6148b9-3900-2d4b-eacc-ebc64e3d3a6b@iisg.agh.edu.pl>
	<CAE9rU+4m1Ya2jy_58U=sayFWoicytdEi7VHzk1YgWdBRvdDFQw@mail.gmail.com>
	<3914a932-cb9d-acc1-e3ca-8e228d9916fd@iisg.agh.edu.pl>
Message-ID: <CAE9rU+5Xo+dD6UucM=1b0du6ehZDwsED_cwH95GNqrouLEW_=g@mail.gmail.com>

Mateusz



>> > There is "X.509 Name Constraints" extension for certificates, however
>> > external CA would have to make this extension as "critical" (which would
>> > probably cause compatibility issues with some software - "critical" means
>> > that if some app doesn't know how to handle this extension, it has to report
>> > error and do not proceed with establishing secure connection).
>>
>> The certificate with CA basic constraint would only have been used on
>> freeIPA, not on other servers. I believe freeIPA could handle such a
>> certificate.
>
> FreeIPA should be perfectly fine, the problem is with workstations. While
> (almost?) all software is capable of understanding CA basic constraint (as
> it was known and used for ages), limiting CA to single domain zone using
> X.509 Name Constraints can have some side effects (apps on user workstation
> have to validate all certificates up to root CA - if it happens that they
> don't understand name constraints, they will choke on IPA CA certificate if
> such extension is marked "critical"; I think that's the case with majority
> of Apple devices). I'm not aware of any CA that issues technically
> constrained sub-CAs and I think that according to latest guidelines, they
> are required to publicly disclose other sub-CAs issued (and such CAs have to
> undergo full WebTrust audit and have CPS just like regular CA).
>
Interesting, now I understand what you meant. Make a lot of sense.


>> > As I understand, --external-ca option should be used when you already
>> > have configured PKI infrastructure in your network (for example Active
>> > Directory Certificate Services) and spinning another internal CA is not a
>> > big deal. You've mentioned that there is already an Active Directory domain,
>> > (...)
>> >
>> Interesting. Active Directory certificate service would also be using self
>> signed certificate, correct?
>
> Correct. AD Certificate Service can generate its own self-signed root CA
> certificate, just like FreeIPA with internal CA does. As far as I know,
> depending on how you initialize AD CS, this certificate would be deployed to
> domain-joined machines automatically or you would have to push it through
> Group Policies.

Thanks, I understand the purpose of --external-ca flag now petty well


> --
> Best regards
> Mateusz Ma?ek
Thanks a lot Mateusz.  Really appreciate your great response.  I now
do feel I have all the info I was looking for when I started this
thread.

Regards,

William



From stijn.deweirdt at ugent.be  Tue Aug  2 12:00:17 2016
From: stijn.deweirdt at ugent.be (Stijn De Weirdt)
Date: Tue, 2 Aug 2016 14:00:17 +0200
Subject: [Freeipa-users] keytab for user
Message-ID: <3585a615-7711-5b93-44aa-275b2a1f9079@ugent.be>

hi all,

i'm trying to create a keytab for a user via FreeIPA

user was added via ipa user-add --random; keytab retrieved using
ipa-getkeytab (using admin credentials)

klist -k list shows a number of entries for same KVNO

however, i cannot get any credentials using kinit -kt

it always returns:
"kinit: Password has expired while getting initial credentials"

ipa user-show gives
>   Account disabled: False
>   Password: True
...
>   Kerberos keys available: True

what am i doing wrong?  (i never used the original random password to
try to get initial credentials for this user; i don't even kept it ;)

many thanks,

stijn



From stijn.deweirdt at ugent.be  Tue Aug  2 12:10:44 2016
From: stijn.deweirdt at ugent.be (Stijn De Weirdt)
Date: Tue, 2 Aug 2016 14:10:44 +0200
Subject: [Freeipa-users] keytab for user
In-Reply-To: <3585a615-7711-5b93-44aa-275b2a1f9079@ugent.be>
References: <3585a615-7711-5b93-44aa-275b2a1f9079@ugent.be>
Message-ID: <a83ad508-dfcb-9646-cbed-15e8e7854df2@ugent.be>

so the trick is to first login with the random password, it will prompt
to renew it, and with a new password set, you can retrieve a usable keytab.

stijn

> 
> i'm trying to create a keytab for a user via FreeIPA
> 
> user was added via ipa user-add --random; keytab retrieved using
> ipa-getkeytab (using admin credentials)
> 
> klist -k list shows a number of entries for same KVNO
> 
> however, i cannot get any credentials using kinit -kt
> 
> it always returns:
> "kinit: Password has expired while getting initial credentials"
> 
> ipa user-show gives
>>   Account disabled: False
>>   Password: True
> ...
>>   Kerberos keys available: True
> 
> what am i doing wrong?  (i never used the original random password to
> try to get initial credentials for this user; i don't even kept it ;)
> 
> many thanks,
> 
> stijn
> 



From alewis422 at gmail.com  Tue Aug  2 12:33:53 2016
From: alewis422 at gmail.com (Adam Lewis)
Date: Tue, 2 Aug 2016 08:33:53 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <579FA321.6000708@redhat.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
	<579F9C3F.7090804@redhat.com>
	<CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>
	<579F9EFF.6040804@redhat.com>
	<CADA3x2=7Z70oAytUZPrhsUzRsEOP3JiDEBm_qTzS8B54B9RKRw@mail.gmail.com>
	<579FA321.6000708@redhat.com>
Message-ID: <CADA3x2n_25Tk0ABjQU-efjZyfouoUVcHsADvhFJpYc0dabJmBg@mail.gmail.com>

Rob,
The only message that seems remotely relevant is:

ProfileSubmitServlet: for renewal, original authenticator not found

But everything else looks completely fine until the "AUTH_FAIL" message.
I started seeing

csngen_new_csn - Warning: too much time skew (-xxx secs). Current seqnum=1

So I searched for that and found a few articles...but most of them deal
with replication. I don't have any replication agreements right now, and I
updated nsslapd-ignore-time-skew to on, but that didn't fix it either.

Any ideas?

Thanks

On Mon, Aug 1, 2016 at 3:29 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Adam Lewis wrote:
>
>> Yup. I'm currently still sitting back in time. But any time I try to
>> resubmit either the ipaCert or the subsystemCert it errors out.
>>
>> getcert list shows :
>> ca-error: Server at
>> "https://ipa.local.domain:9443/ca/agent/ca/profileProcess" replied: 1:
>> Authentication Error
>>
>> And the debug log shows:
>> SignedAuditEventFactory: create()
>>
>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>> RA,O=MISS.ION] authentication failure
>> ReviewReqServlet: Invalid Credential.
>>
>
> I'd look at the lines above that for clues, and check the 389-ds access
> log. I assume it is finding an entry for uid=ipara, right?
>
> The way the auth works as I understand it is dogtag first compares the
> serial number, issuer and subject of the provided certificate with the
> description attribute in the entry it finds in LDAP. Then it compares the
> full certificate. If things match up then you are authenticated. It then
> does some authorization work.
>
> For reference, mine looks like:
>
> dn: uid=ipara,ou=people,o=ipaca
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: cmsuser
> uid: ipara
> sn: ipara
> cn: ipara
> usertype: agentType
> userstate: 1
> userCertificate::
> MIIDbTCCAlWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKEwtH
>  [snip]
>  o0i1CCw1v++2tgvHiiZEEeeuOEMGEdXZfv4Xw=
> description: 2;7;CN=Certificate Authority,O=EXAMPLE.COM;CN=IPA RA,O=
> EXAMPLE.COM
>
> Those appear to be the most significant messages. I'm disconnected so
>> getting the full log info is difficult. If it's the only way let me know
>> and I'll see what I can do. Worst case it'll just take me a while to
>> re-type it.
>>
>
> Understood.
>
>
>
>> Thanks
>>
>>
>> On Mon, Aug 1, 2016 at 3:11 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>     Adam Lewis wrote:
>>
>>         Yup, It's just the text string. I don't know how much this
>>         matters but
>>         when I ran the start-tracking for the ipaCert it didn't generate
>>         a new
>>         certificate. I'm still working off of serial number 7, which is
>> what
>>         it's been since we installed IPA. Is there some way/reason for me
>> to
>>         generate a whole new ipaCert?
>>
>>
>>     certmonger will take care of that when renewal happens.
>>
>>     Did you go back in time to when this cert was valid?
>>
>>     rob
>>
>>
>>         Thanks
>>
>>         On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden
>>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>>
>>              Adam Lewis wrote:
>>
>>                  If you mean the usercertificate value from the ldapsearch
>>                  command, then
>>                  yes. That value matches the value from the certutil
>> output.
>>
>>
>>              The usercertificate in LDAP had the BEGIN/END stripped,
>> right?
>>
>>              I'll cc a couple of the dogtag developers to see what they
>>         think.
>>
>>              rob
>>
>>
>>                  Thanks
>>
>>                  On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden
>>                  <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>
>>                  <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>>>> wrote:
>>
>>                       Adam Lewis wrote:
>>
>>                           A quick update. We did some digging on the
>>         segfault
>>                  problem and
>>                           I think
>>                           it was due to having to update the trusts on
>>         the CA
>>                  cert. So we
>>                           updated
>>                           the certmonger package and certmonger now
>>         starts again.
>>                           However we're kind of back to square one where
>>         we are still
>>                           getting the
>>                           AUTH_FAIL messages in the debug log.
>>                           I have verified that the ipara entry's serial
>>         number
>>                  and cert
>>                           match the
>>                           serial number and cert from the one in
>>         /etc/httpd/alias.
>>
>>
>>                       How about the certificate PEM? Does it match the
>>                  usercertificate in
>>                       the dogtag LDAP server?
>>
>>                       rob
>>
>>
>>                           Any other ideas?
>>
>>                           Thanks!
>>
>>                           On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis
>>                  <alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>                           <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>
>>                           <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>>> wrote:
>>
>>                                Rob,
>>                                Thanks for pointing me in the right
>>         direction.
>>                  However after
>>                                following the instructions in the above
>>         mentioned
>>                  doc I
>>                           noticed a
>>                                few things that are odd and have a new
>>         problem.
>>                  The first
>>                           odd thing
>>                                I noticed is that when I run service
>>         pki-cad status it
>>                           shows that my
>>                                PKI Subsystem Type is "CA Clone (Security
>>         Domain)"
>>                                Shouldn't that say something like "CA
>>         Master"?
>>                                Second, when I ran the "ipa-getcert
>>         resubmit -I [ID]"
>>                           commands they
>>                                all produced the same AUTH_FAIL message
>>         in the
>>                  debug log.
>>
>>                                Now the new problem...after pressing on and
>>                  restarting things
>>                                certmonger fails to start with a segfault.
>>                                Starting certmonger: /bin/bash: line 1:
>> 64935
>>                  Segmentation
>>                                fault      /usr/sbin/certmonger -S -p
>>         /var/run
>>                  certmonger.pid
>>
>>                                Thanks!
>>
>>                                On Thu, Jul 28, 2016 at 3:36 PM, Rob
>>         Crittenden
>>                           <rcritten at redhat.com
>>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>>
>>                  <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>>>
>>                                <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>
>>                  <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>> <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>
>>                  <mailto:rcritten at redhat.com
>>         <mailto:rcritten at redhat.com>>>>>
>>
>>                           wrote:
>>
>>                                    Lewis, Adam M CIV NSWCDD, H11 wrote:
>>
>>                                        We are currently dead in the
>>         water. Our
>>                  OCSP, CA
>>                           Audit, CA
>>                                        Subsystem, and IPA RA certs
>>         expired as of
>>                  7/23/16.
>>                           I found
>>                                        and followed the instructions to
>>         the letter
>>
>>
>>
>>         (
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0
>> )
>>                                        however the CA Subsystem and IPA
>>         RA certs
>>                  will not
>>                           renew.
>>                                        I've backdated the server to make
>>         sure the
>>                  system
>>                           was within
>>                                        the renewal window, but that has
>>         not help.
>>
>>
>>                                    Those are the wrong instructions.
>>
>>                                    You want this instead,
>>         https://access.redhat.com/solutions/643753
>>
>>                                    A bunch of it is for 2.2 but it isn't
>>         exactly
>>                  noted
>>                           which parts.
>>                                    A general rule is that you
>>         don't/shouldn't
>>                  need to directly
>>                                    tweak the dogtag configuration or do
>>         any of the
>>                           start-tracking
>>                                    work (though you may want to verify
>>         that what/if
>>                           anything you
>>                                    changed from that wrong doc).
>>
>>                                        When I run getcert list it reports:
>>                                        Ca-error: Sever at
>>
>>                    "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>>                           replied: 1:
>>                                        Authentication Error
>>                                        for both the IPA RA and CA
>>         Subsystem certs
>>
>>                                        The debug log shows:
>>                                        SignedAuditEventFactory: create()
>>
>>
>>
>>
>> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>>                                        RA,O=MISS.ION] authentication
>> failure
>>                                        ReviewReqServlet: Invalid
>> Credential.
>>
>>
>>                                    The place to start is to get the
>>         serial # of
>>                  the ipaCert:
>>
>>                                    # certutil -L -d /etc/httpd/alias -n
>>         ipaCert
>>                  |grep Serial
>>
>>                                    Now get the user from the dogtag LDAP
>>         server:
>>
>>                                    # ldapsearch -h `hostname` -p 7389 -x
>> -D
>>                  'cn=directory
>>                           manager'
>>                                    -W -b uid=ipara,ou=People,o=ipaca
>>         description
>>
>>                                    The format is 2;<serial number>;<issuer
>>                  subject>;<subject>
>>
>>                                    See if the serial # matches ipaCert.
>> I'm
>>                  guessing it won't.
>>                                    Follow the instructions on the page I
>>         cited to
>>                  update
>>                           the entry
>>                                    with the current certificate and
>> serial #
>>                  values. That
>>                           should
>>                                    get you going.
>>
>>                                    rob
>>
>>
>>
>>                                        We are kind of in deep doo-doo
>>         until this gets
>>                           resolved.
>>
>>                                        We are running
>>         ipa-server-3.0.0-47.el6_7.2
>>                  on RHEL 6.5
>>
>>                                        Any thoughts?
>>
>>                                        Thanks!
>>
>>                                        Adam M. Lewis
>>
>>
>>
>>
>>                                    --
>>                                    Manage your subscription for the
>>         Freeipa-users
>>                  mailing
>>                           list:
>>         https://www.redhat.com/mailman/listinfo/freeipa-users
>>                                    Go to http://freeipa.org for more
>>         info on the
>>                  project
>>
>>
>>
>>
>>                                --
>>                                Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>
>>                           <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com
>> >>>>
>>                                10807 Allie Place
>>                                Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>>                  <tel:540-412-8643 <tel:540-412-8643>>>
>>         <tel:540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>>
>>                           <tel:540-412-8643 <tel:540-412-8643>
>>         <tel:540-412-8643 <tel:540-412-8643>>>>
>>
>>
>>
>>
>>
>>                           --
>>                           Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>
>>                           <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>
>>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com
>> >>>>
>>
>>                           10807 Allie Place
>>                           Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>>                  <tel:540-412-8643 <tel:540-412-8643>>>
>>
>>
>>
>>
>>
>>
>>
>>
>>                  --
>>                  Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>                  <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>>         <mailto:alewis422 at gmail.com>>>
>>                  10807 Allie Place
>>                  Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>>         <tel:540-412-8643>>
>>
>>
>>
>>
>>
>>
>>         --
>>         Adam M. Lewis
>>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>>         10807 Allie Place
>>         Fredericksburg, VA 22408
>>         540-412-8643 <tel:540-412-8643>
>>
>>
>>
>>
>>
>>
>> --
>> Adam M. Lewis
>> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>> 10807 Allie Place
>> Fredericksburg, VA 22408
>> 540-412-8643
>>
>>
>>
>


-- 
Adam M. Lewis
alewis422 at gmail.com
10807 Allie Place
Fredericksburg, VA 22408
540-412-8643
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160802/7afa9b65/attachment.htm>

From ianh at brownpapertickets.com  Tue Aug  2 13:17:45 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Tue, 2 Aug 2016 06:17:45 -0700
Subject: [Freeipa-users] Third Party Certificate
Message-ID: <39b3a0f8-8e15-f99e-3735-263555ba892e@brownpapertickets.com>

Hello!

I have been using FreeIPA for a while in our network with 6 replicas and
it's been working great.  I seem to have made a wee mistake though and
I'd appreciate some help.

I did this:

https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

on one server because I had a new cert for our internal domain and I
thought it might be nice to use the same cert for all our internal web
services.

It worked fine but now when I'm on that server I get
SEC_ERROR_UNTRUSTED_ISSUER when I run ipa commands.  Is there any way I
can roll this back, or make it work as is?

Thanks!

-Ian



From julliot at ljll.math.upmc.fr  Tue Aug  2 14:13:27 2016
From: julliot at ljll.math.upmc.fr (=?UTF-8?Q?S=c3=a9bastien_Julliot?=)
Date: Tue, 2 Aug 2016 16:13:27 +0200
Subject: [Freeipa-users] Notification System
In-Reply-To: <mailman.18741.1470141238.3910.freeipa-users@redhat.com>
References: <mailman.18741.1470141238.3910.freeipa-users@redhat.com>
Message-ID: <ab0c69f0-a45e-0dc5-034a-285abc7b4fc3@ljll.math.upmc.fr>

Hy everyone,

Currently migrating to FreeIPA, I find myself writing several scripts to
notify users (on account creation, on birthdays, one week before account
deletion, ...).

A global notification system would be very handy and I see here
<http://www.freeipa.org/page/V4/Notification_system> that it has been on
the tasklist for months now.

Do you have news about the progress and maybe a release date (estimated,
at least) ?

Besides, if necessary, we would be happy to synchronize and contribute
to that part.

Sebastien.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160802/13d1550d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160802/13d1550d/attachment.sig>

From flo at redhat.com  Tue Aug  2 15:19:36 2016
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Tue, 2 Aug 2016 17:19:36 +0200
Subject: [Freeipa-users] Third Party Certificate
In-Reply-To: <39b3a0f8-8e15-f99e-3735-263555ba892e@brownpapertickets.com>
References: <39b3a0f8-8e15-f99e-3735-263555ba892e@brownpapertickets.com>
Message-ID: <585582c7-9d21-20f5-9b40-60c7ff2d295b@redhat.com>

On 08/02/2016 03:17 PM, Ian Harding wrote:
> Hello!
>
> I have been using FreeIPA for a while in our network with 6 replicas and
> it's been working great.  I seem to have made a wee mistake though and
> I'd appreciate some help.
>
> I did this:
>
> https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>
> on one server because I had a new cert for our internal domain and I
> thought it might be nice to use the same cert for all our internal web
> services.
>
> It worked fine but now when I'm on that server I get
> SEC_ERROR_UNTRUSTED_ISSUER when I run ipa commands.  Is there any way I
> can roll this back, or make it work as is?
>
> Thanks!
>
> -Ian
>
Hi Ian,

if the certificate that you installed was issued by a CA not known by 
IPA (let's call him the issuer), then you need to add this issuer cert 
first using:
ipa-cacert-manage install <issuer certificate file> -n nickname -t C,,
kinit admin
ipa-certupdate

You can check that the issuer cert is properly installed in 
/etc/httpd/alias and /etc/ipa/nssdb with:
certutil -L -d /etc/httpd/alias
certutil -L -d /etc/ipa/nssdb
where it should appear with C,, flags

Hope this helps,
Flo.



From pspacek at redhat.com  Tue Aug  2 15:55:25 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 2 Aug 2016 17:55:25 +0200
Subject: [Freeipa-users] Notification System
In-Reply-To: <ab0c69f0-a45e-0dc5-034a-285abc7b4fc3@ljll.math.upmc.fr>
References: <mailman.18741.1470141238.3910.freeipa-users@redhat.com>
	<ab0c69f0-a45e-0dc5-034a-285abc7b4fc3@ljll.math.upmc.fr>
Message-ID: <20cb36e8-7e94-f3b1-1d29-7a97553f249e@redhat.com>

On 2.8.2016 16:13, S?bastien Julliot wrote:
> Hy everyone,
> 
> Currently migrating to FreeIPA, I find myself writing several scripts to
> notify users (on account creation, on birthdays, one week before account
> deletion, ...).
> 
> A global notification system would be very handy and I see here
> <http://www.freeipa.org/page/V4/Notification_system> that it has been on
> the tasklist for months now.
> 
> Do you have news about the progress and maybe a release date (estimated,
> at least) ?

Hello,

the student working on the project had given up for personal reasons so the
work is waiting for someone to pick it up.

I've updated ticket
https://fedorahosted.org/freeipa/ticket/1593#comment:17
including links to the work which was already been done.

> Besides, if necessary, we would be happy to synchronize and contribute
> to that part.

It would be awesome if you could look at the analysis which was done
(described in the documents linked from the ticket), read the design page and
return back to the mailing list with your proposal for implementation.

We were thinking about calling D-Bus from inside of FreeIPA framework which
would allow the user to hook up one or more custom scripts to the interesting
places in FreeIPA.

An alternative was a daemon which would watch LDAP tree using SyncRepl.

There is certainly some other way to deal with this, with own pros and cons.
Please propose your ;-)

Have a nice day!

-- 
Petr^2 Spacek



From ianh at brownpapertickets.com  Tue Aug  2 17:17:50 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Tue, 2 Aug 2016 10:17:50 -0700
Subject: [Freeipa-users] Third Party Certificate
In-Reply-To: <585582c7-9d21-20f5-9b40-60c7ff2d295b@redhat.com>
References: <39b3a0f8-8e15-f99e-3735-263555ba892e@brownpapertickets.com>
	<585582c7-9d21-20f5-9b40-60c7ff2d295b@redhat.com>
Message-ID: <404f34ee-291f-9f84-5580-765525762b5c@brownpapertickets.com>

YES!  Thank you so much.

On 08/02/2016 08:19 AM, Florence Blanc-Renaud wrote:
> On 08/02/2016 03:17 PM, Ian Harding wrote:
>> Hello!
>>
>> I have been using FreeIPA for a while in our network with 6 replicas and
>> it's been working great.  I seem to have made a wee mistake though and
>> I'd appreciate some help.
>>
>> I did this:
>>
>> https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>>
>> on one server because I had a new cert for our internal domain and I
>> thought it might be nice to use the same cert for all our internal web
>> services.
>>
>> It worked fine but now when I'm on that server I get
>> SEC_ERROR_UNTRUSTED_ISSUER when I run ipa commands.  Is there any way I
>> can roll this back, or make it work as is?
>>
>> Thanks!
>>
>> -Ian
>>
> Hi Ian,
> 
> if the certificate that you installed was issued by a CA not known by
> IPA (let's call him the issuer), then you need to add this issuer cert
> first using:
> ipa-cacert-manage install <issuer certificate file> -n nickname -t C,,
> kinit admin
> ipa-certupdate
> 
> You can check that the issuer cert is properly installed in
> /etc/httpd/alias and /etc/ipa/nssdb with:
> certutil -L -d /etc/httpd/alias
> certutil -L -d /etc/ipa/nssdb
> where it should appear with C,, flags
> 
> Hope this helps,
> Flo.
> 

-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From bob at jackland.demon.co.uk  Tue Aug  2 22:58:54 2016
From: bob at jackland.demon.co.uk (Bob Hinton)
Date: Tue, 2 Aug 2016 23:58:54 +0100
Subject: [Freeipa-users] How to delete a managed group
Message-ID: <21510afb-285a-3164-708a-331a622cc9ad@jackland.demon.co.uk>

Hi,

Something went wrong when trying to restore some preserved users so I
deleted them and then tried to recreate them. This failed with -

ipa: ERROR: Unable to create private group. A group 'XXXXX'  already exists.

Trying to delete this group produces -

ipa: ERROR: Unable to create private group. A group 'XXXXX' already exists.

Trying to detach it with

ipa group-detach XXXXX

produces

ipa: ERROR: XXXXX: group not found

ipa group-show XXXXX

displays the group, but "ipa group-find XXXXX" doesn't

How can get rid of the group so I can recreate the user ?

Many thanks

Bob




From pspacek at redhat.com  Wed Aug  3 06:15:21 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 3 Aug 2016 08:15:21 +0200
Subject: [Freeipa-users] How to delete a managed group
In-Reply-To: <21510afb-285a-3164-708a-331a622cc9ad@jackland.demon.co.uk>
References: <21510afb-285a-3164-708a-331a622cc9ad@jackland.demon.co.uk>
Message-ID: <dab831d9-a89d-f0be-da3b-3586929f3ed4@redhat.com>

On 3.8.2016 00:58, Bob Hinton wrote:
> Hi,
> 
> Something went wrong when trying to restore some preserved users so I
> deleted them and then tried to recreate them. This failed with -
> 
> ipa: ERROR: Unable to create private group. A group 'XXXXX'  already exists.
> 
> Trying to delete this group produces -
> 
> ipa: ERROR: Unable to create private group. A group 'XXXXX' already exists.
> 
> Trying to detach it with
> 
> ipa group-detach XXXXX
> 
> produces
> 
> ipa: ERROR: XXXXX: group not found
> 
> ipa group-show XXXXX

I would try
$ ipa group show XXXXX --all --raw

that could show us if there is something interesting like replication conflict
or so.

Petr^2 Spacek

> 
> displays the group, but "ipa group-find XXXXX" doesn't
> 
> How can get rid of the group so I can recreate the user ?
> 
> Many thanks
> 
> Bob



From bob at jackland.demon.co.uk  Wed Aug  3 06:40:45 2016
From: bob at jackland.demon.co.uk (Bob Hinton)
Date: Wed, 3 Aug 2016 07:40:45 +0100
Subject: [Freeipa-users] How to delete a managed group
In-Reply-To: <dab831d9-a89d-f0be-da3b-3586929f3ed4@redhat.com>
References: <21510afb-285a-3164-708a-331a622cc9ad@jackland.demon.co.uk>
	<dab831d9-a89d-f0be-da3b-3586929f3ed4@redhat.com>
Message-ID: <1005674c-474b-cd42-172a-ff1283b3f993@jackland.demon.co.uk>

On 03/08/2016 07:15, Petr Spacek wrote:
> On 3.8.2016 00:58, Bob Hinton wrote:
>> Hi,
>>
>> Something went wrong when trying to restore some preserved users so I
>> deleted them and then tried to recreate them. This failed with -
>>
>> ipa: ERROR: Unable to create private group. A group 'XXXXX'  already exists.
>>
>> Trying to delete this group produces -
>>
>> ipa: ERROR: Unable to create private group. A group 'XXXXX' already exists.
>>
>> Trying to detach it with
>>
>> ipa group-detach XXXXX
>>
>> produces
>>
>> ipa: ERROR: XXXXX: group not found
>>
>> ipa group-show XXXXX
> I would try
> $ ipa group show XXXXX --all --raw
>
> that could show us if there is something interesting like replication conflict
> or so.
>
> Petr^2 Spacek
Hi Petr,

This produces ...

ipa group-show XXXXX --all --raw
  dn: cn=XXXXX,cn=groups,cn=accounts,dc=local,dc=com
  cn: XXXXX
  description: User private group for XXXXX
  gidnumber: 799830053
  ipaUniqueID: 3b8e0ec8-58c4-11e6-806d-005056015864
  mepManagedBy: uid=XXXXX,cn=users,cn=accounts,dc=local,dc=com
  objectClass: posixgroup
  objectClass: ipaobject
  objectClass: mepManagedEntry
  objectClass: top

We do have some replication problems at the moment - two recreated
replicas currently have two RUVs so this could this be how the user
delete completed without the corresponding group?

Thanks

Bob
>
>> displays the group, but "ipa group-find XXXXX" doesn't
>>
>> How can get rid of the group so I can recreate the user ?
>>
>> Many thanks
>>
>> Bob




From flo at redhat.com  Wed Aug  3 07:49:56 2016
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Wed, 3 Aug 2016 09:49:56 +0200
Subject: [Freeipa-users] ipa-server-install --external-cert-file and
 exporting dogtag certificates
In-Reply-To: <CACHJYOvSGaSr+9-CkFE4SQky36OwVjUJWgxzd+Uqgyn4XTH0Rg@mail.gmail.com>
References: <CACHJYOsefMx2bmWFSsPT_nFNX9o8+EFUaz1sqc4Xq11y2NrgOg@mail.gmail.com>
	<4cc4b68d-9bea-99d2-1264-e49c35c80f04@redhat.com>
	<CACHJYOvSGaSr+9-CkFE4SQky36OwVjUJWgxzd+Uqgyn4XTH0Rg@mail.gmail.com>
Message-ID: <21d2339e-a07b-4754-0706-0e022d2c30e8@redhat.com>

On 08/02/2016 04:52 AM, Richard Harmonson wrote:
> On Mon, Aug 1, 2016 at 10:15 AM, Petr Vobornik <pvoborni at redhat.com
> <mailto:pvoborni at redhat.com>> wrote:
>
>     On 07/31/2016 07:45 AM, Richard Harmonson wrote:
>     > I having challenges resuming ipa-server-install --external-ca. I
>     am reasonably
>     > confident I am not providing the right certificate and/or format
>     from my
>     > off-line root CA using 389 and Dogtag.
>     >
>     > Does anyone have instructions on how to accomplish the task of
>     exporting the
>     > correct certificates in the expected format?
>     >
>     > Thank you.
>     >
>
>     The IPA procedure with prerequisites is described at
>     https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-server-external-ca
>
>     Or are you rather asking for specific PKI instructions?
>
>     e.g.
>     *
>     http://pki.fedoraproject.org/wiki/PKI_Certificate_CLI#Submitting_a_Certificate_Request
>
>     *
>     http://pki.fedoraproject.org/wiki/CA_Certificate_Profiles#caCACert:_Manual_Certificate_Manager_Signing_Certificate_Enrollment
>     --
>     Petr Vobornik
>
>
> I read the suggested document, previously, but its an excellent shared
> reference for this discussion.
>
> I have successfully submitted and approved the csr. Dogtag provides a
> web UI which provides a Base 64 encoded certificate or Base 64 encoded
> certificate with CA certificate chain in pkcs7 format.
>
> For the servercert2010601.pem (the signed CSR request signing CA
> certificate 0x9) referenced in the article, do I  copy and paste
> (-----BEGIN .. END-----) the base 64 (not pkcs7) to a file using *.pem
> then submit using one of the two --external-cert-file?
>
> For the cacert.pem (the Root CA signing certificate 0x1) referenced in
> the article, do I copy and paste the base 64 with ca in pkcs7 format to
> a file using *.pkcs7 (or pem or does it matter?) then submit using the
> second --external-cert-file?
>
> Your guidance is much appreciated.
>
>
Hi Richard,

I tested the following steps to install FreeIPA with a certificate 
signed by an external Dogtag instance:

1- IPA installation on host ipaserver with:
ipaserver$ ipa-server-install [options] --external-ca

This step produces the Certificate Signing Request /root/ipa.csr that 
must be provided to the Dogtag server.

2- On the Dogtag machine, configure Dogtag client authentication (to be 
able to use the command-line):

dogtagsrv$ pki -c password client-init

This step creates a NSSDB in ~/.dogtag/nssdb where the certificates for 
client->dogtag server authentication will be stored.

dogtagsrv$ pk12util -i /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -d 
/root/.dogtag/nssdb/

This step imports the caadmin certificate that was created during Dogtag 
installation into the client NSSDB. The client will be able to 
authenticate as "caadmin" when using Dogtag CLI. Please note the 
certicate nickname that can be found using

dogtagsrv$ certutil -L -d ~/.dogtag/nssdb/
[...]
PKI Administrator for <security domain>         u,u,u

3- On the Dogtag machine, submit the CSR and approve:
dogtagsrv$ pki ca-cert-request-submit --profile caCACert --request-type 
pkcs10 --csr-file  /path/to/ipa.csr

This step submits the csr to Dogtag, using the caCACert profile in order 
to produce a Certificate that can be used for a Certificate Authority. 
Note the Request ID in the output as it will be used in the next command 
to approve the CSR and produce the cert:

dogtagsrv$ pki -c password -d ~/.dogtag/nssdb/ -n "PKI Administrator for 
<security domain>"  cert-request-review <id> --action approve

4- On the Dogtag machine, export the certificate and the dogtag CA cert:

dogtagsrv$ pki -c password -d ~/.dogtag/nssdb/ -n "PKI Administrator for 
<security domain>"  cert-show 7 --encoded --output  ipa.cert
dogtagsrv$ pki ca-cert-show 1 --encoded --output dogtagca.cert

5- Resume ipa server installation with

ipaserver$ ipa-server-install --external-cert-file=ipa.cert 
--external-cert-file=dogtagca.cert

With those steps, I was able to install FreeIPA server with a 3rd-party 
signed Certificate Authority. Please let me known if you have issues 
with those instructions,

Flo.



From rcritten at redhat.com  Wed Aug  3 13:13:43 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 3 Aug 2016 09:13:43 -0400
Subject: [Freeipa-users] How to delete a managed group
In-Reply-To: <1005674c-474b-cd42-172a-ff1283b3f993@jackland.demon.co.uk>
References: <21510afb-285a-3164-708a-331a622cc9ad@jackland.demon.co.uk>
	<dab831d9-a89d-f0be-da3b-3586929f3ed4@redhat.com>
	<1005674c-474b-cd42-172a-ff1283b3f993@jackland.demon.co.uk>
Message-ID: <57A1EE07.6020303@redhat.com>

Bob Hinton wrote:
> On 03/08/2016 07:15, Petr Spacek wrote:
>> On 3.8.2016 00:58, Bob Hinton wrote:
>>> Hi,
>>>
>>> Something went wrong when trying to restore some preserved users so I
>>> deleted them and then tried to recreate them. This failed with -
>>>
>>> ipa: ERROR: Unable to create private group. A group 'XXXXX'  already exists.
>>>
>>> Trying to delete this group produces -
>>>
>>> ipa: ERROR: Unable to create private group. A group 'XXXXX' already exists.
>>>
>>> Trying to detach it with
>>>
>>> ipa group-detach XXXXX
>>>
>>> produces
>>>
>>> ipa: ERROR: XXXXX: group not found
>>>
>>> ipa group-show XXXXX
>> I would try
>> $ ipa group show XXXXX --all --raw
>>
>> that could show us if there is something interesting like replication conflict
>> or so.
>>
>> Petr^2 Spacek
> Hi Petr,
>
> This produces ...
>
> ipa group-show XXXXX --all --raw
>    dn: cn=XXXXX,cn=groups,cn=accounts,dc=local,dc=com
>    cn: XXXXX
>    description: User private group for XXXXX
>    gidnumber: 799830053
>    ipaUniqueID: 3b8e0ec8-58c4-11e6-806d-005056015864
>    mepManagedBy: uid=XXXXX,cn=users,cn=accounts,dc=local,dc=com
>    objectClass: posixgroup
>    objectClass: ipaobject
>    objectClass: mepManagedEntry
>    objectClass: top
>
> We do have some replication problems at the moment - two recreated
> replicas currently have two RUVs so this could this be how the user
> delete completed without the corresponding group?

Not sure. The 389-ds plugin should, by definition, remove the group when 
a user is deleted. I'd be more inclined to believe that the group was 
added and the user not in a replication event.

Removing the group requires an ldapmodify:

% kinit admin
% ldapmodify -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: admin at EXAMPLE.COM
SASL SSF: 56
SASL data security layer installed.
dn: cn=deleteme,cn=groups,cn=accounts,dc=example,dc=com
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
-
delete: mepManagedBy
mepManagedBy: uid=deleteme,cn=users,cn=accounts,dc=example,dc=com
^D
modifying entry "cn=deleteme,cn=groups,cn=accounts,dc=example,dc=com"

% ipa group-del deleteme
------------------------
Deleted group "deleteme"
------------------------

Makes me wonder if the managed entry plugin should allow deletion if the 
other side of the link doesn't exist. I'll investigate this.

rob



From patrick.hurrelmann at lobster.de  Wed Aug  3 13:39:37 2016
From: patrick.hurrelmann at lobster.de (Patrick Hurrelmann)
Date: Wed, 3 Aug 2016 15:39:37 +0200
Subject: [Freeipa-users] RPM Update fails on some replicas in
 ipa-server-upgrade
In-Reply-To: <9c3614d6-255a-dda1-8f77-5946da2fc859@lobster.de>
References: <9c3614d6-255a-dda1-8f77-5946da2fc859@lobster.de>
Message-ID: <6437443c-1fbf-9f0d-1932-2b5951a0ac38@lobster.de>

On 20.07.2016 17:09, Patrick Hurrelmann wrote:
> Hi all,
>
> today I updated all of our IPA servers (CentOS 7.2) with some minor RPM
> updates, but one of the replicas failed with:
>
> RemoteRetrieveError: Gettext('Failed to authenticate to CA REST API',
> domain='ipa', localedir=None)
>
> Log excerpt (ipaupgrade.log) from this host:
> (Also available as https://paste.fedoraproject.org/392759/90042561/)
>
> 2016-07-20T08:39:10Z INFO [Migrating certificate profiles to LDAP]
> 2016-07-20T08:39:10Z DEBUG Created connection context.ldap2_79620048
> 2016-07-20T08:39:10Z DEBUG flushing
> ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket from SchemaCache
> 2016-07-20T08:39:10Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-EXAMPLE-COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x6b1bcb0>
> 2016-07-20T08:39:10Z DEBUG Destroyed connection context.ldap2_79620048
> 2016-07-20T08:39:10Z DEBUG request GET
> https://ipa1.loc1.example.com:8443/ca/rest/account/login
> 2016-07-20T08:39:10Z DEBUG request body ''
> 2016-07-20T08:39:10Z DEBUG NSSConnection init ipa1.loc1.example.com
> 2016-07-20T08:39:11Z DEBUG Connecting: 1.2.3.210:0
> 2016-07-20T08:39:11Z DEBUG approved_usage = SSL Server intended_usage =
> SSL Server
> 2016-07-20T08:39:11Z DEBUG cert valid True for
> "CN=ipa1.loc1.example.com,O=Example Org,OU=CA,L=City,ST=State,C=DE"
> 2016-07-20T08:39:11Z DEBUG handshake complete, peer = 1.2.3.210:8443
> 2016-07-20T08:39:11Z DEBUG Protocol: TLS1.2
> 2016-07-20T08:39:11Z DEBUG Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> 2016-07-20T08:39:11Z DEBUG response status 401
> 2016-07-20T08:39:11Z DEBUG response headers {'content-length': '951',
> 'content-language': 'en', 'expires': 'Thu, 01 Jan 1970 01:00:00 CET',
> 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Wed,
> 20 Jul 2016 08:39:11 GMT', 'content-type': 'text/html;charset=utf-8',
> 'www-authenticate': 'Basic realm="Certificate Authority"'}
> 2016-07-20T08:39:11Z DEBUG response body '<html><head><title>Apache
> Tomcat/7.0.54 - Error report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
> B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
> </head><body><h1>HTTP Status 401 - </h1><HR size="1"
> noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b>
> <u></u></p><p><b>description</b> <u>This request requires HTTP
> authentication.</u></p><HR size="1" noshade="noshade"><h3>Apache
> Tomcat/7.0.54</h3></body></html>'
> 2016-07-20T08:39:11Z ERROR IPA server upgrade failed: Inspect
> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
> 2016-07-20T08:39:11Z DEBUG   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
>     return_value = self.run()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
> line 48, in run
>     server.upgrade()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
> line 1618, in upgrade
>     upgrade_configuration()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
> line 1548, in upgrade_configuration
>     ca_enable_ldap_profile_subsystem(ca)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
> line 341, in ca_enable_ldap_profile_subsystem
>     cainstance.migrate_profiles_to_ldap(caconfig)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1868, in migrate_profiles_to_ldap
>     _create_dogtag_profile(profile_id, profile_data, overwrite=False)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1874, in _create_dogtag_profile
>     with api.Backend.ra_certprofile as profile_api:
>   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/dogtag.py",
> line 2038, in __enter__
>     raise errors.RemoteRetrieveError(reason=_('Failed to authenticate to
> CA REST API'))
>
> 2016-07-20T08:39:11Z DEBUG The ipa-server-upgrade command failed,
> exception: RemoteRetrieveError: Gettext('Failed to authenticate to CA
> REST API', domain='ipa', localedir=None)
> 2016-07-20T08:39:11Z ERROR Unexpected error - see
> /var/log/ipaupgrade.log for details:
> RemoteRetrieveError: Gettext('Failed to authenticate to CA REST API',
> domain='ipa', localedir=None)
>
>
> And with further help from mbaste on IRC, I found the following error in
> ca debug log:
> (Also available as https://paste.fedoraproject.org/392897/02195914/)
>
> [20/Jul/2016:10:39:04][profileChangeMonitor]: BasicProfile: done init
> [20/Jul/2016:10:39:04][profileChangeMonitor]: Done Profile Creation -
> IECUserRoles
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: PKIRealm.logDebug:
> Authenticating certificate chain:
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]:
> PKIRealm.getAuditUserfromCert: certUID=CN=IPA RA, O=Example Org, OU
> =CA, L=City, ST=State, C=DE
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: PKIRealm.logDebug:  
> CN=IPA RA, O=Example Org, OU=CA, L=City,
> ST=State, C=DE
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: CertUserDBAuth: started
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: CertUserDBAuth: Retrieving
> client certificate
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: CertUserDBAuth: Got client
> certificate
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: In
> LdapBoundConnFactory::getConn()
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: masterConn is connected: false
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: makeConnection:
> errorIfDown true
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: LdapJssSSLSocket set
> client auth cert nicknamesubsystemCert cert-pki-ca
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: SSL handshake happened
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Established LDAP
> connection with SSL client auth to ipa1.loc1.example.com:636
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: getConn: conn is connected
> false
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Attempt to bring back down
> connection.
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Re-animated connection:
> LDAPConnection {ldaps://ipa1.loc1.example.com:636 (2) ldapVersion:3
> bindDN:""}
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: getConn: mNumConns now 2
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: returnConn: mNumConns now 3
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Authentication: client
> certificate found
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: In
> LdapBoundConnFactory::getConn()
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: masterConn is connected: false
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: makeConnection:
> errorIfDown true
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: LdapJssSSLSocket set
> client auth cert nicknamesubsystemCert cert-pki-ca
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: SSL handshake happened
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Established LDAP
> connection with SSL client auth to ipa1.loc1.example.com:636
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: getConn: conn is connected
> false
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Attempt to bring back down
> connection.
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: Re-animated connection:
> LDAPConnection {ldaps://ipa1.loc1.example.com:636 (2) ldapVersion:3
> bindDN:""}
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: getConn: mNumConns now 2
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: returnConn: mNumConns now 3
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: CertUserDBAuthentication:
> cannot map certificate to any user
> [20/Jul/2016:10:39:11][http-bio-8443-exec-4]: SignedAuditEventFactory:
> create() message=[AuditEvent=AUTH_FAIL][SubjectID=CN=IPA RA, O=Example
> Org, OU=CA, L=City, ST=State,
> C=DE][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
> RA, O=Example Org, OU=CA, L=City, ST=State, C=DE] authentication failure
>
>
> I'm totally lost with this and cannot explain, why some replicas
> successfully updated and some failed.
> Does anyone have some ideas for further debugging and/or maybe even some
> solution or pointers to fix?
>
> Thank you very much.
>
> Kind regards
> Patrick

Update: This one got fixed. The main reason was, that certmonger somehow
lost
track of the certificates on 2 replicas and as these certificates were
automatically
renewed on the working replicas, the other 2 kept using the old/expired
certs and
broke. Fortunately the fix was quite easy. The missing ca config had to
be added
back to certmonger and the tracking for all internal certificates had to
be re-enabled:

getcert add-ca -v -c dogtag-ipa-ca-renew-agent -e
/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit

getcert start-tracking -d '/etc/pki/pki-tomcat/alias' -n
'auditSigningCert cert-pki-ca' \
  -t 'NSS Certificate DB' -P XXXX -r -c dogtag-ipa-ca-renew-agent -B
/usr/lib64/ipa/certmonger/stop_pkicad \
  -C '/usr/lib64/ipa/certmonger/renew_ca_cert "auditSigningCert
cert-pki-ca"' -v

getcert start-tracking -d '/etc/pki/pki-tomcat/alias' -n
'ocspSigningCert cert-pki-ca' \
  -t 'NSS Certificate DB' -P XXXX -r -c dogtag-ipa-ca-renew-agent -B
/usr/lib64/ipa/certmonger/stop_pkicad \
  -C '/usr/lib64/ipa/certmonger/renew_ca_cert "ocspSigningCert
cert-pki-ca"' -v

getcert start-tracking -d '/etc/pki/pki-tomcat/alias' -n 'subsystemCert
cert-pki-ca' \
  -t 'NSS Certificate DB' -P XXXX -r -c dogtag-ipa-ca-renew-agent -B
/usr/lib64/ipa/certmonger/stop_pkicad \
  -C '/usr/lib64/ipa/certmonger/renew_ca_cert "subsystemCert
cert-pki-ca"' -v

getcert start-tracking -d '/etc/pki/pki-tomcat/alias' -n 'caSigningCert
cert-pki-ca' \
  -t 'NSS Certificate DB' -P XXXX -r -c dogtag-ipa-ca-renew-agent -B
/usr/lib64/ipa/certmonger/stop_pkicad \
  -C '/usr/lib64/ipa/certmonger/renew_ca_cert "caSigningCert
cert-pki-ca"' -v

getcert start-tracking -d '/etc/httpd/alias' -n 'ipaCert' -t 'NSS
Certificate DB' \
  -p '/etc/httpd/alias/pwdfile.txt' -r -c dogtag-ipa-ca-renew-agent -B
/usr/lib64/ipa/certmonger/renew_ra_cert_pre \
  -C /usr/lib64/ipa/certmonger/renew_ra_cert -v

getcert start-tracking -d '/etc/pki/pki-tomcat/alias' -n 'Server-Cert
cert-pki-ca' \
  -t 'NSS Certificate DB' -P XXXX -r -c dogtag-ipa-renew-agent -B
/usr/lib64/ipa/certmonger/stop_pkicad \
  -C '/usr/lib64/ipa/certmonger/renew_ca_cert "Server-Cert cert-pki-ca"' -v

Maybe this is helpful for anyone facing a similar problem.

Again thx to rcrit and Crys on IRC for their support in debugging and
resolving this issue.

Kind regards
Patrick


-- 
Lobster SCM GmbH, Hindenburgstra?e 15, D-82343 P?cking
HRB 178831, Amtsgericht M?nchen
Gesch?ftsf?hrer: Dr. Martin Fischer, Rolf Henrich



From Brad.Cesarone at raytheon.com  Wed Aug  3 16:38:47 2016
From: Brad.Cesarone at raytheon.com (Brad Cesarone)
Date: Wed, 3 Aug 2016 11:38:47 -0500
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
Message-ID: <OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>

Hello All

I'm trying to figure out how the webUI populates the user page. I have a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am able to view them using ipa user-show, ldapsearch, and if I navigate to them using the user details URL they show up. Groups are also able to find the non-posix users and verify membership. I am just unable to use ipa user-find or see them in the users page.

I apologize if this has already been answered, I tried google-fu and it didn't return anything useful.
Using IPA 3.0 on Redhat 6.8

Thanks
-Brad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/cbd9d099/attachment.htm>

From mbasti at redhat.com  Wed Aug  3 17:44:11 2016
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 3 Aug 2016 19:44:11 +0200
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
References: <OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
Message-ID: <aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>



On 03.08.2016 18:38, Brad Cesarone wrote:
> Hello All
> I'm trying to figure out how the webUI populates the user page. I have 
> a mix of posix users and non-posix users.
> The non-posix users were added using an LDIF and imported fine. I am 
> able to view them using ipa user-show, ldapsearch, and if I navigate 
> to them using the user details URL they show up. Groups are also able 
> to find the non-posix users and verify membership. I am just unable to 
> use ipa user-find or see them in the users page.

Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from 
/var/log/dirsrv/slapd-*/access (I hope this is the right path on RHEL6.8)

Then please provide all objectclasses that have a random imported user

regards
Martin
> I apologize if this has already been answered, I tried google-fu and 
> it didn't return anything useful.
> Using IPA 3.0 on Redhat 6.8
> Thanks
> -Brad
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/2993f9c0/attachment.htm>

From rcritten at redhat.com  Wed Aug  3 17:51:45 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 3 Aug 2016 13:51:45 -0400
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
References: <OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
	<aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
Message-ID: <57A22F31.6050007@redhat.com>

Martin Basti wrote:
>
>
> On 03.08.2016 18:38, Brad Cesarone wrote:
>> Hello All
>> I'm trying to figure out how the webUI populates the user page. I have
>> a mix of posix users and non-posix users.
>> The non-posix users were added using an LDIF and imported fine. I am
>> able to view them using ipa user-show, ldapsearch, and if I navigate
>> to them using the user details URL they show up. Groups are also able
>> to find the non-posix users and verify membership. I am just unable to
>> use ipa user-find or see them in the users page.
>
> Hello, I'm afraid you may miss an objectclass in imported users.
>
> Can you please run ipa user-find, and provide SRCH filter from
> /var/log/dirsrv/slapd-*/access (I hope this is the right path on RHEL6.8)
>
> Then please provide all objectclasses that have a random imported user

Martin is right, it is due to missing objectclass(es).

IPA knows what objectclasses constitute and IPA user and user-find (and 
therefore the UI) uses those to find all users (in this case 
posixaccount). So since you have non-POSIX users that's why you don't 
see them.

user-show on the other hand knows where users live and how to build a 
user DN which is why that works.

rob



From richard.harmonson at gmail.com  Wed Aug  3 17:54:42 2016
From: richard.harmonson at gmail.com (Richard Harmonson)
Date: Wed, 3 Aug 2016 10:54:42 -0700
Subject: [Freeipa-users] ipa-server-install --external-cert-file and
 exporting dogtag certificates
In-Reply-To: <21d2339e-a07b-4754-0706-0e022d2c30e8@redhat.com>
References: <CACHJYOsefMx2bmWFSsPT_nFNX9o8+EFUaz1sqc4Xq11y2NrgOg@mail.gmail.com>
	<4cc4b68d-9bea-99d2-1264-e49c35c80f04@redhat.com>
	<CACHJYOvSGaSr+9-CkFE4SQky36OwVjUJWgxzd+Uqgyn4XTH0Rg@mail.gmail.com>
	<21d2339e-a07b-4754-0706-0e022d2c30e8@redhat.com>
Message-ID: <CACHJYOtQM=SufebM8ijg=7h-PKEOgEd=P6SL-j+cNZthQrwMXQ@mail.gmail.com>

On Wed, Aug 3, 2016 at 12:49 AM, Florence Blanc-Renaud <flo at redhat.com>
wrote:

> On 08/02/2016 04:52 AM, Richard Harmonson wrote:
>
>> On Mon, Aug 1, 2016 at 10:15 AM, Petr Vobornik <pvoborni at redhat.com
>> <mailto:pvoborni at redhat.com>> wrote:
>>
>>     On 07/31/2016 07:45 AM, Richard Harmonson wrote:
>>     > I having challenges resuming ipa-server-install --external-ca. I
>>     am reasonably
>>     > confident I am not providing the right certificate and/or format
>>     from my
>>     > off-line root CA using 389 and Dogtag.
>>     >
>>     > Does anyone have instructions on how to accomplish the task of
>>     exporting the
>>     > correct certificates in the expected format?
>>     >
>>     > Thank you.
>>     >
>>
>>     The IPA procedure with prerequisites is described at
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-server-external-ca
>>
>>     Or are you rather asking for specific PKI instructions?
>>
>>     e.g.
>>     *
>>
>> http://pki.fedoraproject.org/wiki/PKI_Certificate_CLI#Submitting_a_Certificate_Request
>>
>>     *
>>
>> http://pki.fedoraproject.org/wiki/CA_Certificate_Profiles#caCACert:_Manual_Certificate_Manager_Signing_Certificate_Enrollment
>>     --
>>     Petr Vobornik
>>
>>
>> I read the suggested document, previously, but its an excellent shared
>> reference for this discussion.
>>
>> I have successfully submitted and approved the csr. Dogtag provides a
>> web UI which provides a Base 64 encoded certificate or Base 64 encoded
>> certificate with CA certificate chain in pkcs7 format.
>>
>> For the servercert2010601.pem (the signed CSR request signing CA
>> certificate 0x9) referenced in the article, do I  copy and paste
>> (-----BEGIN .. END-----) the base 64 (not pkcs7) to a file using *.pem
>> then submit using one of the two --external-cert-file?
>>
>> For the cacert.pem (the Root CA signing certificate 0x1) referenced in
>> the article, do I copy and paste the base 64 with ca in pkcs7 format to
>> a file using *.pkcs7 (or pem or does it matter?) then submit using the
>> second --external-cert-file?
>>
>> Your guidance is much appreciated.
>>
>>
>> Hi Richard,
>
> I tested the following steps to install FreeIPA with a certificate signed
> by an external Dogtag instance:
>
> 1- IPA installation on host ipaserver with:
> ipaserver$ ipa-server-install [options] --external-ca
>
> This step produces the Certificate Signing Request /root/ipa.csr that must
> be provided to the Dogtag server.
>
> 2- On the Dogtag machine, configure Dogtag client authentication (to be
> able to use the command-line):
>
> dogtagsrv$ pki -c password client-init
>
> This step creates a NSSDB in ~/.dogtag/nssdb where the certificates for
> client->dogtag server authentication will be stored.
>
> dogtagsrv$ pk12util -i /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -d
> /root/.dogtag/nssdb/
>
> This step imports the caadmin certificate that was created during Dogtag
> installation into the client NSSDB. The client will be able to authenticate
> as "caadmin" when using Dogtag CLI. Please note the certicate nickname that
> can be found using
>
> dogtagsrv$ certutil -L -d ~/.dogtag/nssdb/
> [...]
> PKI Administrator for <security domain>         u,u,u
>
> 3- On the Dogtag machine, submit the CSR and approve:
> dogtagsrv$ pki ca-cert-request-submit --profile caCACert --request-type
> pkcs10 --csr-file  /path/to/ipa.csr
>
> This step submits the csr to Dogtag, using the caCACert profile in order
> to produce a Certificate that can be used for a Certificate Authority. Note
> the Request ID in the output as it will be used in the next command to
> approve the CSR and produce the cert:
>
> dogtagsrv$ pki -c password -d ~/.dogtag/nssdb/ -n "PKI Administrator for
> <security domain>"  cert-request-review <id> --action approve
>
> 4- On the Dogtag machine, export the certificate and the dogtag CA cert:
>
> dogtagsrv$ pki -c password -d ~/.dogtag/nssdb/ -n "PKI Administrator for
> <security domain>"  cert-show 7 --encoded --output  ipa.cert
> dogtagsrv$ pki ca-cert-show 1 --encoded --output dogtagca.cert
>
> 5- Resume ipa server installation with
>
> ipaserver$ ipa-server-install --external-cert-file=ipa.cert
> --external-cert-file=dogtagca.cert
>
> With those steps, I was able to install FreeIPA server with a 3rd-party
> signed Certificate Authority. Please let me known if you have issues with
> those instructions,
>
> Flo.
>

Awesome!

Flo, your instructions were perfect! I exported the certs and during the
ipa-server-install I see the certs being displayed on the screen then
"Process finished, return code=0, so they are accepted on resuming the
installation. The install fails with a LDAP error but I believe it to be
unrelated to the exported certs. May be a result of my earlier thrashing?

I will recover from a snapshot and begin again. If problems persist, I will
send another request for help for it is probably unrelated to the
certificates.

You got me one step closer. Thank you!

Debug shows:

# pa-server-install --external-cert-file=ipa.cert
--external-cert-file=dogtagca.cert
..
ipa         : DEBUG    Starting external process
ipa         : DEBUG    args=/usr/sbin/pkispawn -s CA -f /tmp/tmpDVXaWo
ipa         : DEBUG    Process finished, *return code=1*
ipa         : DEBUG    stdout=Log file:
/var/log/pki/pki-ca-spawn.20160803103307.log
Loading deployment configuration from /tmp/tmpDVXaWo.
*ERROR:  Unable to access directory server: Can't contact LDAP server*

ipa         : DEBUG    stderr=
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure
CA instance: Command '/usr/sbin/pkispawn -s CA -f /tmp/tmpDVXaWo' returned
non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
ipa         : DEBUG    Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 447, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 437, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 579, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 181, in spawn_instance
    self.handle_setup_error(e)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 421, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.
..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/aa16b6cd/attachment.htm>

From mbasti at redhat.com  Wed Aug  3 17:56:25 2016
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 3 Aug 2016 19:56:25 +0200
Subject: [Freeipa-users] Declarative configuration options?
In-Reply-To: <CAA4LE3bYVWFG-Kg=6KMZpjTmH-p=Hxx08s57KYDADd7aVdK3HQ@mail.gmail.com>
References: <CAA4LE3bYVWFG-Kg=6KMZpjTmH-p=Hxx08s57KYDADd7aVdK3HQ@mail.gmail.com>
Message-ID: <6874c08a-2937-450c-e850-c3c469ea20a6@redhat.com>



On 01.08.2016 22:50, Mike LoSapio wrote:
> Hi there,
>
> Is there anyone out there with a good system for storing users,
> groups, hosts, etc.. in some sort of version controlled repo w/ flat
> files that could plug into "two-man" workflows for user-account
> creation and privilege/group membership changes, etc.
>
> There's some github projects out there to help installing FreeIPA
> server and a few to get clients up and running, but nothing (that I
> could find) for the on-going management of FreeIPA resources.
>
>
>
> So in puppet world (just as an example) - I'd be looking for something
> like a puppet-defined-type freeipa_user with all the attributes
> required and more-importantly all the code-glue that puts it all
> together...
>
>
> Figured I'd ask if there if there's anything already out there before
> I re-invent the wheel.
>
>
> TIA,
> --Mike
>
Hello,

sorry but I don't understand what you exactly need, can you be more 
specific? Do you need a script that provision users?

Martin




From Brad.Cesarone at raytheon.com  Wed Aug  3 17:58:35 2016
From: Brad.Cesarone at raytheon.com (Brad Cesarone)
Date: Wed, 3 Aug 2016 12:58:35 -0500
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
References: <aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>,
	<OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
Message-ID: <OFE7DDDE6B.304E9D59-ON86258004.0062BF44-86258004.0062BF4B@raytheon.com>


Hi Martin

I've been playing with adding objectclasses to the non-posix user. I have so far added inetuser, ipaobject, ipasshuser. He started with top, person, organizationalPerson, inetOrgPerson and two custom classes. 

Nothing came up in /var/log/dirsrv/slapd-*/access when running the search but in the /var/log/httpd/error_log there is the following entry:  user_find{u'<user_name>', whoami=False, all=False, raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS

The command outputted 
------------------
0 users matched
-----------------
----------------------------
Number of Entries Returned 0
----------------------------

Thanks
-Brad

-----Martin Basti <mbasti at redhat.com> wrote: ----- 
To: Brad Cesarone <Brad.Cesarone at raytheon.com>, freeipa-users at redhat.com
From: Martin Basti <mbasti at redhat.com>
Date: 08/03/2016 12:44PM
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population






On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
 
I'm trying to figure out how the webUI populates the user page. I have a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am able to view them using ipa user-show, ldapsearch, and if I navigate to them using the user details URL they show up. Groups are also able to find the non-posix users and verify membership. I am just unable to use ipa user-find or see them in the users page.

Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from /var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)

Then please provide all objectclasses that have a random imported user

regards
Martin

 
I apologize if this has already been answered, I tried google-fu and it didn't return anything useful.
Using IPA 3.0 on Redhat 6.8
 
Thanks
-Brad

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/f4dd32df/attachment.htm>

From mbasti at redhat.com  Wed Aug  3 18:01:47 2016
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 3 Aug 2016 20:01:47 +0200
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <OFE7DDDE6B.304E9D59-ON86258004.0062BF44-86258004.0062BF4B@raytheon.com>
References: <aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
	<OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
	<OFE7DDDE6B.304E9D59-ON86258004.0062BF44-86258004.0062BF4B@raytheon.com>
Message-ID: <dc0507ea-b41a-84f9-56e7-52448f65e1e2@redhat.com>



On 03.08.2016 19:58, Brad Cesarone wrote:
>
> Hi Martin
> I've been playing with adding objectclasses to the non-posix user. I 
> have so far added inetuser, ipaobject, ipasshuser. He started with 
> top, person, organizationalPerson, inetOrgPerson and two custom classes.

You need this 'posixaccount' according the source code of IPA 3.3.0

Martin
> Nothing came up in /var/log/dirsrv/slapd-*/access when running the 
> search but in the /var/log/httpd/error_log there is the 
> following entry:  user_find{u'<user_name>', whoami=False, all=False, 
> raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS
> The command outputted
> ------------------
> 0 users matched
> -----------------
> ----------------------------
> Number of Entries Returned 0
> ----------------------------
> Thanks
> -Brad
>
> -----Martin Basti <mbasti at redhat.com> wrote: -----
> To: Brad Cesarone <Brad.Cesarone at raytheon.com>, freeipa-users at redhat.com
> From: Martin Basti <mbasti at redhat.com>
> Date: 08/03/2016 12:44PM
> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
>
>
>
> On 03.08.2016 18:38, Brad Cesarone wrote:
>> Hello All
>> I'm trying to figure out how the webUI populates the user page. I 
>> have a mix of posix users and non-posix users.
>> The non-posix users were added using an LDIF and imported fine. I am 
>> able to view them using ipa user-show, ldapsearch, and if I navigate 
>> to them using the user details URL they show up. Groups are also able 
>> to find the non-posix users and verify membership. I am just unable 
>> to use ipa user-find or see them in the users page.
>
> Hello, I'm afraid you may miss an objectclass in imported users.
>
> Can you please run ipa user-find, and provide SRCH filter from 
> /var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)
>
> Then please provide all objectclasses that have a random imported user
>
> regards
> Martin
>> I apologize if this has already been answered, I tried google-fu and 
>> it didn't return anything useful.
>> Using IPA 3.0 on Redhat 6.8
>> Thanks
>> -Brad
>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/79b2a750/attachment.htm>

From Brad.Cesarone at raytheon.com  Wed Aug  3 18:03:36 2016
From: Brad.Cesarone at raytheon.com (Brad Cesarone)
Date: Wed, 3 Aug 2016 13:03:36 -0500
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <dc0507ea-b41a-84f9-56e7-52448f65e1e2@redhat.com>
References: <dc0507ea-b41a-84f9-56e7-52448f65e1e2@redhat.com>,
	<aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
	<OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
	<OFE7DDDE6B.304E9D59-ON86258004.0062BF44-86258004.0062BF4B@raytheon.com>
Message-ID: <OF4C4CC36A.E05C8640-ON86258004.0063352F-86258004.00633533@raytheon.com>

Does it just need the objectclass? Does it care if there are any values assigned to the attributes underneath the posixaccount object class?




-----Martin Basti <mbasti at redhat.com> wrote: ----- 
To: Brad Cesarone <Brad.Cesarone at raytheon.com>
From: Martin Basti <mbasti at redhat.com>
Date: 08/03/2016 01:01PM
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population






On 03.08.2016 19:58, Brad Cesarone wrote:


Hi Martin
 
I've been playing with adding objectclasses to the non-posix user. I have so far added inetuser, ipaobject, ipasshuser. He started with top, person, organizationalPerson, inetOrgPerson and two custom classes. 

You need this 'posixaccount' according the source code of IPA 3.3.0

Martin

 
Nothing came up in /var/log/dirsrv/slapd-*/access when running the search but in the /var/log/httpd/error_log there is the following entry:  user_find{u'<user_name>', whoami=False, all=False, raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS
 
The command outputted 
------------------
0 users matched
-----------------
----------------------------
Number of Entries Returned 0
----------------------------
 
Thanks
-Brad

-----Martin Basti <mbasti at redhat.com> wrote: ----- 
To: Brad Cesarone <Brad.Cesarone at raytheon.com>, freeipa-users at redhat.com
From: Martin Basti <mbasti at redhat.com>
Date: 08/03/2016 12:44PM
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population






On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
 
I'm trying to figure out how the webUI populates the user page. I have a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am able to view them using ipa user-show, ldapsearch, and if I navigate to them using the user details URL they show up. Groups are also able to find the non-posix users and verify membership. I am just unable to use ipa user-find or see them in the users page.

Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from /var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)

Then please provide all objectclasses that have a random imported user

regards
Martin

 
I apologize if this has already been answered, I tried google-fu and it didn't return anything useful.
Using IPA 3.0 on Redhat 6.8
 
Thanks
-Brad

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/2cbdd5df/attachment.htm>

From ianh at brownpapertickets.com  Wed Aug  3 18:06:56 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Wed, 3 Aug 2016 11:06:56 -0700
Subject: [Freeipa-users] Deleted Replica Problems
Message-ID: <f231ceee-2127-eccb-e455-aae6ea146032@brownpapertickets.com>

I deleted a replica that had a corrupted ldap database and it caused
some problems.  I'm now getting the dreaded

[root at edinburghnfs ianh]# ipa-replica-manage connect freeipa-sea.bpt.rocks
Connection unsuccessful: freeipa-sea.bpt.rocks is an IPA Server, but it
might be unknown, foreign or previously deleted one.

I had to go around and remove old replication agreements from the other
replicas, but then they could connect again.  This one, and another, I
am not able to do that with.  They were initially created with
freeipa-sea as their master.

I assume I run ipa-server-install --uninstall on edinburghnis, then
reinstall to fix?

There's always an error about having to "Manually remove" the ldap
database.  What's the best way to do that?

Thanks!


- Ian



From David.Alston at sabre.com  Wed Aug  3 18:15:06 2016
From: David.Alston at sabre.com (Alston, David)
Date: Wed, 3 Aug 2016 13:15:06 -0500
Subject: [Freeipa-users] Replicating users/groups from AD
In-Reply-To: <2ACC1CF6D843104C9F5EA130AD3159B531BF8C0837@SGTULMMP001.Global.ad.sabre.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531BF8C05B8@SGTULMMP001.Global.ad.sabre.com>
	<1469202552.18067.50.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531BF8C0837@SGTULMMP001.Global.ad.sabre.com>
Message-ID: <2ACC1CF6D843104C9F5EA130AD3159B531C4550845@SGTULMMP001.Global.ad.sabre.com>

Greetings!

     I understand now that attempts to replicate user accounts from AD into FreeIPA isn't going to be getting any updates any time soon because the library being used to sync is basically defunct.

     I'll start a new thread with my question about FreeIPA Kerberos realm trusting an AD Kerberos realm while on the same DNS domain.  I've come across some new information that I'd like to check with ya'll.

     Thanks, everyone, for your answers!


--David Alston


-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Alston, David
Sent: Monday, July 25, 2016 8:24 AM
To: Simo Sorce
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Replicating users/groups from AD

Greetings!

     Yes, I had been hoping there would be a way to incorporate domain trusts between Active Directory and FreeIPA while the clients relying on these for identity management shared the same DNS domain (eg. linux.company.com and windows.company.com).  It sounds like that isn't going to happen.

     Account replication seems like another way for Active Directory users to be able to login to servers to use the same username/password for logging in.  It wouldn't have SSO, but at least a user would be able to use the same username/password everywhere.  Replicating user accounts from an external AD/LDAP server seems to be built-in, at the moment.  There aren't any plans to take that away, is there?  Ideally, I'd want a two way sync so that password changes and user group changes are replicated back to AD as well.

--David Alston

-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com]
Sent: Friday, July 22, 2016 10:49 AM
To: Alston, David
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Replicating users/groups from AD

On Fri, 2016-07-22 at 09:59 -0500, Alston, David wrote:
> Greetings!
> 
>      I realize that FreeIPA is supposed to be setup as master of its 
> own domain, but are there any plans to continue the account 
> replication functionality that has already been in FreeIPA?  I had 
> heard rumor that it would be possible to have FreeIPA and Active 
> Directory coexist in the same domain in some release in the future.
> Am I waiting for a feature that will never come?

Hi David,
in order to respond to your question an idea of what are your expectations would is needed.

If by Domain you mean "AD Domain or Kerberos Realm", the answer is no, they will never coexists.

If by Domain you mean DNS Domain read then FreeIPA can work in the same domain as AD but only if you do not care for them interacting (at the kerberos level, no trusts, no SSO).
You can basically have only one association between a DNS domain and a Realm, and a DNS domain is either going to be associated to the AD Domain server or to the IPA Domain.

Synchronization, however is a completely unrelated topic, and I can't give you an answer on that side as I do not understand how it would
relate to the coexistence of FreeIPA and AD in a single DNS domain.   

Simo.

--
Simo Sorce * Red Hat, Inc * New York


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project



From simo at redhat.com  Wed Aug  3 18:16:54 2016
From: simo at redhat.com (Simo Sorce)
Date: Wed, 03 Aug 2016 14:16:54 -0400
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <OF4C4CC36A.E05C8640-ON86258004.0063352F-86258004.00633533@raytheon.com>
References: <dc0507ea-b41a-84f9-56e7-52448f65e1e2@redhat.com>
	, <aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
	<OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
	<OFE7DDDE6B.304E9D59-ON86258004.0062BF44-86258004.0062BF4B@raytheon.com>
	<OF4C4CC36A.E05C8640-ON86258004.0063352F-86258004.00633533@raytheon.com>
Message-ID: <1470248214.3109.82.camel@redhat.com>

On Wed, 2016-08-03 at 13:03 -0500, Brad Cesarone wrote:
> Does it just need the objectclass? Does it care if there are any
> values assigned to the attributes underneath the posixaccount object
> class?

The posixAccount, as per schema, requires:
- cn
- uid
- uidNumber
- gidNumber
- homeDirectory

Note also that your warranty is void if you start adding random objects
in the FreeIPA cn=accounts container :-)

Simo.

> 
> 
> 
> -----Martin Basti <mbasti at redhat.com> wrote: ----- 
> To: Brad Cesarone <Brad.Cesarone at raytheon.com>
> From: Martin Basti <mbasti at redhat.com>
> Date: 08/03/2016 01:01PM
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
> 
> 
> 
> 
> 
> 
> On 03.08.2016 19:58, Brad Cesarone wrote:
> 
> 
> Hi Martin
>  
> I've been playing with adding objectclasses to the non-posix user. I have so far added inetuser, ipaobject, ipasshuser. He started with top, person, organizationalPerson, inetOrgPerson and two custom classes. 
> 
> You need this 'posixaccount' according the source code of IPA 3.3.0
> 
> Martin
> 
>  
> Nothing came up in /var/log/dirsrv/slapd-*/access when running the search but in the /var/log/httpd/error_log there is the following entry:  user_find{u'<user_name>', whoami=False, all=False, raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS
>  
> The command outputted 
> ------------------
> 0 users matched
> -----------------
> ----------------------------
> Number of Entries Returned 0
> ----------------------------
>  
> Thanks
> -Brad
> 
> -----Martin Basti <mbasti at redhat.com> wrote: ----- 
> To: Brad Cesarone <Brad.Cesarone at raytheon.com>, freeipa-users at redhat.com
> From: Martin Basti <mbasti at redhat.com>
> Date: 08/03/2016 12:44PM
> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
> 
> 
> 
> 
> 
> 
> On 03.08.2016 18:38, Brad Cesarone wrote:
> 
> Hello All
>  
> I'm trying to figure out how the webUI populates the user page. I have a mix of posix users and non-posix users.
> The non-posix users were added using an LDIF and imported fine. I am able to view them using ipa user-show, ldapsearch, and if I navigate to them using the user details URL they show up. Groups are also able to find the non-posix users and verify membership. I am just unable to use ipa user-find or see them in the users page.
> 
> Hello, I'm afraid you may miss an objectclass in imported users.
> 
> Can you please run ipa user-find, and provide SRCH filter from /var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)
> 
> Then please provide all objectclasses that have a random imported user
> 
> regards
> Martin
> 
>  
> I apologize if this has already been answered, I tried google-fu and it didn't return anything useful.
> Using IPA 3.0 on Redhat 6.8
>  
> Thanks
> -Brad
> 
>  
> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project


-- 
Simo Sorce * Red Hat, Inc * New York



From mbasti at redhat.com  Wed Aug  3 18:17:06 2016
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 3 Aug 2016 20:17:06 +0200
Subject: [Freeipa-users] IPAv3.0 WebUI User Population
In-Reply-To: <OF4C4CC36A.E05C8640-ON86258004.0063352F-86258004.00633533@raytheon.com>
References: <dc0507ea-b41a-84f9-56e7-52448f65e1e2@redhat.com>
	<aa2ae9ae-0b9a-4dc5-7567-3b3ad38e918a@redhat.com>
	<OFCA3A7515.D973346F-ON86258004.005B7148-86258004.005B714F@raytheon.com>
	<OFE7DDDE6B.304E9D59-ON86258004.0062BF44-86258004.0062BF4B@raytheon.com>
	<OF4C4CC36A.E05C8640-ON86258004.0063352F-86258004.00633533@raytheon.com>
Message-ID: <e8912b26-24cc-34ce-e82c-838b4e2a11fd@redhat.com>



On 03.08.2016 20:03, Brad Cesarone wrote:
> Does it just need the objectclass? Does it care if there are any 
> values assigned to the attributes underneath the posixaccount object 
> class?
>
>
All must attributes are required.

objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP 
objectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ 
homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) 
X-ORIGIN 'RFC 2307' )

Martin

>
> -----Martin Basti <mbasti at redhat.com> wrote: -----
> To: Brad Cesarone <Brad.Cesarone at raytheon.com>
> From: Martin Basti <mbasti at redhat.com>
> Date: 08/03/2016 01:01PM
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
>
>
>
> On 03.08.2016 19:58, Brad Cesarone wrote:
>>
>> Hi Martin
>> I've been playing with adding objectclasses to the non-posix user. I 
>> have so far added inetuser, ipaobject, ipasshuser. He started with 
>> top, person, organizationalPerson, inetOrgPerson and two custom classes.
>
> You need this 'posixaccount' according the source code of IPA 3.3.0
>
> Martin
>> Nothing came up in /var/log/dirsrv/slapd-*/access when running the 
>> search but in the /var/log/httpd/error_log there is the 
>> following entry:  user_find{u'<user_name>', whoami=False, all=False, 
>> raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS
>> The command outputted
>> ------------------
>> 0 users matched
>> -----------------
>> ----------------------------
>> Number of Entries Returned 0
>> ----------------------------
>> Thanks
>> -Brad
>>
>> -----Martin Basti <mbasti at redhat.com> wrote: -----
>> To: Brad Cesarone <Brad.Cesarone at raytheon.com>, freeipa-users at redhat.com
>> From: Martin Basti <mbasti at redhat.com>
>> Date: 08/03/2016 12:44PM
>> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
>>
>>
>>
>> On 03.08.2016 18:38, Brad Cesarone wrote:
>>> Hello All
>>> I'm trying to figure out how the webUI populates the user page. I 
>>> have a mix of posix users and non-posix users.
>>> The non-posix users were added using an LDIF and imported fine. I am 
>>> able to view them using ipa user-show, ldapsearch, and if I navigate 
>>> to them using the user details URL they show up. Groups are also 
>>> able to find the non-posix users and verify membership. I am just 
>>> unable to use ipa user-find or see them in the users page.
>>
>> Hello, I'm afraid you may miss an objectclass in imported users.
>>
>> Can you please run ipa user-find, and provide SRCH filter from 
>> /var/log/dirsrv/slapd-*/access (I hope this is the right path on RHEL6.8)
>>
>> Then please provide all objectclasses that have a random imported user
>>
>> regards
>> Martin
>>> I apologize if this has already been answered, I tried google-fu and 
>>> it didn't return anything useful.
>>> Using IPA 3.0 on Redhat 6.8
>>> Thanks
>>> -Brad
>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/06e14746/attachment.htm>

From freeipa at jacobdevans.com  Wed Aug  3 18:14:43 2016
From: freeipa at jacobdevans.com (Jake)
Date: Wed, 3 Aug 2016 14:14:43 -0400 (EDT)
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
Message-ID: <321512465.8453.1470248083218@vegas.jacobdevans.com>

Hello All, 
I'm new to FreeIPA and am having some issues with my endpoints. 

First attempts to login as username at legacy.example.org always fail with: 
Logs on client: 
sshd[3771]: Invalid user username at legacy.example.org from 192.168.1.123 
sshd[3771]: input_userauth_request: invalid user username at legacy.example.org [preauth] 

[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username] 
[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) 
[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=NOUSER] 
[sssd[be[ipa.example.com]]] [sysdb_get_real_name] (0x0040): sysdb_search_object_by_uuid did not return a single result. 
[sssd[be[ipa.example.com]]] [groups_by_user_done] (0x0040): Failed to canonicalize name, using [NOUSER]. 
[sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed 
[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765] 
[sssd[be[ipa.example.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users 
[sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed 
[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765] 
[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) 
[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765] 
[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) 
[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765] 
[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success) 

running the command 'getent password username at legacy.example.org' on the ipa server works fine 

Logs from server: 
[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username] 
[sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0080): Sudomain lookup failed, will try to reset sudomain.. 
[sssd[be[ipa.example.com]]] [child_sig_handler] (0x0100): child [26269] finished successfully. 
[sssd[be[ipa.example.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'legacy.example.org' as 'neutral' 
[sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'neutral' 
[sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [1432158262]: Subdomain is inactive. 
[sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 1432158262 
[sssd[be[ipa.example.com]]] [ipa_account_info_error_text] (0x0020): Bug: dp_error is OK on failed request 
[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158262,Account info lookup failed 


Stuff: 
(4) IPA Masters at ipa.example.com 
(4) root domain controllers in example.com 
(4) child domain controllers in new.example.com 
(4) second domain in legacy.example.org 

There is a (1) way trust between ipa.example.com and example.com (forest trust) 
There is a (1) way trust between ipa.example.com and legacy.example.org (forest with single domain) 
There is a (2) way trust between example.com and legacy.example.org (forest transitive trust) 

Users are in legacy.example.org and new.example.com 
User Computers are in new .example.com 
Linux Servers are in ipa.example.com as hostname linux.example.com 

Gist for kbr5.conf https://gist.github.com/JakeDEvans/8e787bc5751d3d0e8f3b18943d63f00b 
Gist for sssd.conf https://gist.github.com/JakeDEvans/ed34098b96b6e061095da85e1db58d70 

all other configs unmodified. 

Also, is it normal that the login is very slow? 

Thanks All, 
-Jake 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/0fa8e130/attachment.htm>

From David.Alston at sabre.com  Wed Aug  3 18:24:30 2016
From: David.Alston at sabre.com (Alston, David)
Date: Wed, 3 Aug 2016 13:24:30 -0500
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
Message-ID: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>

Greetings!

     Everyone seems to say that you can't have a domain trust across two Kerberos realms (FreeIPA and Active Directory) if the hosts share the same DNS domain.

     Hadoop seems to do this just fine, though.  I'm in the process of helping someone setup a trust between the Kerberos realms HADOOP.COMPANY.COM  and  COMPANY.COM and all of the servers use the company.com DNS domain. (see http://www.cloudera.com/documentation/archive/cdh/4-x/4-5-0/CDH4-Security-Guide/cdh4sg_topic_15.html)

     This seems to be standard practice for setting up hadoop clusters.  Why wouldn't setting up a one-way trust so that FREEIPA.COMPANY.COM trusts COMPANY.COM (with all involved servers having the "company.com" DNS domain)?  As I understand it, the Kerberos realm FreeIPA uses can be specified during the initial setup and it doesn't have to match the domain.

--David Alston
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/4045ef9d/attachment.htm>

From ianh at brownpapertickets.com  Wed Aug  3 18:25:15 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Wed, 3 Aug 2016 11:25:15 -0700
Subject: [Freeipa-users] Third Party Certificate
In-Reply-To: <585582c7-9d21-20f5-9b40-60c7ff2d295b@redhat.com>
References: <39b3a0f8-8e15-f99e-3735-263555ba892e@brownpapertickets.com>
	<585582c7-9d21-20f5-9b40-60c7ff2d295b@redhat.com>
Message-ID: <2acb92ec-4386-5723-aecf-0b4bcce453d5@brownpapertickets.com>



On 08/02/2016 08:19 AM, Florence Blanc-Renaud wrote:
> On 08/02/2016 03:17 PM, Ian Harding wrote:
>> Hello!
>>
>> I have been using FreeIPA for a while in our network with 6 replicas and
>> it's been working great.  I seem to have made a wee mistake though and
>> I'd appreciate some help.
>>
>> I did this:
>>
>> https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>>
>> on one server because I had a new cert for our internal domain and I
>> thought it might be nice to use the same cert for all our internal web
>> services.
>>
>> It worked fine but now when I'm on that server I get
>> SEC_ERROR_UNTRUSTED_ISSUER when I run ipa commands.  Is there any way I
>> can roll this back, or make it work as is?
>>
>> Thanks!
>>
>> -Ian
>>
> Hi Ian,
> 
> if the certificate that you installed was issued by a CA not known by
> IPA (let's call him the issuer), then you need to add this issuer cert
> first using:
> ipa-cacert-manage install <issuer certificate file> -n nickname -t C,,
> kinit admin
> ipa-certupdate
> 
> You can check that the issuer cert is properly installed in
> /etc/httpd/alias and /etc/ipa/nssdb with:
> certutil -L -d /etc/httpd/alias
> certutil -L -d /etc/ipa/nssdb
> where it should appear with C,, flags
> 
> Hope this helps,
> Flo.
> 

I seem to have created a problem here.

First some background.

freeipa-sea.bpt.rocks suffered ldap database corruption on a messy
reboot.  I tried to delete it from the freeipa ecosystem but did a poor
job, then rebuilt it with the same name and IP address.

Replication issues ensued.

I chose this inopportune time to install the ssl certificate as
described above.

I have spent today deleting old replication agreements and
reestablishing them which seems to have worked on most of the replicas.

However I see this now on most of them

[root at bpt-nyc1-nfs ianh]# ipa-csreplica-manage list
Directory Manager password:

seattlenfs.bpt.rocks: master
bpt-nyc1-nfs.bpt.rocks: master
freeipa-sea.bpt.rocks: CA not configured
bellevuenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: master
edinburghnfs.bpt.rocks: master
fremontnis.bpt.rocks: master

Is this related to the original deletion or the subsequent addition of
the certificate?   I installed the replicas with their own CA.

I have added the certificate root to the replicas as mentioned above.

Thanks!



From simo at redhat.com  Wed Aug  3 18:28:15 2016
From: simo at redhat.com (Simo Sorce)
Date: Wed, 03 Aug 2016 14:28:15 -0400
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
Message-ID: <1470248895.3109.87.camel@redhat.com>

On Wed, 2016-08-03 at 13:24 -0500, Alston, David wrote:
> Greetings!
> 
>      Everyone seems to say that you can't have a domain trust across two Kerberos realms (FreeIPA and Active Directory) if the hosts share the same DNS domain.
> 
>      Hadoop seems to do this just fine, though.  I'm in the process of helping someone setup a trust between the Kerberos realms HADOOP.COMPANY.COM  and  COMPANY.COM and all of the servers use the company.com DNS domain. (see http://www.cloudera.com/documentation/archive/cdh/4-x/4-5-0/CDH4-Security-Guide/cdh4sg_topic_15.html)
> 
>      This seems to be standard practice for setting up hadoop clusters.  Why wouldn't setting up a one-way trust so that FREEIPA.COMPANY.COM trusts COMPANY.COM (with all involved servers having the "company.com" DNS domain)?  As I understand it, the Kerberos realm FreeIPA uses can be specified during the initial setup and it doesn't have to match the domain.
> 
> --David Alston
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

You can have a Realm named COMPANY.COM (AD) and a Realm named
FREEIPA.COMPANY.COM (IPA), as long as the AD Servers never had computer
objects or subdomains in the DNS domain freeipa.company.com in it.

If that's the case you can create a 1 way or 2 way trust between the 2
forests without issues.

Simo.
 
-- 
Simo Sorce * Red Hat, Inc * New York



From David.Alston at sabre.com  Wed Aug  3 18:52:13 2016
From: David.Alston at sabre.com (Alston, David)
Date: Wed, 3 Aug 2016 13:52:13 -0500
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <1470248895.3109.87.camel@redhat.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
	<1470248895.3109.87.camel@redhat.com>
Message-ID: <2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>

Greetings!

     That sounds like great news!   Just to make sure I understand correctly..

1. Any server managed by FreeIPA must NEVER have had a computer object associated with them in AD?  (even if it has now been deleted)
2. Active Directory must never know anything about a DNS domain freeipa.company.com (I'm not sure why)
3. My linux servers being managed by FreeIPA can still have the DNS domain company.com (instead of servername.freeipa.company.com)
4. Single Signon to the Linux servers using AD credentials will still work
5. (BONUS) I could even let AD trust user accounts created in FreeIPA?

--David Alston

-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com] 
Sent: Wednesday, August 03, 2016 1:28 PM
To: Alston, David
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain

On Wed, 2016-08-03 at 13:24 -0500, Alston, David wrote:
> Greetings!
> 
>      Everyone seems to say that you can't have a domain trust across two Kerberos realms (FreeIPA and Active Directory) if the hosts share the same DNS domain.
> 
>      Hadoop seems to do this just fine, though.  I'm in the process of 
> helping someone setup a trust between the Kerberos realms 
> HADOOP.COMPANY.COM  and  COMPANY.COM and all of the servers use the 
> company.com DNS domain. (see 
> http://www.cloudera.com/documentation/archive/cdh/4-x/4-5-0/CDH4-Secur
> ity-Guide/cdh4sg_topic_15.html)
> 
>      This seems to be standard practice for setting up hadoop clusters.  Why wouldn't setting up a one-way trust so that FREEIPA.COMPANY.COM trusts COMPANY.COM (with all involved servers having the "company.com" DNS domain)?  As I understand it, the Kerberos realm FreeIPA uses can be specified during the initial setup and it doesn't have to match the domain.
> 
> --David Alston
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

You can have a Realm named COMPANY.COM (AD) and a Realm named FREEIPA.COMPANY.COM (IPA), as long as the AD Servers never had computer objects or subdomains in the DNS domain freeipa.company.com in it.

If that's the case you can create a 1 way or 2 way trust between the 2 forests without issues.

Simo.
 
--
Simo Sorce * Red Hat, Inc * New York




From simo at redhat.com  Wed Aug  3 19:13:17 2016
From: simo at redhat.com (Simo Sorce)
Date: Wed, 03 Aug 2016 15:13:17 -0400
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
	<1470248895.3109.87.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>
Message-ID: <1470251597.3109.94.camel@redhat.com>

On Wed, 2016-08-03 at 13:52 -0500, Alston, David wrote:
> Greetings!
> 
>      That sounds like great news!   Just to make sure I understand correctly..
> 
> 1. Any server managed by FreeIPA must NEVER have had a computer object associated with them in AD?  (even if it has now been deleted)
No, what a random server does or has done is irrelevant in this sense,
but see later, for caveats.

> 2. Active Directory must never know anything about a DNS domain freeipa.company.com (I'm not sure why)
Correct because if that happened then AD considers the whole subdomain
as part of its realm and trust routing will not work.

> 3. My linux servers being managed by FreeIPA can still have the DNS domain company.com (instead of servername.freeipa.company.com)
Although the strict answer is yes, if you put a linux server joined to
freeIPA in the AD DNS Domain then Single Sign On from Windows users will
not work, as AD will consider all request for tickets to those servers
as requests for itself and will never return referrals to the freeIPA
KDCs for those TGS requests, so clients will not be able to get tickets
for those servers. 

> 4. Single Signon to the Linux servers using AD credentials will still work

No, see above.

> 5. (BONUS) I could even let AD trust user accounts created in FreeIPA?

Not clear what you mean here. If you mean that IPA user accounts can
operate in the Windows domain, the answer is technicaly yes, although
because we do not expose (yet) a Global Catalog to the Windows AD
servers, it will be hard to set ACLs on the Windows side to actually
authorize freeIPA users to login to AD managed computers (it can
probably be done via CLI, but not through AD administrative UIs).
We plan to fix this in the near future by providing a GC service.


HTH,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



From jhrozek at redhat.com  Wed Aug  3 19:51:26 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Wed, 3 Aug 2016 21:51:26 +0200
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
In-Reply-To: <321512465.8453.1470248083218@vegas.jacobdevans.com>
References: <321512465.8453.1470248083218@vegas.jacobdevans.com>
Message-ID: <B1F8827B-351A-4E58-8878-C617EA236D23@redhat.com>


> On 3 Aug 2016, at 20:14, Jake <freeipa at jacobdevans.com> wrote:
> 
> Hello All,
> I'm new to FreeIPA and am having some issues with my endpoints.
> 
> First attempts to login as username at legacy.example.org always fail with:
> Logs on client:
> sshd[3771]: Invalid user username at legacy.example.org from 192.168.1.123
> sshd[3771]: input_userauth_request: invalid user username at legacy.example.org [preauth]
> 
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=NOUSER]
> [sssd[be[ipa.example.com]]] [sysdb_get_real_name] (0x0040): sysdb_search_object_by_uuid did not return a single result.
> [sssd[be[ipa.example.com]]] [groups_by_user_done] (0x0040): Failed to canonicalize name, using [NOUSER].
> [sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
> [sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.

OK, here looking up an ID failed. It would be interesting to see what happened with this lookup on the server. Normally I try to truncate the logs on both the server and the client, then run:
date; id $username; date
that allows to correlate logs from the server and the client and better pinpoint what fails..

> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> 
> running the command 'getent password username at legacy.example.org' on the ipa server works fine
> 
> Logs from server:
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
> [sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0080): Sudomain lookup failed, will try to reset sudomain..

This log line doesn't look so successful :-) but as long as the server returns 'something' from the cache, the client should grab it

> [sssd[be[ipa.example.com]]] [child_sig_handler] (0x0100): child [26269] finished successfully.
> [sssd[be[ipa.example.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'legacy.example.org' as 'neutral'
> [sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'neutral'
> [sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [1432158262]: Subdomain is inactive.
> [sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 1432158262
> [sssd[be[ipa.example.com]]] [ipa_account_info_error_text] (0x0020): Bug: dp_error is OK on failed request
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158262,Account info lookup failed
> 
> 
> Stuff:
> (4) IPA Masters at ipa.example.com
> (4) root domain controllers in example.com
> (4) child domain controllers in new.example.com
> (4) second domain in legacy.example.org
> 
> There is a (1) way trust between ipa.example.com and example.com (forest trust)

Are all the replicas either trust masters or was ipa-adtrust-install ran on all of them?

> There is a (1) way trust between ipa.example.com and legacy.example.org (forest with single domain)
> There is a (2) way trust between example.com and legacy.example.org (forest transitive trust)
> 
> Users are in legacy.example.org and new.example.com
> User Computers are in new.example.com
> Linux Servers are in ipa.example.com as hostname linux.example.com
> 
> Gist for kbr5.conf https://gist.github.com/JakeDEvans/8e787bc5751d3d0e8f3b18943d63f00b 
> Gist for sssd.conf https://gist.github.com/JakeDEvans/ed34098b96b6e061095da85e1db58d70
> 
> all other configs unmodified.
> 
> Also, is it normal that the login is very slow?

If there is a lot of large groups the login can be very slow. We summarized the known workarounds here:
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
and improved the performance quite a bit in rhel-7.3

> 
> Thanks All,
> -Jake
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From David.Alston at sabre.com  Wed Aug  3 20:22:28 2016
From: David.Alston at sabre.com (Alston, David)
Date: Wed, 3 Aug 2016 15:22:28 -0500
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <1470251597.3109.94.camel@redhat.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
	<1470248895.3109.87.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>
	<1470251597.3109.94.camel@redhat.com>
Message-ID: <2ACC1CF6D843104C9F5EA130AD3159B531C45508B4@SGTULMMP001.Global.ad.sabre.com>

Greetings!

>> 2. Active Directory must never know anything about a DNS domain 
>> freeipa.company.com (I'm not sure why)
> Correct because if that happened then AD considers the whole subdomain as part of its realm and trust routing will not work.

Doesn't that mean that we have to have the FreeIPA servers on their own DNS domain again?  So we can't have linux-server.company.com and windows-server.company.com (managed by FreeIPA and AD respectively) because there has to be a SOA for .company.com somewhere and that is already managed by AD (in our environment).

     Also, thanks for your other answers.  They were very helpful :^)

--David Alston


-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com] 
Sent: Wednesday, August 03, 2016 2:13 PM
To: Alston, David
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain

On Wed, 2016-08-03 at 13:52 -0500, Alston, David wrote:
> Greetings!
> 
>      That sounds like great news!   Just to make sure I understand correctly..
> 
> 1. Any server managed by FreeIPA must NEVER have had a computer object 
> associated with them in AD?  (even if it has now been deleted)
No, what a random server does or has done is irrelevant in this sense, but see later, for caveats.

> 2. Active Directory must never know anything about a DNS domain 
> freeipa.company.com (I'm not sure why)
Correct because if that happened then AD considers the whole subdomain as part of its realm and trust routing will not work.

> 3. My linux servers being managed by FreeIPA can still have the DNS 
> domain company.com (instead of servername.freeipa.company.com)
Although the strict answer is yes, if you put a linux server joined to freeIPA in the AD DNS Domain then Single Sign On from Windows users will not work, as AD will consider all request for tickets to those servers as requests for itself and will never return referrals to the freeIPA KDCs for those TGS requests, so clients will not be able to get tickets for those servers. 

> 4. Single Signon to the Linux servers using AD credentials will still 
> work

No, see above.

> 5. (BONUS) I could even let AD trust user accounts created in FreeIPA?

Not clear what you mean here. If you mean that IPA user accounts can operate in the Windows domain, the answer is technicaly yes, although because we do not expose (yet) a Global Catalog to the Windows AD servers, it will be hard to set ACLs on the Windows side to actually authorize freeIPA users to login to AD managed computers (it can probably be done via CLI, but not through AD administrative UIs).
We plan to fix this in the near future by providing a GC service.


HTH,
Simo.

--
Simo Sorce * Red Hat, Inc * New York




From freeipa at jacobdevans.com  Thu Aug  4 00:38:00 2016
From: freeipa at jacobdevans.com (Jake)
Date: Wed, 3 Aug 2016 20:38:00 -0400 (EDT)
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
In-Reply-To: <B1F8827B-351A-4E58-8878-C617EA236D23@redhat.com>
References: <321512465.8453.1470248083218@vegas.jacobdevans.com>
	<B1F8827B-351A-4E58-8878-C617EA236D23@redhat.com>
Message-ID: <1110639453.8681.1470271080019@vegas.jacobdevans.com>

Thanks Jakub,
turns out 'getent password username at legacy.example.org' only works on 1 of the 4 ipa servers (the one I created the domain trust with).

I re-ran ipa-adtrust-install on them and no change, is there a similar post I can follow to correct these & retrace my steps or does the trust need configured on each.

Thank You,
-Jake

----- Original Message -----
From: "Jakub Hrozek" <jhrozek at redhat.com>
To: "Jake" <freeipa at jacobdevans.com>
Cc: freeipa-users at redhat.com
Sent: Wednesday, August 3, 2016 3:51:26 PM
Subject: Re: [Freeipa-users] Login Troubles with Centos7 and external users (4.2.0-15.0.1.el7.centos.17)

> On 3 Aug 2016, at 20:14, Jake <freeipa at jacobdevans.com> wrote:
> 
> Hello All,
> I'm new to FreeIPA and am having some issues with my endpoints.
> 
> First attempts to login as username at legacy.example.org always fail with:
> Logs on client:
> sshd[3771]: Invalid user username at legacy.example.org from 192.168.1.123
> sshd[3771]: input_userauth_request: invalid user username at legacy.example.org [preauth]
> 
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=NOUSER]
> [sssd[be[ipa.example.com]]] [sysdb_get_real_name] (0x0040): sysdb_search_object_by_uuid did not return a single result.
> [sssd[be[ipa.example.com]]] [groups_by_user_done] (0x0040): Failed to canonicalize name, using [NOUSER].
> [sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
> [sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
> [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
> [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.

OK, here looking up an ID failed. It would be interesting to see what happened with this lookup on the server. Normally I try to truncate the logs on both the server and the client, then run:
date; id $username; date
that allows to correlate logs from the server and the client and better pinpoint what fails..

> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
> 
> running the command 'getent password username at legacy.example.org' on the ipa server works fine
> 
> Logs from server:
> [sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
> [sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0080): Sudomain lookup failed, will try to reset sudomain..

This log line doesn't look so successful :-) but as long as the server returns 'something' from the cache, the client should grab it

> [sssd[be[ipa.example.com]]] [child_sig_handler] (0x0100): child [26269] finished successfully.
> [sssd[be[ipa.example.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'legacy.example.org' as 'neutral'
> [sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'neutral'
> [sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [1432158262]: Subdomain is inactive.
> [sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 1432158262
> [sssd[be[ipa.example.com]]] [ipa_account_info_error_text] (0x0020): Bug: dp_error is OK on failed request
> [sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158262,Account info lookup failed
> 
> 
> Stuff:
> (4) IPA Masters at ipa.example.com
> (4) root domain controllers in example.com
> (4) child domain controllers in new.example.com
> (4) second domain in legacy.example.org
> 
> There is a (1) way trust between ipa.example.com and example.com (forest trust)

Are all the replicas either trust masters or was ipa-adtrust-install ran on all of them?

> There is a (1) way trust between ipa.example.com and legacy.example.org (forest with single domain)
> There is a (2) way trust between example.com and legacy.example.org (forest transitive trust)
> 
> Users are in legacy.example.org and new.example.com
> User Computers are in new.example.com
> Linux Servers are in ipa.example.com as hostname linux.example.com
> 
> Gist for kbr5.conf https://gist.github.com/JakeDEvans/8e787bc5751d3d0e8f3b18943d63f00b 
> Gist for sssd.conf https://gist.github.com/JakeDEvans/ed34098b96b6e061095da85e1db58d70
> 
> all other configs unmodified.
> 
> Also, is it normal that the login is very slow?

If there is a lot of large groups the login can be very slow. We summarized the known workarounds here:
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
and improved the performance quite a bit in rhel-7.3

> 
> Thanks All,
> -Jake
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From abokovoy at redhat.com  Thu Aug  4 05:46:51 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 4 Aug 2016 08:46:51 +0300
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
In-Reply-To: <321512465.8453.1470248083218@vegas.jacobdevans.com>
References: <321512465.8453.1470248083218@vegas.jacobdevans.com>
Message-ID: <20160804054546.p7lx32ywe5kel6ny@redhat.com>

On Wed, 03 Aug 2016, Jake wrote:
>Hello All,
>I'm new to FreeIPA and am having some issues with my endpoints.
>
>First attempts to login as username at legacy.example.org always fail with:
>Logs on client:
>sshd[3771]: Invalid user username at legacy.example.org from 192.168.1.123
>sshd[3771]: input_userauth_request: invalid user username at legacy.example.org [preauth]
>
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=NOUSER]
>[sssd[be[ipa.example.com]]] [sysdb_get_real_name] (0x0040): sysdb_search_object_by_uuid did not return a single result.
>[sssd[be[ipa.example.com]]] [groups_by_user_done] (0x0040): Failed to canonicalize name, using [NOUSER].
>[sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
>[sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>
>running the command 'getent password username at legacy.example.org' on the ipa server works fine
>
>Logs from server:
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
>[sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0080): Sudomain lookup failed, will try to reset sudomain..
>[sssd[be[ipa.example.com]]] [child_sig_handler] (0x0100): child [26269] finished successfully.
>[sssd[be[ipa.example.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'legacy.example.org' as 'neutral'
>[sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'neutral'
>[sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [1432158262]: Subdomain is inactive.
>[sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 1432158262
>[sssd[be[ipa.example.com]]] [ipa_account_info_error_text] (0x0020): Bug: dp_error is OK on failed request
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158262,Account info lookup failed
>
>
>Stuff:
>(4) IPA Masters at ipa.example.com
>(4) root domain controllers in example.com
>(4) child domain controllers in new.example.com
>(4) second domain in legacy.example.org
>
>There is a (1) way trust between ipa.example.com and example.com (forest trust)
>There is a (1) way trust between ipa.example.com and legacy.example.org (forest with single domain)
>There is a (2) way trust between example.com and legacy.example.org (forest transitive trust)
Was the trust between example.com and legacy.example.org established
before establishing trust between IPA and any of those forest roots?

Can you check in the trust properties on AD side for both forest roots,
what is the state of name suffix routing to IPA domain? It should be
enabled for both.

If not, you need to solve conflicts.

There is a documentation reference on Microsoft side how to add
exclusion entries for name routing suffixes. This is the detailed
instruction:
https://msdn.microsoft.com/it-it/library/cc786254%28v=ws.10%29.aspx

For configuration where:
  - AD example.com trusts IPA at ipa.example.com
  - AD example.org trusts AD example.com
  - a trust is tried to be established between ipa.example.com and
    example.org and a conflict is generated in example.org for
    example.com namespace.

A sequence might be like a following one:
   1. Establish trust between example.com and ipa.example.com
   2. Establish trust between example.com and example.org
   3. Now, as Administrator in example.org, do what
https://msdn.microsoft.com/it-it/library/cc786254%28v=ws.10%29.aspx
describes for the trust 'example.com' and add exclusion entry for
ipa.example.com
   4. Establish trust between ipa.example.com and example.org

It is important to add the exclusion entry before step 4 or there will
be conflict recorded which cannot be cleared easily right now due to a
combination of bugs in both IPA and Active Directory.


>
>Users are in legacy.example.org and new.example.com
>User Computers are in new .example.com
>Linux Servers are in ipa.example.com as hostname linux.example.com
>
>Gist for kbr5.conf https://gist.github.com/JakeDEvans/8e787bc5751d3d0e8f3b18943d63f00b
>Gist for sssd.conf https://gist.github.com/JakeDEvans/ed34098b96b6e061095da85e1db58d70
>
>all other configs unmodified.
>
>Also, is it normal that the login is very slow?
>
>Thanks All,
>-Jake
>
>

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy



From pspacek at redhat.com  Thu Aug  4 07:43:01 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Thu, 4 Aug 2016 09:43:01 +0200
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <2ACC1CF6D843104C9F5EA130AD3159B531C45508B4@SGTULMMP001.Global.ad.sabre.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
	<1470248895.3109.87.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>
	<1470251597.3109.94.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C45508B4@SGTULMMP001.Global.ad.sabre.com>
Message-ID: <57cee457-2d54-4e93-e642-3bdccab1cfa4@redhat.com>

On 3.8.2016 22:22, Alston, David wrote:
> Greetings!
> 
>>> 2. Active Directory must never know anything about a DNS domain 
>>> freeipa.company.com (I'm not sure why)
>> Correct because if that happened then AD considers the whole subdomain as part of its realm and trust routing will not work.
> 
> Doesn't that mean that we have to have the FreeIPA servers on their own DNS domain again?  So we can't have linux-server.company.com and windows-server.company.com (managed by FreeIPA and AD respectively) because there has to be a SOA for .company.com somewhere and that is already managed by AD (in our environment).

The problem is not at DNS level but at Kerberos level. Anyway, this is in
depth described on
http://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/

I hope it helps.
Petr^2 Spacek

> 
> --David Alston
> 
> 
> -----Original Message-----
> From: Simo Sorce [mailto:simo at redhat.com] 
> Sent: Wednesday, August 03, 2016 2:13 PM
> To: Alston, David
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
> 
> On Wed, 2016-08-03 at 13:52 -0500, Alston, David wrote:
>> Greetings!
>>
>>      That sounds like great news!   Just to make sure I understand correctly..
>>
>> 1. Any server managed by FreeIPA must NEVER have had a computer object 
>> associated with them in AD?  (even if it has now been deleted)
> No, what a random server does or has done is irrelevant in this sense, but see later, for caveats.
> 
>> 2. Active Directory must never know anything about a DNS domain 
>> freeipa.company.com (I'm not sure why)
> Correct because if that happened then AD considers the whole subdomain as part of its realm and trust routing will not work.
> 
>> 3. My linux servers being managed by FreeIPA can still have the DNS 
>> domain company.com (instead of servername.freeipa.company.com)
> Although the strict answer is yes, if you put a linux server joined to freeIPA in the AD DNS Domain then Single Sign On from Windows users will not work, as AD will consider all request for tickets to those servers as requests for itself and will never return referrals to the freeIPA KDCs for those TGS requests, so clients will not be able to get tickets for those servers. 
> 
>> 4. Single Signon to the Linux servers using AD credentials will still 
>> work
> 
> No, see above.
> 
>> 5. (BONUS) I could even let AD trust user accounts created in FreeIPA?
> 
> Not clear what you mean here. If you mean that IPA user accounts can operate in the Windows domain, the answer is technicaly yes, although because we do not expose (yet) a Global Catalog to the Windows AD servers, it will be hard to set ACLs on the Windows side to actually authorize freeIPA users to login to AD managed computers (it can probably be done via CLI, but not through AD administrative UIs).
> We plan to fix this in the near future by providing a GC service.
> 
> 
> HTH,
> Simo.
> 
> --
> Simo Sorce * Red Hat, Inc * New York
> 
> 


-- 
Petr^2 Spacek



From jhrozek at redhat.com  Thu Aug  4 07:48:14 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 4 Aug 2016 09:48:14 +0200
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
In-Reply-To: <1110639453.8681.1470271080019@vegas.jacobdevans.com>
References: <321512465.8453.1470248083218@vegas.jacobdevans.com>
	<B1F8827B-351A-4E58-8878-C617EA236D23@redhat.com>
	<1110639453.8681.1470271080019@vegas.jacobdevans.com>
Message-ID: <20160804074814.GO14692@hendrix>

On Wed, Aug 03, 2016 at 08:38:00PM -0400, Jake wrote:
> Thanks Jakub,
> turns out 'getent password username at legacy.example.org' only works on 1 of the 4 ipa servers (the one I created the domain trust with).

OK, then we need to first fix all the servers before proceeding to the
clients.

> 
> I re-ran ipa-adtrust-install on them and no change, is there a similar post I can follow to correct these & retrace my steps or does the trust need configured on each.

For IPA:
    http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
For SSSD:
    https://fedorahosted.org/sssd/wiki/Troubleshooting

I would personally start with looking into the SSSD logs on the server
that is misbehaving.



From flo at redhat.com  Thu Aug  4 08:03:11 2016
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Thu, 4 Aug 2016 10:03:11 +0200
Subject: [Freeipa-users] ipa-server-install --external-cert-file and
 exporting dogtag certificates
In-Reply-To: <CACHJYOtQM=SufebM8ijg=7h-PKEOgEd=P6SL-j+cNZthQrwMXQ@mail.gmail.com>
References: <CACHJYOsefMx2bmWFSsPT_nFNX9o8+EFUaz1sqc4Xq11y2NrgOg@mail.gmail.com>
	<4cc4b68d-9bea-99d2-1264-e49c35c80f04@redhat.com>
	<CACHJYOvSGaSr+9-CkFE4SQky36OwVjUJWgxzd+Uqgyn4XTH0Rg@mail.gmail.com>
	<21d2339e-a07b-4754-0706-0e022d2c30e8@redhat.com>
	<CACHJYOtQM=SufebM8ijg=7h-PKEOgEd=P6SL-j+cNZthQrwMXQ@mail.gmail.com>
Message-ID: <4a74533f-4912-e5bd-0e20-2edeffc26393@redhat.com>

On 08/03/2016 07:54 PM, Richard Harmonson wrote:
> On Wed, Aug 3, 2016 at 12:49 AM, Florence Blanc-Renaud <flo at redhat.com
> <mailto:flo at redhat.com>> wrote:
>
>     On 08/02/2016 04:52 AM, Richard Harmonson wrote:
>
>         On Mon, Aug 1, 2016 at 10:15 AM, Petr Vobornik
>         <pvoborni at redhat.com <mailto:pvoborni at redhat.com>
>         <mailto:pvoborni at redhat.com <mailto:pvoborni at redhat.com>>> wrote:
>
>             On 07/31/2016 07:45 AM, Richard Harmonson wrote:
>             > I having challenges resuming ipa-server-install
>         --external-ca. I
>             am reasonably
>             > confident I am not providing the right certificate and/or
>         format
>             from my
>             > off-line root CA using 389 and Dogtag.
>             >
>             > Does anyone have instructions on how to accomplish the task of
>             exporting the
>             > correct certificates in the expected format?
>             >
>             > Thank you.
>             >
>
>             The IPA procedure with prerequisites is described at
>
>         https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-server-external-ca
>
>             Or are you rather asking for specific PKI instructions?
>
>             e.g.
>             *
>
>         http://pki.fedoraproject.org/wiki/PKI_Certificate_CLI#Submitting_a_Certificate_Request
>
>             *
>
>         http://pki.fedoraproject.org/wiki/CA_Certificate_Profiles#caCACert:_Manual_Certificate_Manager_Signing_Certificate_Enrollment
>             --
>             Petr Vobornik
>
>
>         I read the suggested document, previously, but its an excellent
>         shared
>         reference for this discussion.
>
>         I have successfully submitted and approved the csr. Dogtag
>         provides a
>         web UI which provides a Base 64 encoded certificate or Base 64
>         encoded
>         certificate with CA certificate chain in pkcs7 format.
>
>         For the servercert2010601.pem (the signed CSR request signing CA
>         certificate 0x9) referenced in the article, do I  copy and paste
>         (-----BEGIN .. END-----) the base 64 (not pkcs7) to a file using
>         *.pem
>         then submit using one of the two --external-cert-file?
>
>         For the cacert.pem (the Root CA signing certificate 0x1)
>         referenced in
>         the article, do I copy and paste the base 64 with ca in pkcs7
>         format to
>         a file using *.pkcs7 (or pem or does it matter?) then submit
>         using the
>         second --external-cert-file?
>
>         Your guidance is much appreciated.
>
>
>     Hi Richard,
>
>     I tested the following steps to install FreeIPA with a certificate
>     signed by an external Dogtag instance:
>
>     1- IPA installation on host ipaserver with:
>     ipaserver$ ipa-server-install [options] --external-ca
>
>     This step produces the Certificate Signing Request /root/ipa.csr
>     that must be provided to the Dogtag server.
>
>     2- On the Dogtag machine, configure Dogtag client authentication (to
>     be able to use the command-line):
>
>     dogtagsrv$ pki -c password client-init
>
>     This step creates a NSSDB in ~/.dogtag/nssdb where the certificates
>     for client->dogtag server authentication will be stored.
>
>     dogtagsrv$ pk12util -i /root/.dogtag/pki-tomcat/ca_admin_cert.p12 -d
>     /root/.dogtag/nssdb/
>
>     This step imports the caadmin certificate that was created during
>     Dogtag installation into the client NSSDB. The client will be able
>     to authenticate as "caadmin" when using Dogtag CLI. Please note the
>     certicate nickname that can be found using
>
>     dogtagsrv$ certutil -L -d ~/.dogtag/nssdb/
>     [...]
>     PKI Administrator for <security domain>         u,u,u
>
>     3- On the Dogtag machine, submit the CSR and approve:
>     dogtagsrv$ pki ca-cert-request-submit --profile caCACert
>     --request-type pkcs10 --csr-file  /path/to/ipa.csr
>
>     This step submits the csr to Dogtag, using the caCACert profile in
>     order to produce a Certificate that can be used for a Certificate
>     Authority. Note the Request ID in the output as it will be used in
>     the next command to approve the CSR and produce the cert:
>
>     dogtagsrv$ pki -c password -d ~/.dogtag/nssdb/ -n "PKI Administrator
>     for <security domain>"  cert-request-review <id> --action approve
>
>     4- On the Dogtag machine, export the certificate and the dogtag CA cert:
>
>     dogtagsrv$ pki -c password -d ~/.dogtag/nssdb/ -n "PKI Administrator
>     for <security domain>"  cert-show 7 --encoded --output  ipa.cert
>     dogtagsrv$ pki ca-cert-show 1 --encoded --output dogtagca.cert
>
>     5- Resume ipa server installation with
>
>     ipaserver$ ipa-server-install --external-cert-file=ipa.cert
>     --external-cert-file=dogtagca.cert
>
>     With those steps, I was able to install FreeIPA server with a
>     3rd-party signed Certificate Authority. Please let me known if you
>     have issues with those instructions,
>
>     Flo.
>
>
> Awesome!
>
> Flo, your instructions were perfect! I exported the certs and during the
> ipa-server-install I see the certs being displayed on the screen then
> "Process finished, return code=0, so they are accepted on resuming the
> installation. The install fails with a LDAP error but I believe it to be
> unrelated to the exported certs. May be a result of my earlier thrashing?
>
> I will recover from a snapshot and begin again. If problems persist, I
> will send another request for help for it is probably unrelated to the
> certificates.
>
> You got me one step closer. Thank you!
>
> Debug shows:
>
> # pa-server-install --external-cert-file=ipa.cert
> --external-cert-file=dogtagca.cert
> ..
> ipa         : DEBUG    Starting external process
> ipa         : DEBUG    args=/usr/sbin/pkispawn -s CA -f /tmp/tmpDVXaWo
> ipa         : DEBUG    Process finished, *return code=1*
> ipa         : DEBUG    stdout=Log file:
> /var/log/pki/pki-ca-spawn.20160803103307.log
> Loading deployment configuration from /tmp/tmpDVXaWo.
> *ERROR:  Unable to access directory server: Can't contact LDAP server*
>
> ipa         : DEBUG    stderr=
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
> configure CA instance: Command '/usr/sbin/pkispawn -s CA -f
> /tmp/tmpDVXaWo' returned non-zero exit status 1
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the
> installation logs and the following files/directories for more information:
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
> /var/log/pki/pki-tomcat
> ipa         : DEBUG    Traceback (most recent call last):
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 447, in start_creation
>     run_step(full_msg, method)
>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
> line 437, in run_step
>     method()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 579, in __spawn_instance
>     DogtagInstance.spawn_instance(self, cfg_file)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
> line 181, in spawn_instance
>     self.handle_setup_error(e)
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
> line 421, in handle_setup_error
>     raise RuntimeError("%s configuration failed." % self.subsystem)
> RuntimeError: CA configuration failed.
> ..
>
>
Hi Richard,

not sure if this is related, but there is a bug with recent revisions of 
Dogtag which results in failure of CA installation. See IPA ticket 6155 
[1] and Dogtag ticket 2403 [2]. A workaround is to downgrade the 
packages resteasy-xx because version 3.0.17 from updates-testing 
prevents the installation (but 3.0.6.11 is OK):

# dnf downgrade  resteasy-atom-provider resteasy-client resteasy-core 
resteasy-jackson-provider resteasy-jaxb-provider --allowerasing

[1] https://fedorahosted.org/freeipa/ticket/6155
[2] https://fedorahosted.org/pki/ticket/2403

Flo.



From simo at redhat.com  Thu Aug  4 09:31:00 2016
From: simo at redhat.com (Simo Sorce)
Date: Thu, 04 Aug 2016 05:31:00 -0400
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <2ACC1CF6D843104C9F5EA130AD3159B531C45508B4@SGTULMMP001.Global.ad.sabre.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
	<1470248895.3109.87.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>
	<1470251597.3109.94.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C45508B4@SGTULMMP001.Global.ad.sabre.com>
Message-ID: <1470303060.3109.122.camel@redhat.com>

On Wed, 2016-08-03 at 15:22 -0500, Alston, David wrote:
> Greetings!
> 
> >> 2. Active Directory must never know anything about a DNS domain 
> 
> >> freeipa.company.com (I'm not sure why)
> 
> > Correct because if that happened then AD considers the whole
> subdomain as part of its realm and trust routing will not work.
> 
> 
> Doesn't that mean that we have to have the FreeIPA servers on their
> own DNS domain again?

No, you can use the Windows DNS, DNS management != AD Domain, what
matters is that AD never had that DNS name as a child domain, with
computer objects in it.

>   So we can't have linux-server.company.com and
> windows-server.company.com (managed by FreeIPA and AD respectively)
> because there has to be a SOA for .company.com somewhere and that is
> already managed by AD (in our environment).

No you can't have this (if you want SSO and avoid headaches in general)
no matter what you do. You have to keep server names on separate
(sub)domains.
In some cases you can use CNAMEs though.

>      Also, thanks for your other answers.  They were very helpful :^)

You are welcome,
Simo.

> --David Alston
> 
> 
> -----Original Message-----
> From: Simo Sorce [mailto:simo at redhat.com] 
> Sent: Wednesday, August 03, 2016 2:13 PM
> To: Alston, David
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
> 
> On Wed, 2016-08-03 at 13:52 -0500, Alston, David wrote:
> > Greetings!
> 
> > 
> 
> >      That sounds like great news!   Just to make sure I understand correctly..
> 
> > 
> 
> > 1. Any server managed by FreeIPA must NEVER have had a computer object 
> 
> > associated with them in AD?  (even if it has now been deleted)
> 
> No, what a random server does or has done is irrelevant in this sense, but see later, for caveats.
> 
> > 2. Active Directory must never know anything about a DNS domain 
> 
> > freeipa.company.com (I'm not sure why)
> 
> Correct because if that happened then AD considers the whole subdomain as part of its realm and trust routing will not work.
> 
> > 3. My linux servers being managed by FreeIPA can still have the DNS 
> 
> > domain company.com (instead of servername.freeipa.company.com)
> 
> Although the strict answer is yes, if you put a linux server joined to freeIPA in the AD DNS Domain then Single Sign On from Windows users will not work, as AD will consider all request for tickets to those servers as requests for itself and will never return referrals to the freeIPA KDCs for those TGS requests, so clients will not be able to get tickets for those servers. 
> 
> > 4. Single Signon to the Linux servers using AD credentials will still 
> 
> > work
> 
> 
> No, see above.
> 
> > 5. (BONUS) I could even let AD trust user accounts created in FreeIPA?
> 
> 
> Not clear what you mean here. If you mean that IPA user accounts can operate in the Windows domain, the answer is technicaly yes, although because we do not expose (yet) a Global Catalog to the Windows AD servers, it will be hard to set ACLs on the Windows side to actually authorize freeIPA users to login to AD managed computers (it can probably be done via CLI, but not through AD administrative UIs).
> We plan to fix this in the near future by providing a GC service.
> 
> 
> HTH,
> Simo.
> 
> --
> Simo Sorce * Red Hat, Inc * New York
> 


-- 
Simo Sorce * Red Hat, Inc * New York



From Mario.Keller at cornelsen.de  Thu Aug  4 09:48:11 2016
From: Mario.Keller at cornelsen.de (Keller, Mario)
Date: Thu, 4 Aug 2016 09:48:11 +0000
Subject: [Freeipa-users] Client is using only one of two servers
Message-ID: <1CF5AC55809FA74085A31A6F5CE9825D32F94494@S-FCBG-MBX1.cornelsen.de>

Hello,

I've setup two ipa-servers on RHEL 7 that are up an running. Replication is also working.

#ipa-replica-manage list
Directory Manager password: 

s-fcbg-ipa2.ipa.cornelsen.de: master
s-onli-ipa1.ipa.cornelsen.de: master

Both servers running ipa-server-4.2 :

rpm -qa | grep ipa-server
ipa-server-dns-4.2.0-15.el7_2.17.x86_64
ipa-server-4.2.0-15.el7_2.17.x86_64

I have also a client installed running also version 4.2

ipa-client-4.2.0-15.el7_2.17.x86_64

The client and the first server are in the same subnet, while server 2 is in a different subnet. 
All ports that are required are open for server 1 to server 2 and also for the client to server two.

I have an subdomain ipa.cornelsen.de that is managed by both ipa-servers. the subdomain is forwarded by out general dns-server to both ipa-servers.

If I switch server 1 off I would expect that the client is using the second server to check access and sudo rights, but that's not the case. If I create a new user on the ipa-server and then switch off the first server, the user cannot login to the client. If I switch on server 1 again, the user can login. 

The official documentation says: 

" There can be multiple servers and replicas within the IdM server topology. When a client needs to connect to a server for updates or to retrieve user information, it (by default) uses a service scan to discover available servers and replicas in the domain. This means that the actual server to which the client connects is random, depending on the results of the discovery scan."

But there's no information how this scan is done. 

I have to provide the server and the domain during the client installation. But regarding to the documentation, the server can by any server or replica in my topology. This server is saved also in the
/etc/ipa/default.conf

How is the service scan working and is there a way to manually check what the service-check is returning?

With best regards,

Mario Keller
IT-Operations Engineer
?
--
Cornelsen Verlag GmbH, Mecklenburgische Stra?e 53, 14197 Berlin
Tel: +49 30 897 85-8364, Fax: +49 30 897 85-97-8364
E-Mail: mario.keller at cornelsen.de | cornelsen.de

AG Charlottenburg, HRB 114796 B
Gesch?ftsf?hrung: Dr. Anja Hagen, Joachim Herbst, Mark van Mierle (Vorsitz), 
Patrick Neiss, Michael von Smolinski, Frank Thalhofer




From gkoch at shoretel.com  Wed Aug  3 21:44:26 2016
From: gkoch at shoretel.com (Gregory Koch)
Date: Wed, 3 Aug 2016 21:44:26 +0000
Subject: [Freeipa-users] Cannot add external group from Active Directory
	two-way trust
Message-ID: <BN3PR10MB0212612473B68A2167AA3BAEC3060@BN3PR10MB0212.namprd10.prod.outlook.com>

I've been following the documentation at https://www.freeipa.org/page/Active_Directory_trust_setup and I was able to establish a two-way forest trust with Active Directory.  I'm getting stuck when mapping external AD groups into a POSIX group (the "Allow access for users from AD domain to protected resources" section).


I've run the following commands to create and map the groups:

ipa group-add --desc='sysops admins external map' sysops_external --external
ipa group-add --desc='sysops admins' sysops
ipa group-add-member sysops_external --external 'Activedirectory.com\Domain Admins'

The last command returns with an error "no trusted domain matched the specified flat name"

In /var/log/messages I saw an error message about there not being a kerberos account for ldap/activedirectoryserver at ipaserver, so I've added each host and an ldap service for each.  Now, in /var/log/messages, I see "KDC has no support for encryption type" when I attempt to add the group map.



CentOS Linux release 7.2.1511 (Core)

IPA 4.2.0-15.0.1.el7.centos.6.1.x86_64



This is the command I used to establish the trust:

ipa trust-add --type=ad Activedirectory.com --two-way=true --trust-secret

When checking everything is setup things seem to be OK:
ipa trust-show "Activedirectory.com"
  Realm name: Activedirectory.com
  Domain NetBIOS name: ACTIVEDIRECTORY
  Domain Security Identifier: S-1-5-21-4202716412-292079579-2462381064
  Trust direction: Two-way trust
  Trust type: Active Directory domain
ipa trustdomain-find "Activedirectory.com"
  Domain name: Activedirectory.com
  Domain NetBIOS name: ACTIVEDIRECTORY
  Domain Security Identifier: S-1-5-21-4202716412-292079579-2462381064
  Domain enabled: True
----------------------------
Number of entries returned 1
----------------------------

ipa trust-fetch-domains "Activedirectory.com"
-------------------------------
No new trust domains were found
-------------------------------
----------------------------
Number of entries returned 0
----------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160803/d390f1c8/attachment.htm>

From pvoborni at redhat.com  Thu Aug  4 10:28:33 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Thu, 4 Aug 2016 12:28:33 +0200
Subject: [Freeipa-users] Client is using only one of two servers
In-Reply-To: <1CF5AC55809FA74085A31A6F5CE9825D32F94494@S-FCBG-MBX1.cornelsen.de>
References: <1CF5AC55809FA74085A31A6F5CE9825D32F94494@S-FCBG-MBX1.cornelsen.de>
Message-ID: <13727566-6f48-d2c3-b62a-87a927e46c7e@redhat.com>

On 08/04/2016 11:48 AM, Keller, Mario wrote:
> Hello,
> 
> I've setup two ipa-servers on RHEL 7 that are up an running. Replication is also working.
> 
> #ipa-replica-manage list
> Directory Manager password: 
> 
> s-fcbg-ipa2.ipa.cornelsen.de: master
> s-onli-ipa1.ipa.cornelsen.de: master
> 
> Both servers running ipa-server-4.2 :
> 
> rpm -qa | grep ipa-server
> ipa-server-dns-4.2.0-15.el7_2.17.x86_64
> ipa-server-4.2.0-15.el7_2.17.x86_64
> 
> I have also a client installed running also version 4.2
> 
> ipa-client-4.2.0-15.el7_2.17.x86_64
> 
> The client and the first server are in the same subnet, while server 2 is in a different subnet. 
> All ports that are required are open for server 1 to server 2 and also for the client to server two.
> 
> I have an subdomain ipa.cornelsen.de that is managed by both ipa-servers. the subdomain is forwarded by out general dns-server to both ipa-servers.
> 
> If I switch server 1 off I would expect that the client is using the second server to check access and sudo rights, but that's not the case. If I create a new user on the ipa-server and then switch off the first server, the user cannot login to the client. If I switch on server 1 again, the user can login. 
> 
> The official documentation says: 
> 
> " There can be multiple servers and replicas within the IdM server topology. When a client needs to connect to a server for updates or to retrieve user information, it (by default) uses a service scan to discover available servers and replicas in the domain. This means that the actual server to which the client connects is random, depending on the results of the discovery scan."
> 
> But there's no information how this scan is done. 
> 
> I have to provide the server and the domain during the client installation. But regarding to the documentation, the server can by any server or replica in my topology. This server is saved also in the
> /etc/ipa/default.conf
> 
> How is the service scan working and is there a way to manually check what the service-check is returning?
> 
> With best regards,
> 
> Mario Keller
> IT-Operations Engineer
>  

Hello,

With what options were the clients installed?

Autodiscovery works only if the client is installed also with
autodiscover. That means that if ipa-client-install is run with --server
option then autodiscovery is not used. This is documented in
ipa-client-install man page.

HTH
-- 
Petr Vobornik



From pvoborni at redhat.com  Thu Aug  4 10:47:29 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Thu, 4 Aug 2016 12:47:29 +0200
Subject: [Freeipa-users] Deleted Replica Problems
In-Reply-To: <f231ceee-2127-eccb-e455-aae6ea146032@brownpapertickets.com>
References: <f231ceee-2127-eccb-e455-aae6ea146032@brownpapertickets.com>
Message-ID: <86e7a0a2-81e7-9a7f-bc46-3829e5238cb2@redhat.com>

On 08/03/2016 08:06 PM, Ian Harding wrote:
> I deleted a replica that had a corrupted ldap database and it caused
> some problems.  I'm now getting the dreaded

What do you mean by "deleted"? Ran `ipa-replica-mange del $server`?
Removed the machine completely? Or something else?

> 
> [root at edinburghnfs ianh]# ipa-replica-manage connect freeipa-sea.bpt.rocks
> Connection unsuccessful: freeipa-sea.bpt.rocks is an IPA Server, but it
> might be unknown, foreign or previously deleted one.
> 
> I had to go around and remove old replication agreements from the other
> replicas, but then they could connect again.  This one, and another, I
> am not able to do that with.  They were initially created with
> freeipa-sea as their master.

Which replica is the deleted one? freeipa-sea.bpt.rocks  or edinburghnfs ?

> 
> I assume I run ipa-server-install --uninstall on edinburghnis, then
> reinstall to fix?
> 
> There's always an error about having to "Manually remove" the ldap
> database.  What's the best way to do that?

Where is the error shown and what is the exact text?

In general
- if replica is removed/uninstall then it cannot be added back
- incorrectly removed repliacase might
 - have still dangling replication agreements
 - various ldap entries in LDAP db which are normally removed by
`ipa-replica-manage del $replica`
 - suffer from dangling ruvs

Most of the issues above can be fixed by `ipa-(cs)replica-manage del
$replica --clean --force commands`. And then clean ruvs commands of the
same tool.

Correct order of IPA replica is:
- transfer CA CRL and CA renewal roles to different replica if this one
is the master which handles it
- make sure you have other relica with CA
- run `ipa-csreplica-manage del $tobedeleted` on different replica
- run `ipa-replica-manage del $tobedeleted` on different replica
- run `ipa-server-install --uninstall` on the to-be-delete-replica

-- 
Petr Vobornik



From th at casalogic.dk  Thu Aug  4 10:57:40 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 4 Aug 2016 12:57:40 +0200 (CEST)
Subject: [Freeipa-users] SSH auth failing in IPA trust
Message-ID: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>

Hi, we have set up IPA in a AD trust and is about 90% done, but still have one problem using SSH login. 

Kerberos works: 
# kdestroy 
# kinit drextrha at NET.DR.DK 
Password for drextrha at NET.DR.DK: 
# klist 
Ticket cache: KEYRING:persistent:0:0 
Default principal: drextrha at NET.DR.DK 

Valid starting Expires Service principal 
08/04/2016 12:46:17 08/04/2016 22:46:17 krbtgt/NET.DR.DK at NET.DR.DK 
renew until 08/05/2016 12:46:09 


I can see the user: 

# getent passwd drextrha at NET.DR.DK 
drextrha at net.dr.dk:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha: 

However, can't log in using SSH: 

login as: drextrha at NET.DR.DK 
drextrha at NET.DR.DK@ipa02tst.linux.dr.dk's password: 
Access denied 


When I look at the log files it looks correct, untill we receive a " be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)] " error, which I can't quite resolve or even verify if thats what's causing the problem. 


(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds] (0x0010): unsupported PAM command [249]. 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds] (0x0010): password not available, offline auth may not work. 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)] 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Sending result [0][net.dr.dk] 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Sent result [0][net.dr.dk] 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler] (0x0100): Got request with the following data 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): domain: net.dr.dk 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): user: DREXTRHA at net.dr.dk 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): service: sshd 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): tty: ssh 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): ruser: 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): rhost: t01042.net.dr.dk 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): authtok type: 1 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): newauthtok type: 0 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): priv: 1 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): cli_pid: 17348 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): logon name: not set 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [child_sig_handler] (0x0100): child [17356] finished successfully. 
(Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)] 


Everything running RHEL 7.2: 
IPA 4.2.0-15.el7_2.18 
SSSD 1.13.0-40.el7_2.12 


Anyone having any clues on how to proceed? Could of cause just raise it as an RedHat support case, but guite a lot of genious people sit in here :-) 


-- 


Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/6e086ff8/attachment.htm>

From jhrozek at redhat.com  Thu Aug  4 11:22:29 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 4 Aug 2016 13:22:29 +0200
Subject: [Freeipa-users] SSH auth failing in IPA trust
In-Reply-To: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
References: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160804112229.GC29960@hendrix>

On Thu, Aug 04, 2016 at 12:57:40PM +0200, Troels Hansen wrote:
> Hi, we have set up IPA in a AD trust and is about 90% done, but still have one problem using SSH login. 
> 
> Kerberos works: 
> # kdestroy 
> # kinit drextrha at NET.DR.DK 
> Password for drextrha at NET.DR.DK: 
> # klist 
> Ticket cache: KEYRING:persistent:0:0 
> Default principal: drextrha at NET.DR.DK 
> 
> Valid starting Expires Service principal 
> 08/04/2016 12:46:17 08/04/2016 22:46:17 krbtgt/NET.DR.DK at NET.DR.DK 
> renew until 08/05/2016 12:46:09 
> 
> 
> I can see the user: 
> 
> # getent passwd drextrha at NET.DR.DK 
> drextrha at net.dr.dk:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha: 
> 
> However, can't log in using SSH: 
> 
> login as: drextrha at NET.DR.DK 
> drextrha at NET.DR.DK@ipa02tst.linux.dr.dk's password: 
> Access denied 
> 
> 
> When I look at the log files it looks correct, untill we receive a " be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)] " error, which I can't quite resolve or even verify if thats what's causing the problem. 
> 
> 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds] (0x0010): unsupported PAM command [249]. 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds] (0x0010): password not available, offline auth may not work. 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)] 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Sending result [0][net.dr.dk] 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Sent result [0][net.dr.dk] 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler] (0x0100): Got request with the following data 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): domain: net.dr.dk 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): user: DREXTRHA at net.dr.dk 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): service: sshd 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): tty: ssh 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): ruser: 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): rhost: t01042.net.dr.dk 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): authtok type: 1 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): newauthtok type: 0 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): priv: 1 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): cli_pid: 17348 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100): logon name: not set 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [child_sig_handler] (0x0100): child [17356] finished successfully. 
> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)] 

Please take a look into krb5_child.log, it should have more hints on why
the authentication failed.

(This is documented at
https://fedorahosted.org/sssd/wiki/Troubleshooting, section
"Troubleshooting general authentication problems")



From jhrozek at redhat.com  Thu Aug  4 11:23:09 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 4 Aug 2016 13:23:09 +0200
Subject: [Freeipa-users] Client is using only one of two servers
In-Reply-To: <13727566-6f48-d2c3-b62a-87a927e46c7e@redhat.com>
References: <1CF5AC55809FA74085A31A6F5CE9825D32F94494@S-FCBG-MBX1.cornelsen.de>
	<13727566-6f48-d2c3-b62a-87a927e46c7e@redhat.com>
Message-ID: <20160804112309.GD29960@hendrix>

On Thu, Aug 04, 2016 at 12:28:33PM +0200, Petr Vobornik wrote:
> On 08/04/2016 11:48 AM, Keller, Mario wrote:
> > Hello,
> > 
> > I've setup two ipa-servers on RHEL 7 that are up an running. Replication is also working.
> > 
> > #ipa-replica-manage list
> > Directory Manager password: 
> > 
> > s-fcbg-ipa2.ipa.cornelsen.de: master
> > s-onli-ipa1.ipa.cornelsen.de: master
> > 
> > Both servers running ipa-server-4.2 :
> > 
> > rpm -qa | grep ipa-server
> > ipa-server-dns-4.2.0-15.el7_2.17.x86_64
> > ipa-server-4.2.0-15.el7_2.17.x86_64
> > 
> > I have also a client installed running also version 4.2
> > 
> > ipa-client-4.2.0-15.el7_2.17.x86_64
> > 
> > The client and the first server are in the same subnet, while server 2 is in a different subnet. 
> > All ports that are required are open for server 1 to server 2 and also for the client to server two.
> > 
> > I have an subdomain ipa.cornelsen.de that is managed by both ipa-servers. the subdomain is forwarded by out general dns-server to both ipa-servers.
> > 
> > If I switch server 1 off I would expect that the client is using the second server to check access and sudo rights, but that's not the case. If I create a new user on the ipa-server and then switch off the first server, the user cannot login to the client. If I switch on server 1 again, the user can login. 
> > 
> > The official documentation says: 
> > 
> > " There can be multiple servers and replicas within the IdM server topology. When a client needs to connect to a server for updates or to retrieve user information, it (by default) uses a service scan to discover available servers and replicas in the domain. This means that the actual server to which the client connects is random, depending on the results of the discovery scan."
> > 
> > But there's no information how this scan is done. 
> > 
> > I have to provide the server and the domain during the client installation. But regarding to the documentation, the server can by any server or replica in my topology. This server is saved also in the
> > /etc/ipa/default.conf
> > 
> > How is the service scan working and is there a way to manually check what the service-check is returning?
> > 
> > With best regards,
> > 
> > Mario Keller
> > IT-Operations Engineer
> >  
> 
> Hello,
> 
> With what options were the clients installed?
> 
> Autodiscovery works only if the client is installed also with
> autodiscover. That means that if ipa-client-install is run with --server
> option then autodiscovery is not used. This is documented in
> ipa-client-install man page.

Yes, we need to know how the clients were installed and how the
sssd.conf on the clients looks like.



From jhrozek at redhat.com  Thu Aug  4 11:26:18 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 4 Aug 2016 13:26:18 +0200
Subject: [Freeipa-users] Cannot add external group from Active Directory
 two-way trust
In-Reply-To: <BN3PR10MB0212612473B68A2167AA3BAEC3060@BN3PR10MB0212.namprd10.prod.outlook.com>
References: <BN3PR10MB0212612473B68A2167AA3BAEC3060@BN3PR10MB0212.namprd10.prod.outlook.com>
Message-ID: <20160804112618.GE29960@hendrix>

On Wed, Aug 03, 2016 at 09:44:26PM +0000, Gregory Koch wrote:
> I've been following the documentation at https://www.freeipa.org/page/Active_Directory_trust_setup and I was able to establish a two-way forest trust with Active Directory.  I'm getting stuck when mapping external AD groups into a POSIX group (the "Allow access for users from AD domain to protected resources" section).
> 
> 
> I've run the following commands to create and map the groups:
> 
> ipa group-add --desc='sysops admins external map' sysops_external --external
> ipa group-add --desc='sysops admins' sysops
> ipa group-add-member sysops_external --external 'Activedirectory.com\Domain Admins'
                                                   ~~~~~~~~~~~~~~~~~~~

Are you actually able to run "getent group Activedirectory.com\Domain
Admins" ? Because later, the ipa trust-show lists your NetBIOS name as
ACTIVEDIRECTORY, not Activedirectory.com..

Either use:
    ACTIVEDIRECTORY\Domain Admins
or:
    Domain Admins at Activedirectory.com

btw isn't Domain Admins a domain-local group? Is it a good idea to use
such group in a trust scenario? I would suggest going for a
Global-scoped group at least..

> 
> The last command returns with an error "no trusted domain matched the specified flat name"
> 
> In /var/log/messages I saw an error message about there not being a kerberos account for ldap/activedirectoryserver at ipaserver, so I've added each host and an ldap service for each.  Now, in /var/log/messages, I see "KDC has no support for encryption type" when I attempt to add the group map.
> 
> 
> 
> CentOS Linux release 7.2.1511 (Core)
> 
> IPA 4.2.0-15.0.1.el7.centos.6.1.x86_64
> 
> 
> 
> This is the command I used to establish the trust:
> 
> ipa trust-add --type=ad Activedirectory.com --two-way=true --trust-secret
> 
> When checking everything is setup things seem to be OK:
> ipa trust-show "Activedirectory.com"
>   Realm name: Activedirectory.com
>   Domain NetBIOS name: ACTIVEDIRECTORY
Here..                   ~~~~~~~~~~~~~~
>   Domain Security Identifier: S-1-5-21-4202716412-292079579-2462381064
>   Trust direction: Two-way trust
>   Trust type: Active Directory domain



From th at casalogic.dk  Thu Aug  4 11:56:42 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 4 Aug 2016 13:56:42 +0200 (CEST)
Subject: [Freeipa-users] SSH auth failing in IPA trust
In-Reply-To: <20160804112229.GC29960@hendrix>
References: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
	<20160804112229.GC29960@hendrix>
Message-ID: <943910922.282523.1470311802195.JavaMail.zimbra@casalogic.dk>

Hmm, well, yes, it did:

(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [unpack_buffer] (0x0100): cmd [249] uid [1349938498] gid [1349938498] validate [true] enterprise principal [false] offline [false] UPN [DREXTRHA at DR.DK]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ipa02tst.linux.dr.dk at LINUX.DR.DK]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18122]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [unpack_buffer] (0x0100): cmd [241] uid [1349938498] gid [1349938498] validate [true] enterprise principal [false] offline [false] UPN [DREXTRHA at DR.DK]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1349938498] old_ccname: [KEYRING:persistent:1349938498] keytab: [/etc/krb5.keytab]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ipa02tst.linux.dr.dk at LINUX.DR.DK]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [get_and_save_tgt] (0x0020): 1234: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
(Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [map_krb5_error] (0x0020): 1303: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]

and this is actually correct, because the UPN would be DREXTRHA at DR.DK.

I found this:
https://access.redhat.com/solutions/323373

However, setting ldap_user_principal in the domain part to something non-existing doesn't seem to work.


----- On Aug 4, 2016, at 1:22 PM, Jakub Hrozek jhrozek at redhat.com wrote:

> On Thu, Aug 04, 2016 at 12:57:40PM +0200, Troels Hansen wrote:
>> Hi, we have set up IPA in a AD trust and is about 90% done, but still have one
>> problem using SSH login.
>> 
>> Kerberos works:
>> # kdestroy
>> # kinit drextrha at NET.DR.DK
>> Password for drextrha at NET.DR.DK:
>> # klist
>> Ticket cache: KEYRING:persistent:0:0
>> Default principal: drextrha at NET.DR.DK
>> 
>> Valid starting Expires Service principal
>> 08/04/2016 12:46:17 08/04/2016 22:46:17 krbtgt/NET.DR.DK at NET.DR.DK
>> renew until 08/05/2016 12:46:09
>> 
>> 
>> I can see the user:
>> 
>> # getent passwd drextrha at NET.DR.DK
>> drextrha at net.dr.dk:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha:
>> 
>> However, can't log in using SSH:
>> 
>> login as: drextrha at NET.DR.DK
>> drextrha at NET.DR.DK@ipa02tst.linux.dr.dk's password:
>> Access denied
>> 
>> 
>> When I look at the log files it looks correct, untill we receive a "
>> be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success
>> (System error)] " error, which I can't quite resolve or even verify if thats
>> what's causing the problem.
>> 
>> 
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds]
>> (0x0010): unsupported PAM command [249].
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds]
>> (0x0010): password not available, offline auth may not work.
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>> (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>> (0x0100): Sending result [0][net.dr.dk]
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>> (0x0100): Sent result [0][net.dr.dk]
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler] (0x0100): Got
>> request with the following data
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> command: PAM_AUTHENTICATE
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> domain: net.dr.dk
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> user: DREXTRHA at net.dr.dk
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> service: sshd
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> tty: ssh
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> ruser:
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> rhost: t01042.net.dr.dk
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> authtok type: 1
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> priv: 1
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> cli_pid: 17348
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>> logon name: not set
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [fo_resolve_service_send]
>> (0x0100): Trying to resolve service 'IPA'
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [child_sig_handler] (0x0100):
>> child [17356] finished successfully.
>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>> (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)]
> 
> Please take a look into krb5_child.log, it should have more hints on why
> the authentication failed.
> 
> (This is documented at
> https://fedorahosted.org/sssd/wiki/Troubleshooting, section
> "Troubleshooting general authentication problems")
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From th at casalogic.dk  Thu Aug  4 12:31:46 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 4 Aug 2016 14:31:46 +0200 (CEST)
Subject: [Freeipa-users] SSH auth failing in IPA trust
In-Reply-To: <943910922.282523.1470311802195.JavaMail.zimbra@casalogic.dk>
References: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
	<20160804112229.GC29960@hendrix>
	<943910922.282523.1470311802195.JavaMail.zimbra@casalogic.dk>
Message-ID: <1601153421.282800.1470313906643.JavaMail.zimbra@casalogic.dk>

Solved it myself.....

http://www.redhat.com/archives/freeipa-users/2016-May/msg00209.html

Apparently its well known, and will be solved in 7.3

----- On Aug 4, 2016, at 1:56 PM, Troels Hansen th at casalogic.dk wrote:

> Hmm, well, yes, it did:
> 
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [unpack_buffer] (0x0100):
> cmd [249] uid [1349938498] gid [1349938498] validate [true] enterprise
> principal [false] offline [false] UPN [DREXTRHA at DR.DK]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> [host/ipa02tst.linux.dr.dk at LINUX.DR.DK]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18122]]]] [set_canonicalize_option]
> (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_lifetime_options]
> (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_lifetime_options]
> (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_canonicalize_option]
> (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [unpack_buffer] (0x0100):
> cmd [241] uid [1349938498] gid [1349938498] validate [true] enterprise
> principal [false] offline [false] UPN [DREXTRHA at DR.DK]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [unpack_buffer] (0x0100):
> ccname: [KEYRING:persistent:1349938498] old_ccname:
> [KEYRING:persistent:1349938498] keytab: [/etc/krb5.keytab]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> [host/ipa02tst.linux.dr.dk at LINUX.DR.DK]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_lifetime_options]
> (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_lifetime_options]
> (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_canonicalize_option]
> (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [get_and_save_tgt]
> (0x0020): 1234: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos
> database]
> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [map_krb5_error]
> (0x0020): 1303: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos
> database]
> 
> and this is actually correct, because the UPN would be DREXTRHA at DR.DK.
> 
> I found this:
> https://access.redhat.com/solutions/323373
> 
> However, setting ldap_user_principal in the domain part to something
> non-existing doesn't seem to work.
> 
> 
> ----- On Aug 4, 2016, at 1:22 PM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
>> On Thu, Aug 04, 2016 at 12:57:40PM +0200, Troels Hansen wrote:
>>> Hi, we have set up IPA in a AD trust and is about 90% done, but still have one
>>> problem using SSH login.
>>> 
>>> Kerberos works:
>>> # kdestroy
>>> # kinit drextrha at NET.DR.DK
>>> Password for drextrha at NET.DR.DK:
>>> # klist
>>> Ticket cache: KEYRING:persistent:0:0
>>> Default principal: drextrha at NET.DR.DK
>>> 
>>> Valid starting Expires Service principal
>>> 08/04/2016 12:46:17 08/04/2016 22:46:17 krbtgt/NET.DR.DK at NET.DR.DK
>>> renew until 08/05/2016 12:46:09
>>> 
>>> 
>>> I can see the user:
>>> 
>>> # getent passwd drextrha at NET.DR.DK
>>> drextrha at net.dr.dk:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha:
>>> 
>>> However, can't log in using SSH:
>>> 
>>> login as: drextrha at NET.DR.DK
>>> drextrha at NET.DR.DK@ipa02tst.linux.dr.dk's password:
>>> Access denied
>>> 
>>> 
>>> When I look at the log files it looks correct, untill we receive a "
>>> be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success
>>> (System error)] " error, which I can't quite resolve or even verify if thats
>>> what's causing the problem.
>>> 
>>> 
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds]
>>> (0x0010): unsupported PAM command [249].
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds]
>>> (0x0010): password not available, offline auth may not work.
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>> (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>> (0x0100): Sending result [0][net.dr.dk]
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>> (0x0100): Sent result [0][net.dr.dk]
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler] (0x0100): Got
>>> request with the following data
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> command: PAM_AUTHENTICATE
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> domain: net.dr.dk
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> user: DREXTRHA at net.dr.dk
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> service: sshd
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> tty: ssh
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> ruser:
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> rhost: t01042.net.dr.dk
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> authtok type: 1
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> newauthtok type: 0
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> priv: 1
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> cli_pid: 17348
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>> logon name: not set
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [fo_resolve_service_send]
>>> (0x0100): Trying to resolve service 'IPA'
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [child_sig_handler] (0x0100):
>>> child [17356] finished successfully.
>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>> (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)]
>> 
>> Please take a look into krb5_child.log, it should have more hints on why
>> the authentication failed.
>> 
>> (This is documented at
>> https://fedorahosted.org/sssd/wiki/Troubleshooting, section
>> "Troubleshooting general authentication problems")
>> 
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> --
> Med venlig hilsen
> 
> Troels Hansen
> 
> Systemkonsulent
> 
> Casalogic A/S
> 
> 
> T (+45) 70 20 10 63
> 
> M (+45) 22 43 71 57
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
> meget mere.
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From th at casalogic.dk  Thu Aug  4 13:39:26 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 4 Aug 2016 15:39:26 +0200 (CEST)
Subject: [Freeipa-users] SSH auth failing in IPA trust
In-Reply-To: <1601153421.282800.1470313906643.JavaMail.zimbra@casalogic.dk>
References: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
	<20160804112229.GC29960@hendrix>
	<943910922.282523.1470311802195.JavaMail.zimbra@casalogic.dk>
	<1601153421.282800.1470313906643.JavaMail.zimbra@casalogic.dk>
Message-ID: <926287887.284477.1470317966426.JavaMail.zimbra@casalogic.dk>

Hmm, was too fast.

ldap_user_principal = nosuchattr
subdomain_inherit = ldap_user_principal

Works, but ONLY from the IPA server.

If I do the same from a client, I still get:

(Thu Aug  4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [get_and_save_tgt] (0x0020): 1234: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
(Thu Aug  4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [map_krb5_error] (0x0020): 1303: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
(Thu Aug  4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [k5c_send_data] (0x0200): Received error code 1432158209

Any reason for this not working on a normal client ?


----- On Aug 4, 2016, at 2:31 PM, Troels Hansen th at casalogic.dk wrote:

> Solved it myself.....
> 
> http://www.redhat.com/archives/freeipa-users/2016-May/msg00209.html
> 
> Apparently its well known, and will be solved in 7.3
> 
> ----- On Aug 4, 2016, at 1:56 PM, Troels Hansen th at casalogic.dk wrote:
> 
>> Hmm, well, yes, it did:
>> 
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [unpack_buffer] (0x0100):
>> cmd [249] uid [1349938498] gid [1349938498] validate [true] enterprise
>> principal [false] offline [false] UPN [DREXTRHA at DR.DK]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [k5c_setup_fast]
>> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
>> [host/ipa02tst.linux.dr.dk at LINUX.DR.DK]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18122]]]] [set_canonicalize_option]
>> (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_lifetime_options]
>> (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_lifetime_options]
>> (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18121]]]] [set_canonicalize_option]
>> (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [unpack_buffer] (0x0100):
>> cmd [241] uid [1349938498] gid [1349938498] validate [true] enterprise
>> principal [false] offline [false] UPN [DREXTRHA at DR.DK]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [unpack_buffer] (0x0100):
>> ccname: [KEYRING:persistent:1349938498] old_ccname:
>> [KEYRING:persistent:1349938498] keytab: [/etc/krb5.keytab]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [k5c_setup_fast]
>> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
>> [host/ipa02tst.linux.dr.dk at LINUX.DR.DK]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_lifetime_options]
>> (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_lifetime_options]
>> (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [set_canonicalize_option]
>> (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [get_and_save_tgt]
>> (0x0020): 1234: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos
>> database]
>> (Thu Aug  4 13:46:58 2016) [[sssd[krb5_child[18124]]]] [map_krb5_error]
>> (0x0020): 1303: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos
>> database]
>> 
>> and this is actually correct, because the UPN would be DREXTRHA at DR.DK.
>> 
>> I found this:
>> https://access.redhat.com/solutions/323373
>> 
>> However, setting ldap_user_principal in the domain part to something
>> non-existing doesn't seem to work.
>> 
>> 
>> ----- On Aug 4, 2016, at 1:22 PM, Jakub Hrozek jhrozek at redhat.com wrote:
>> 
>>> On Thu, Aug 04, 2016 at 12:57:40PM +0200, Troels Hansen wrote:
>>>> Hi, we have set up IPA in a AD trust and is about 90% done, but still have one
>>>> problem using SSH login.
>>>> 
>>>> Kerberos works:
>>>> # kdestroy
>>>> # kinit drextrha at NET.DR.DK
>>>> Password for drextrha at NET.DR.DK:
>>>> # klist
>>>> Ticket cache: KEYRING:persistent:0:0
>>>> Default principal: drextrha at NET.DR.DK
>>>> 
>>>> Valid starting Expires Service principal
>>>> 08/04/2016 12:46:17 08/04/2016 22:46:17 krbtgt/NET.DR.DK at NET.DR.DK
>>>> renew until 08/05/2016 12:46:09
>>>> 
>>>> 
>>>> I can see the user:
>>>> 
>>>> # getent passwd drextrha at NET.DR.DK
>>>> drextrha at net.dr.dk:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha:
>>>> 
>>>> However, can't log in using SSH:
>>>> 
>>>> login as: drextrha at NET.DR.DK
>>>> drextrha at NET.DR.DK@ipa02tst.linux.dr.dk's password:
>>>> Access denied
>>>> 
>>>> 
>>>> When I look at the log files it looks correct, untill we receive a "
>>>> be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success
>>>> (System error)] " error, which I can't quite resolve or even verify if thats
>>>> what's causing the problem.
>>>> 
>>>> 
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds]
>>>> (0x0010): unsupported PAM command [249].
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [krb5_auth_store_creds]
>>>> (0x0010): password not available, offline auth may not work.
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>>> (0x0100): Backend returned: (0, 0, <NULL>) [Success (Success)]
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>>> (0x0100): Sending result [0][net.dr.dk]
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>>> (0x0100): Sent result [0][net.dr.dk]
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler] (0x0100): Got
>>>> request with the following data
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> command: PAM_AUTHENTICATE
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> domain: net.dr.dk
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> user: DREXTRHA at net.dr.dk
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> service: sshd
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> tty: ssh
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> ruser:
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> rhost: t01042.net.dr.dk
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> authtok type: 1
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> newauthtok type: 0
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> priv: 1
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> cli_pid: 17348
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [pam_print_data] (0x0100):
>>>> logon name: not set
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [fo_resolve_service_send]
>>>> (0x0100): Trying to resolve service 'IPA'
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [child_sig_handler] (0x0100):
>>>> child [17356] finished successfully.
>>>> (Thu Aug 4 12:51:10 2016) [sssd[be[linux.dr.dk]]] [be_pam_handler_callback]
>>>> (0x0100): Backend returned: (0, 4, <NULL>) [Success (System error)]
>>> 
>>> Please take a look into krb5_child.log, it should have more hints on why
>>> the authentication failed.
>>> 
>>> (This is documented at
>>> https://fedorahosted.org/sssd/wiki/Troubleshooting, section
>>> "Troubleshooting general authentication problems")
>>> 
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>> 
>> --
>> Med venlig hilsen
>> 
>> Troels Hansen
>> 
>> Systemkonsulent
>> 
>> Casalogic A/S
>> 
>> 
>> T (+45) 70 20 10 63
>> 
>> M (+45) 22 43 71 57
>> 
>> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
>> meget mere.
>> 
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> --
> Med venlig hilsen
> 
> Troels Hansen
> 
> Systemkonsulent
> 
> Casalogic A/S
> 
> 
> T (+45) 70 20 10 63
> 
> M (+45) 22 43 71 57
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
> meget mere.
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From jhrozek at redhat.com  Thu Aug  4 14:05:42 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 4 Aug 2016 16:05:42 +0200
Subject: [Freeipa-users] SSH auth failing in IPA trust
In-Reply-To: <926287887.284477.1470317966426.JavaMail.zimbra@casalogic.dk>
References: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
	<20160804112229.GC29960@hendrix>
	<943910922.282523.1470311802195.JavaMail.zimbra@casalogic.dk>
	<1601153421.282800.1470313906643.JavaMail.zimbra@casalogic.dk>
	<926287887.284477.1470317966426.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160804140542.GG29960@hendrix>

On Thu, Aug 04, 2016 at 03:39:26PM +0200, Troels Hansen wrote:
> Hmm, was too fast.
> 
> ldap_user_principal = nosuchattr
> subdomain_inherit = ldap_user_principal
> 
> Works, but ONLY from the IPA server.
> 
> If I do the same from a client, I still get:
> 
> (Thu Aug  4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [get_and_save_tgt] (0x0020): 1234: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
> (Thu Aug  4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [map_krb5_error] (0x0020): 1303: [-1765328378][Client 'DREXTRHA at DR.DK' not found in Kerberos database]
> (Thu Aug  4 15:32:05 2016) [[sssd[krb5_child[16374]]]] [k5c_send_data] (0x0200): Received error code 1432158209
> 
> Any reason for this not working on a normal client ?

Can you clear the caches on the client? The client receives the principals
from the server the same way as it receives other attributes.



From t.ruiten at rdmedia.com  Thu Aug  4 15:01:00 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Thu, 4 Aug 2016 17:01:00 +0200
Subject: [Freeipa-users] label for public keys
Message-ID: <CAAegNz1X9bSZxEzVASiz-hpzuOMKzzN+fgyjfxv0hdOLP1rZ=A@mail.gmail.com>

Hello,

Currently it is possible to add multiple SSH-keys for a single user in
FreeIPA. We are using this capability to grant access to multiple
contractors under a single user (so user company1, with keys A, B, C to
give access to three persons at company1).

Unfortunately it's not possible to label these keys, so to ensure that we
can revoke access for eg. person B later on, we have to administrate this
separately. Would it be possible to add this as a feature? Or if it already
exists, could someone explain to me how to do it?

-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/df51f67f/attachment.htm>

From jpazdziora at redhat.com  Thu Aug  4 15:10:31 2016
From: jpazdziora at redhat.com (Jan Pazdziora)
Date: Thu, 4 Aug 2016 17:10:31 +0200
Subject: [Freeipa-users] label for public keys
In-Reply-To: <CAAegNz1X9bSZxEzVASiz-hpzuOMKzzN+fgyjfxv0hdOLP1rZ=A@mail.gmail.com>
References: <CAAegNz1X9bSZxEzVASiz-hpzuOMKzzN+fgyjfxv0hdOLP1rZ=A@mail.gmail.com>
Message-ID: <20160804151031.GF1586@redhat.com>

On Thu, Aug 04, 2016 at 05:01:00PM +0200, Tiemen Ruiten wrote:
> 
> Currently it is possible to add multiple SSH-keys for a single user in
> FreeIPA. We are using this capability to grant access to multiple
> contractors under a single user (so user company1, with keys A, B, C to
> give access to three persons at company1).
> 
> Unfortunately it's not possible to label these keys, so to ensure that we
> can revoke access for eg. person B later on, we have to administrate this
> separately. Would it be possible to add this as a feature? Or if it already
> exists, could someone explain to me how to do it?

By label, do you mean an admin-friendly string for the key to make
sure you remove the correct key?

For ssh-rsa keys, after the second space there is a place for comments
and FreeIPA's WebUI will show it when listing the keys. Would that
work for you or do you need something else?

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat



From t.ruiten at rdmedia.com  Thu Aug  4 15:13:38 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Thu, 4 Aug 2016 17:13:38 +0200
Subject: [Freeipa-users] label for public keys
In-Reply-To: <20160804151031.GF1586@redhat.com>
References: <CAAegNz1X9bSZxEzVASiz-hpzuOMKzzN+fgyjfxv0hdOLP1rZ=A@mail.gmail.com>
	<20160804151031.GF1586@redhat.com>
Message-ID: <CAAegNz0q0hCtp=E4-dDqSKOHXGrHVxPrB1PW-PqjUe8_zAsBjg@mail.gmail.com>

Wow, that's actually pretty obvious. That works, thanks!

On 4 August 2016 at 17:10, Jan Pazdziora <jpazdziora at redhat.com> wrote:

> On Thu, Aug 04, 2016 at 05:01:00PM +0200, Tiemen Ruiten wrote:
> >
> > Currently it is possible to add multiple SSH-keys for a single user in
> > FreeIPA. We are using this capability to grant access to multiple
> > contractors under a single user (so user company1, with keys A, B, C to
> > give access to three persons at company1).
> >
> > Unfortunately it's not possible to label these keys, so to ensure that we
> > can revoke access for eg. person B later on, we have to administrate this
> > separately. Would it be possible to add this as a feature? Or if it
> already
> > exists, could someone explain to me how to do it?
>
> By label, do you mean an admin-friendly string for the key to make
> sure you remove the correct key?
>
> For ssh-rsa keys, after the second space there is a place for comments
> and FreeIPA's WebUI will show it when listing the keys. Would that
> work for you or do you need something else?
>
> --
> Jan Pazdziora
> Senior Principal Software Engineer, Identity Management Engineering, Red
> Hat
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/016af245/attachment.htm>

From schogan at us.ibm.com  Thu Aug  4 15:31:55 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Thu, 4 Aug 2016 08:31:55 -0700
Subject: [Freeipa-users] Querying the dir srv
Message-ID: <OFC975F97C.B1FCD44B-ON07258005.00547B5C-07258005.0055512E@notes.na.collabserv.com>


Hi All,

  Where can I find information about the IPA schema as in what = what in
the dir srv?  I do not have a ldap viewer.
 I am looking to pull specific info from it such as a list of servers that
have enrolled = true and have been playing with ldapsearch to no avail.




Sean Hogan



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/9f8c2886/attachment.htm>

From freeipa at jacobdevans.com  Thu Aug  4 15:47:12 2016
From: freeipa at jacobdevans.com (Jake)
Date: Thu, 4 Aug 2016 11:47:12 -0400 (EDT)
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
In-Reply-To: <20160804074814.GO14692@hendrix>
References: <321512465.8453.1470248083218@vegas.jacobdevans.com>
	<B1F8827B-351A-4E58-8878-C617EA236D23@redhat.com>
	<1110639453.8681.1470271080019@vegas.jacobdevans.com>
	<20160804074814.GO14692@hendrix>
Message-ID: <2011550650.9179.1470325632757@vegas.jacobdevans.com>

Jakub,
Resolved seems to be working (I swear restarting sssd and adding the debug line does some magic), the sssd performance blog worked out quite well.

I did not need to make any changes to my trust relationship, re-running the ad trust setup steps and restarting sssd did the trick.

Thank You!

----- Original Message -----
From: "Jakub Hrozek" <jhrozek at redhat.com>
To: "Jake" <freeipa at jacobdevans.com>
Cc: freeipa-users at redhat.com
Sent: Thursday, August 4, 2016 3:48:14 AM
Subject: Re: [Freeipa-users] Login Troubles with Centos7 and external users (4.2.0-15.0.1.el7.centos.17)

On Wed, Aug 03, 2016 at 08:38:00PM -0400, Jake wrote:
> Thanks Jakub,
> turns out 'getent password username at legacy.example.org' only works on 1 of the 4 ipa servers (the one I created the domain trust with).

OK, then we need to first fix all the servers before proceeding to the
clients.

> 
> I re-ran ipa-adtrust-install on them and no change, is there a similar post I can follow to correct these & retrace my steps or does the trust need configured on each.

For IPA:
    http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
For SSSD:
    https://fedorahosted.org/sssd/wiki/Troubleshooting

I would personally start with looking into the SSSD logs on the server
that is misbehaving.



From blipton at redhat.com  Thu Aug  4 16:08:20 2016
From: blipton at redhat.com (Ben Lipton)
Date: Thu, 4 Aug 2016 12:08:20 -0400
Subject: [Freeipa-users] Querying the dir srv
In-Reply-To: <OFC975F97C.B1FCD44B-ON07258005.00547B5C-07258005.0055512E@notes.na.collabserv.com>
References: <OFC975F97C.B1FCD44B-ON07258005.00547B5C-07258005.0055512E@notes.na.collabserv.com>
Message-ID: <bb6a92e4-206f-27f9-bb08-816a0b34f6c5@redhat.com>

On 08/04/2016 11:31 AM, Sean Hogan wrote:
>
> Hi All,
>
> Where can I find information about the IPA schema as in what = what in 
> the dir srv? I do not have a ldap viewer.
> I am looking to pull specific info from it such as a list of servers 
> that have enrolled = true and have been playing with ldapsearch to no 
> avail.
>

You could try something like 'ipa <objecttype>-show --all <object>' to 
see the dn of the associated LDAP object for a particular IPA entity. 
This would give you a sense of what tree to ldapsearch. You could try 
adding the --raw flag as well to see the LDAP attributes of the object.

# ipa user-show --all admin
   dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
[...]
# ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw> 
-b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' | 
perl -p0e 's/\n //g' | less

You can also take a look at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78 
for a list of LDAP entities that act as containers for IPA objects 
(subtrees to search under).

Someone else may have some better ideas, but maybe this can get you started.

Ben



From David.Alston at sabre.com  Thu Aug  4 16:11:03 2016
From: David.Alston at sabre.com (Alston, David)
Date: Thu, 4 Aug 2016 11:11:03 -0500
Subject: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain
In-Reply-To: <1470303060.3109.122.camel@redhat.com>
References: <2ACC1CF6D843104C9F5EA130AD3159B531C4550852@SGTULMMP001.Global.ad.sabre.com>
	<1470248895.3109.87.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C4550869@SGTULMMP001.Global.ad.sabre.com>
	<1470251597.3109.94.camel@redhat.com>
	<2ACC1CF6D843104C9F5EA130AD3159B531C45508B4@SGTULMMP001.Global.ad.sabre.com>
	<1470303060.3109.122.camel@redhat.com>
Message-ID: <2ACC1CF6D843104C9F5EA130AD3159B531C4550A44@SGTULMMP001.Global.ad.sabre.com>

Greetings!

     Thanks for clarifying.  That makes more sense now.

     I'm still not sure what sorts of headaches I would be running into if I do have FreeIPA and AD both managing servers in the company.com domain.  Somehow I need to find out if these are just mild headaches, or if they are incapacitating migraines that will drive us all insane.

--David Alston

-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com] 
Sent: Thursday, August 04, 2016 4:31 AM
To: Alston, David
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA and AD trusts on the same DNS domain

On Wed, 2016-08-03 at 15:22 -0500, Alston, David wrote:
> Greetings!
> 
> >> 2. Active Directory must never know anything about a DNS domain
> 
> >> freeipa.company.com (I'm not sure why)
> 
> > Correct because if that happened then AD considers the whole
> subdomain as part of its realm and trust routing will not work.
> 
> 
> Doesn't that mean that we have to have the FreeIPA servers on their 
> own DNS domain again?

No, you can use the Windows DNS, DNS management != AD Domain, what matters is that AD never had that DNS name as a child domain, with computer objects in it.

>   So we can't have linux-server.company.com and 
> windows-server.company.com (managed by FreeIPA and AD respectively) 
> because there has to be a SOA for .company.com somewhere and that is 
> already managed by AD (in our environment).

No you can't have this (if you want SSO and avoid headaches in general) no matter what you do. You have to keep server names on separate (sub)domains.
In some cases you can use CNAMEs though.

>      Also, thanks for your other answers.  They were very helpful :^)

You are welcome,
Simo.

> --David Alston
> 
> 
> -----Original Message-----
> From: Simo Sorce [mailto:simo at redhat.com]
> Sent: Wednesday, August 03, 2016 2:13 PM
> To: Alston, David
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FreeIPA and AD trusts on the same DNS 
> domain
> 
> On Wed, 2016-08-03 at 13:52 -0500, Alston, David wrote:
> > Greetings!
> 
> > 
> 
> >      That sounds like great news!   Just to make sure I understand correctly..
> 
> > 
> 
> > 1. Any server managed by FreeIPA must NEVER have had a computer 
> > object
> 
> > associated with them in AD?  (even if it has now been deleted)
> 
> No, what a random server does or has done is irrelevant in this sense, but see later, for caveats.
> 
> > 2. Active Directory must never know anything about a DNS domain
> 
> > freeipa.company.com (I'm not sure why)
> 
> Correct because if that happened then AD considers the whole subdomain as part of its realm and trust routing will not work.
> 
> > 3. My linux servers being managed by FreeIPA can still have the DNS
> 
> > domain company.com (instead of servername.freeipa.company.com)
> 
> Although the strict answer is yes, if you put a linux server joined to freeIPA in the AD DNS Domain then Single Sign On from Windows users will not work, as AD will consider all request for tickets to those servers as requests for itself and will never return referrals to the freeIPA KDCs for those TGS requests, so clients will not be able to get tickets for those servers. 
> 
> > 4. Single Signon to the Linux servers using AD credentials will 
> > still
> 
> > work
> 
> 
> No, see above.
> 
> > 5. (BONUS) I could even let AD trust user accounts created in FreeIPA?
> 
> 
> Not clear what you mean here. If you mean that IPA user accounts can operate in the Windows domain, the answer is technicaly yes, although because we do not expose (yet) a Global Catalog to the Windows AD servers, it will be hard to set ACLs on the Windows side to actually authorize freeIPA users to login to AD managed computers (it can probably be done via CLI, but not through AD administrative UIs).
> We plan to fix this in the near future by providing a GC service.
> 
> 
> HTH,
> Simo.
> 
> --
> Simo Sorce * Red Hat, Inc * New York
> 


--
Simo Sorce * Red Hat, Inc * New York




From Michael.Sean.Conley at raytheon.com  Thu Aug  4 16:23:57 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Thu, 4 Aug 2016 11:23:57 -0500
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
Message-ID: <OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>

Does ANYONE have any experience getting IPA to work with FIPS?

We're trying desperately to get this going, as we have some requirements
that the Identity Management Tool we choose must be FIPS 140-2 compliant.

AAAARRRRGGHHH

Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/a9d80912/attachment.htm>

From rcritten at redhat.com  Thu Aug  4 16:37:18 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 4 Aug 2016 12:37:18 -0400
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
Message-ID: <57A36F3E.5010809@redhat.com>

Michael Sean Conley wrote:
> Does ANYONE have any experience getting IPA to work with FIPS?
>
> We're trying desperately to get this going, as we have some requirements
> that the Identity Management Tool we choose must be FIPS 140-2 compliant.

No, it doesn't work in FIPS mode yet. If you open a support case with 
Red Hat your case can be added to 
https://bugzilla.redhat.com/show_bug.cgi?id=1125174

While most, if not all, of the individual components can run in FIPS 
mode there are a lot of moving parts to coordinate to ensure they comply 
with the FIPS Security Policy and to handle some corner cases in the 
management framework.

rob



From listeranon at gmail.com  Thu Aug  4 16:38:39 2016
From: listeranon at gmail.com (Anon Lister)
Date: Thu, 4 Aug 2016 12:38:39 -0400
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <CAMp204QRaP82CCc4qHuYwZwp_uimoofHSpbX_-7=amF2jn1gTw@mail.gmail.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<CAMp204R+N7aksTLCLmanVkjQBYCv5HJjHLqcH5R718ykGehfpA@mail.gmail.com>
	<CAMp204QRaP82CCc4qHuYwZwp_uimoofHSpbX_-7=amF2jn1gTw@mail.gmail.com>
Message-ID: <CAMp204S5Xn-UpNKjPMe1pDmyP1-TOk5FVXEV=ZuRgpN5kU2osA@mail.gmail.com>

I'd also like to throw in that the requirements you are facing are likely
requiring FIPS Certified, not just compliant, as I'm somewhat familiar with
them. (800-53 or 800-171)

Essentially it will have to fall back on the FIPS compliant openssl
implementation, however I believe there are other crypto routines used in
free IPA that are used to protect the confidentiality of information? Can
we get a response from devs on that?

The crypto only has to be FIPS if protecting confidentiality is its use.
Crypto protecting integrity only does not need to be FIPS.

On Aug 4, 2016 9:27 AM, "Michael Sean Conley" <
Michael.Sean.Conley at raytheon.com> wrote:

Does ANYONE have any experience getting IPA to work with FIPS?

We're trying desperately to get this going, as we have some requirements
that the Identity Management Tool we choose must be FIPS 140-2 compliant.

AAAARRRRGGHHH

*Michael Sean Conley*

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/6c02d483/attachment.htm>

From listeranon at gmail.com  Thu Aug  4 16:39:32 2016
From: listeranon at gmail.com (Anon Lister)
Date: Thu, 4 Aug 2016 12:39:32 -0400
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <CAMp204S5Xn-UpNKjPMe1pDmyP1-TOk5FVXEV=ZuRgpN5kU2osA@mail.gmail.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<CAMp204R+N7aksTLCLmanVkjQBYCv5HJjHLqcH5R718ykGehfpA@mail.gmail.com>
	<CAMp204QRaP82CCc4qHuYwZwp_uimoofHSpbX_-7=amF2jn1gTw@mail.gmail.com>
	<CAMp204S5Xn-UpNKjPMe1pDmyP1-TOk5FVXEV=ZuRgpN5kU2osA@mail.gmail.com>
Message-ID: <CAMp204QorS9GhJ2DzpY+DAJomQt45sGffMLSSjUcY0ZZzc5cxg@mail.gmail.com>

Sorry, certified openssl implementation*

On Aug 4, 2016 9:38 AM, "Anon Lister" <listeranon at gmail.com> wrote:

> I'd also like to throw in that the requirements you are facing are likely
> requiring FIPS Certified, not just compliant, as I'm somewhat familiar with
> them. (800-53 or 800-171)
>
> Essentially it will have to fall back on the FIPS compliant openssl
> implementation, however I believe there are other crypto routines used in
> free IPA that are used to protect the confidentiality of information? Can
> we get a response from devs on that?
>
> The crypto only has to be FIPS if protecting confidentiality is its use.
> Crypto protecting integrity only does not need to be FIPS.
>
> On Aug 4, 2016 9:27 AM, "Michael Sean Conley" <
> Michael.Sean.Conley at raytheon.com> wrote:
>
> Does ANYONE have any experience getting IPA to work with FIPS?
>
> We're trying desperately to get this going, as we have some requirements
> that the Identity Management Tool we choose must be FIPS 140-2 compliant.
>
> AAAARRRRGGHHH
>
> *Michael Sean Conley*
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/ca5aa9c0/attachment.htm>

From Michael.Sean.Conley at raytheon.com  Thu Aug  4 16:40:10 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Thu, 4 Aug 2016 11:40:10 -0500
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <57A36F3E.5010809@redhat.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<57A36F3E.5010809@redhat.com>
Message-ID: <OFA53EE66C.7021B595-ON86258005.005B7B73-86258005.005B91AA@raytheon.com>


Is there any indication of a timeframe for it to become FIPS compliant?  If
we are talking weeks, rather than years...

Michael Sean Conley




From:	Rob Crittenden <rcritten at redhat.com>
To:	Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
            freeipa-users at redhat.com
Date:	08/04/2016 11:37 AM
Subject:	Re: [Freeipa-users] IPA and FIPS 140-2



Michael Sean Conley wrote:
> Does ANYONE have any experience getting IPA to work with FIPS?
>
> We're trying desperately to get this going, as we have some requirements
> that the Identity Management Tool we choose must be FIPS 140-2 compliant.

No, it doesn't work in FIPS mode yet. If you open a support case with
Red Hat your case can be added to
https://bugzilla.redhat.com/show_bug.cgi?id=1125174

While most, if not all, of the individual components can run in FIPS
mode there are a lot of moving parts to coordinate to ensure they comply
with the FIPS Security Policy and to handle some corner cases in the
management framework.

rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/9a9fd7f7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/9a9fd7f7/attachment.gif>

From schogan at us.ibm.com  Thu Aug  4 16:43:53 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Thu, 4 Aug 2016 09:43:53 -0700
Subject: [Freeipa-users] Querying the dir srv
In-Reply-To: <bb6a92e4-206f-27f9-bb08-816a0b34f6c5@redhat.com>
References: <OFC975F97C.B1FCD44B-ON07258005.00547B5C-07258005.0055512E@notes.na.collabserv.com>
	<bb6a92e4-206f-27f9-bb08-816a0b34f6c5@redhat.com>
Message-ID: <OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com>


Thanks Ben.. appreciated..  will give it a go.  Do you guys recommend any
specific ldap viewer to view the internals?  I was looking at apache dir
studio I think it was... but needs java and I don't want to add java
to a server that does not have it increasing the mitigation/vulnerability
factor of the box.

I ran   ipa host-find --all
and noticed this setting in the list
 Keytab: True

I am thinking Keytab entry = enroll true

Sean Hogan






From:	Ben Lipton <blipton at redhat.com>
To:	Sean Hogan/Durham/IBM at IBMUS, freeipa-users
            <freeipa-users at redhat.com>
Date:	08/04/2016 09:08 AM
Subject:	Re: [Freeipa-users] Querying the dir srv



On 08/04/2016 11:31 AM, Sean Hogan wrote:
>
> Hi All,
>
> Where can I find information about the IPA schema as in what = what in
> the dir srv? I do not have a ldap viewer.
> I am looking to pull specific info from it such as a list of servers
> that have enrolled = true and have been playing with ldapsearch to no
> avail.
>

You could try something like 'ipa <objecttype>-show --all <object>' to
see the dn of the associated LDAP object for a particular IPA entity.
This would give you a sense of what tree to ldapsearch. You could try
adding the --raw flag as well to see the LDAP attributes of the object.

# ipa user-show --all admin
   dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
[...]
# ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw>
-b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' |
perl -p0e 's/\n //g' | less

You can also take a look at
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78
for a list of LDAP entities that act as containers for IPA objects
(subtrees to search under).

Someone else may have some better ideas, but maybe this can get you
started.

Ben



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/053164d9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/053164d9/attachment.gif>

From freeipa at jacobdevans.com  Thu Aug  4 16:54:40 2016
From: freeipa at jacobdevans.com (Jake)
Date: Thu, 4 Aug 2016 12:54:40 -0400 (EDT)
Subject: [Freeipa-users] kerberos auth from windows (windows 10 to cent7
	with ipa4.2)
Message-ID: <2100552480.9304.1470329680312@vegas.jacobdevans.com>

Hey All, 

Has anyone come across this issue when attempting to use kerberos auth from windows. 

PS C:\Users\jevans> ssh -V 
OpenSSH_7.1p2, OpenSSL 1.0.2h 3 May 2016 

running command: 
ssh ipaclient.ipa.example.com -K -v -oGSSAPIDelegateCredentials=yes -oGSSAPIAuthentication=yes 


debug1: Next authentication method: gssapi-with-mic 
debug1: Miscellaneous failure (see text) 
unable to find realm of host JEVANS 

debug1: Miscellaneous failure (see text) 
unable to find realm of host JEVANS 

debug2: we did not send a packet, disable method 


I have kerberos delegation enabled for my computer account, my machine is joined to a trusted AD and I'm attempting to auth with that trusted user. 

Thank You, 
-Jake 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/26f4fb48/attachment.htm>

From rcritten at redhat.com  Thu Aug  4 17:36:18 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 4 Aug 2016 13:36:18 -0400
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <CAMp204S5Xn-UpNKjPMe1pDmyP1-TOk5FVXEV=ZuRgpN5kU2osA@mail.gmail.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<CAMp204R+N7aksTLCLmanVkjQBYCv5HJjHLqcH5R718ykGehfpA@mail.gmail.com>
	<CAMp204QRaP82CCc4qHuYwZwp_uimoofHSpbX_-7=amF2jn1gTw@mail.gmail.com>
	<CAMp204S5Xn-UpNKjPMe1pDmyP1-TOk5FVXEV=ZuRgpN5kU2osA@mail.gmail.com>
Message-ID: <57A37D12.6090004@redhat.com>

Anon Lister wrote:
> I'd also like to throw in that the requirements you are facing are
> likely requiring FIPS Certified, not just compliant, as I'm somewhat
> familiar with them. (800-53 or 800-171)
>
> Essentially it will have to fall back on the FIPS compliant openssl
> implementation, however I believe there are other crypto routines used
> in free IPA that are used to protect the confidentiality of information?
> Can we get a response from devs on that?

IPA mostly uses NSS for its crypto.

rob

> The crypto only has to be FIPS if protecting confidentiality is its use.
> Crypto protecting integrity only does not need to be FIPS.
>
>
> On Aug 4, 2016 9:27 AM, "Michael Sean Conley"
> <Michael.Sean.Conley at raytheon.com
> <mailto:Michael.Sean.Conley at raytheon.com>> wrote:
>
>     Does ANYONE have any experience getting IPA to work with FIPS?
>
>     We're trying desperately to get this going, as we have some
>     requirements that the Identity Management Tool we choose must be
>     FIPS 140-2 compliant.
>
>     AAAARRRRGGHHH
>
>     *Michael Sean Conley*
>
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
>
>
>
>



From matt.comben at itdev.co.uk  Thu Aug  4 16:26:18 2016
From: matt.comben at itdev.co.uk (Matt Comben)
Date: Thu, 4 Aug 2016 16:26:18 +0000
Subject: [Freeipa-users] Active directory integration with FreeIPA domain
Message-ID: <VI1PR0802MB2624EF26B31690C6D5A092E3A8070@VI1PR0802MB2624.eurprd08.prod.outlook.com>

Hi all,

TLDR - Is it possible to sync users FROM FreeIPA TO 'AD'

I've started introducing FreeIPA into our network (which is currently LDAP with linux clients) and migration client servers to authenticate against FreeIPA (which has been working great).

In the past couple of weeks, we were forced to setup a couple of Windows servers, so AD seemed like a good improvement (for getting centralised authentication against our Windows workstations).

I have read tonnes of information about setting up Trusts between FreeIPA and AD (and got a Trust itself working) and winsync using ipa-replica-manage, which said it was working.
Although from all this testing, I cannot seem to get a solution working for user synchronisation (or trusting) for authentication on Windows clients for FreeIPA users. Either having users synced from FreeIPA to AD to have them authenticate through the AD through a Forest Trust.
FWIW, I'm using CentOS 7 with FreeIPA 4  (tried Ubuntu 16.04, but couldn't get Trust established at all) and Server 2012 for AD.
I also can't see anyone else doing it this way round... is what I'm trying to do impossible?

Thanks in advanced for any help

Thanks
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/33a58fa5/attachment.htm>

From rcritten at redhat.com  Thu Aug  4 18:23:26 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 4 Aug 2016 14:23:26 -0400
Subject: [Freeipa-users] Certificate Issues
In-Reply-To: <CADA3x2=7Z70oAytUZPrhsUzRsEOP3JiDEBm_qTzS8B54B9RKRw@mail.gmail.com>
References: <F7BEA64018495841A21D60717A05F7A25BA420E8@NAEAPHILXM03V.nadsusea.nads.navy.mil>
	<579A5EAC.5000102@redhat.com>
	<CADA3x2kYoHmXykdbuC_GJ1VCLFsw+vdB=WEfQ1wN6Z5GCAAy0A@mail.gmail.com>
	<CADA3x2mtkxA4WiFPH50Hr2CtYu_=siVvNX8v2iEcyrrqyoAPcg@mail.gmail.com>
	<579F6829.5010103@redhat.com>
	<CADA3x2=WWLdpWoFP2XxbGZ7qu3oU1=MkWcEa1DQ1CKJ_oNFVBQ@mail.gmail.com>
	<579F9C3F.7090804@redhat.com>
	<CADA3x2kQ+2tZ3Av2yH2VJgGX8Jhj2pqpAS_u+3fKqZdyb-xmqw@mail.gmail.com>
	<579F9EFF.6040804@redhat.com>
	<CADA3x2=7Z70oAytUZPrhsUzRsEOP3JiDEBm_qTzS8B54B9RKRw@mail.gmail.com>
Message-ID: <57A3881E.2010708@redhat.com>

Adam Lewis wrote:
> Yup. I'm currently still sitting back in time. But any time I try to
> resubmit either the ipaCert or the subsystemCert it errors out.
>
> getcert list shows :
> ca-error: Server at
> "https://ipa.local.domain:9443/ca/agent/ca/profileProcess" replied: 1:
> Authentication Error
>
> And the debug log shows:
> SignedAuditEventFactory: create()
> message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
> RA,O=MISS.ION] authentication failure
> ReviewReqServlet: Invalid Credential.
>
> Those appear to be the most significant messages. I'm disconnected so
> getting the full log info is difficult. If it's the only way let me know
> and I'll see what I can do. Worst case it'll just take me a while to
> re-type it.

Sorry for the delay.

Are you sure you are going to back far enough in time? Some of the certs 
expire at different points.

I typically use this to get the list of expiration dates
# getcert list | grep expires

Picking the "right" date can be tricky sometimes.

Some other things that the dogtag engineers suggested to test to ensure 
the CA is actually up:

Get the cert chain:

$ curl http://ipa.example.com:8080/ca/ee/ca/getCertChain

And ensure it can contact it's database by getting a cert:

$ curl 
'https://ipa.example.com:9443/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x1'

rob

>
> Thanks
>
>
> On Mon, Aug 1, 2016 at 3:11 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Adam Lewis wrote:
>
>         Yup, It's just the text string. I don't know how much this
>         matters but
>         when I ran the start-tracking for the ipaCert it didn't generate
>         a new
>         certificate. I'm still working off of serial number 7, which is what
>         it's been since we installed IPA. Is there some way/reason for me to
>         generate a whole new ipaCert?
>
>
>     certmonger will take care of that when renewal happens.
>
>     Did you go back in time to when this cert was valid?
>
>     rob
>
>
>         Thanks
>
>         On Mon, Aug 1, 2016 at 3:00 PM, Rob Crittenden
>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
>              Adam Lewis wrote:
>
>                  If you mean the usercertificate value from the ldapsearch
>                  command, then
>                  yes. That value matches the value from the certutil output.
>
>
>              The usercertificate in LDAP had the BEGIN/END stripped, right?
>
>              I'll cc a couple of the dogtag developers to see what they
>         think.
>
>              rob
>
>
>                  Thanks
>
>                  On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden
>                  <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>> wrote:
>
>                       Adam Lewis wrote:
>
>                           A quick update. We did some digging on the
>         segfault
>                  problem and
>                           I think
>                           it was due to having to update the trusts on
>         the CA
>                  cert. So we
>                           updated
>                           the certmonger package and certmonger now
>         starts again.
>                           However we're kind of back to square one where
>         we are still
>                           getting the
>                           AUTH_FAIL messages in the debug log.
>                           I have verified that the ipara entry's serial
>         number
>                  and cert
>                           match the
>                           serial number and cert from the one in
>         /etc/httpd/alias.
>
>
>                       How about the certificate PEM? Does it match the
>                  usercertificate in
>                       the dogtag LDAP server?
>
>                       rob
>
>
>                           Any other ideas?
>
>                           Thanks!
>
>                           On Mon, Aug 1, 2016 at 9:17 AM, Adam Lewis
>                  <alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>>> wrote:
>
>                                Rob,
>                                Thanks for pointing me in the right
>         direction.
>                  However after
>                                following the instructions in the above
>         mentioned
>                  doc I
>                           noticed a
>                                few things that are odd and have a new
>         problem.
>                  The first
>                           odd thing
>                                I noticed is that when I run service
>         pki-cad status it
>                           shows that my
>                                PKI Subsystem Type is "CA Clone (Security
>         Domain)"
>                                Shouldn't that say something like "CA
>         Master"?
>                                Second, when I ran the "ipa-getcert
>         resubmit -I [ID]"
>                           commands they
>                                all produced the same AUTH_FAIL message
>         in the
>                  debug log.
>
>                                Now the new problem...after pressing on and
>                  restarting things
>                                certmonger fails to start with a segfault.
>                                Starting certmonger: /bin/bash: line 1: 64935
>                  Segmentation
>                                fault      /usr/sbin/certmonger -S -p
>         /var/run
>                  certmonger.pid
>
>                                Thanks!
>
>                                On Thu, Jul 28, 2016 at 3:36 PM, Rob
>         Crittenden
>                           <rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>
>                                <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>> <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>
>                  <mailto:rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>>>>
>
>                           wrote:
>
>                                    Lewis, Adam M CIV NSWCDD, H11 wrote:
>
>                                        We are currently dead in the
>         water. Our
>                  OCSP, CA
>                           Audit, CA
>                                        Subsystem, and IPA RA certs
>         expired as of
>                  7/23/16.
>                           I found
>                                        and followed the instructions to
>         the letter
>
>
>
>         (http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_.3C_4.0)
>                                        however the CA Subsystem and IPA
>         RA certs
>                  will not
>                           renew.
>                                        I've backdated the server to make
>         sure the
>                  system
>                           was within
>                                        the renewal window, but that has
>         not help.
>
>
>                                    Those are the wrong instructions.
>
>                                    You want this instead,
>         https://access.redhat.com/solutions/643753
>
>                                    A bunch of it is for 2.2 but it isn't
>         exactly
>                  noted
>                           which parts.
>                                    A general rule is that you
>         don't/shouldn't
>                  need to directly
>                                    tweak the dogtag configuration or do
>         any of the
>                           start-tracking
>                                    work (though you may want to verify
>         that what/if
>                           anything you
>                                    changed from that wrong doc).
>
>                                        When I run getcert list it reports:
>                                        Ca-error: Sever at
>
>                    "https://<fqdn>:9443/ca/agent/ca/profileProcess"
>                           replied: 1:
>                                        Authentication Error
>                                        for both the IPA RA and CA
>         Subsystem certs
>
>                                        The debug log shows:
>                                        SignedAuditEventFactory: create()
>
>
>
>         message=[AuditEvent=AUTH_FAIL][SubjectID=$Unidentified$][Outcome=Failure][AuthMgr=certUserDBAuthMgr][AttemptedCred=CN=IPA
>                                        RA,O=MISS.ION] authentication failure
>                                        ReviewReqServlet: Invalid Credential.
>
>
>                                    The place to start is to get the
>         serial # of
>                  the ipaCert:
>
>                                    # certutil -L -d /etc/httpd/alias -n
>         ipaCert
>                  |grep Serial
>
>                                    Now get the user from the dogtag LDAP
>         server:
>
>                                    # ldapsearch -h `hostname` -p 7389 -x -D
>                  'cn=directory
>                           manager'
>                                    -W -b uid=ipara,ou=People,o=ipaca
>         description
>
>                                    The format is 2;<serial number>;<issuer
>                  subject>;<subject>
>
>                                    See if the serial # matches ipaCert. I'm
>                  guessing it won't.
>                                    Follow the instructions on the page I
>         cited to
>                  update
>                           the entry
>                                    with the current certificate and serial #
>                  values. That
>                           should
>                                    get you going.
>
>                                    rob
>
>
>
>                                        We are kind of in deep doo-doo
>         until this gets
>                           resolved.
>
>                                        We are running
>         ipa-server-3.0.0-47.el6_7.2
>                  on RHEL 6.5
>
>                                        Any thoughts?
>
>                                        Thanks!
>
>                                        Adam M. Lewis
>
>
>
>
>                                    --
>                                    Manage your subscription for the
>         Freeipa-users
>                  mailing
>                           list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>                                    Go to http://freeipa.org for more
>         info on the
>                  project
>
>
>
>
>                                --
>                                Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>>>
>                                10807 Allie Place
>                                Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>                  <tel:540-412-8643 <tel:540-412-8643>>>
>         <tel:540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>>
>                           <tel:540-412-8643 <tel:540-412-8643>
>         <tel:540-412-8643 <tel:540-412-8643>>>>
>
>
>
>
>
>                           --
>                           Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                           <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>
>                  <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>>>
>                           10807 Allie Place
>                           Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>> <tel:540-412-8643 <tel:540-412-8643>
>                  <tel:540-412-8643 <tel:540-412-8643>>>
>
>
>
>
>
>
>
>
>                  --
>                  Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>                  <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com> <mailto:alewis422 at gmail.com
>         <mailto:alewis422 at gmail.com>>>
>                  10807 Allie Place
>                  Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643> <tel:540-412-8643
>         <tel:540-412-8643>>
>
>
>
>
>
>
>         --
>         Adam M. Lewis
>         alewis422 at gmail.com <mailto:alewis422 at gmail.com>
>         <mailto:alewis422 at gmail.com <mailto:alewis422 at gmail.com>>
>         10807 Allie Place
>         Fredericksburg, VA 22408
>         540-412-8643 <tel:540-412-8643>
>
>
>
>
>
>
> --
> Adam M. Lewis
> alewis422 at gmail.com <mailto:alewis422 at gmail.com>
> 10807 Allie Place
> Fredericksburg, VA 22408
> 540-412-8643
>
>



From bob at jackland.demon.co.uk  Thu Aug  4 19:01:39 2016
From: bob at jackland.demon.co.uk (Bob Hinton)
Date: Thu, 4 Aug 2016 20:01:39 +0100
Subject: [Freeipa-users] How to delete a managed group [SOLVED]
In-Reply-To: <57A1EE07.6020303@redhat.com>
References: <21510afb-285a-3164-708a-331a622cc9ad@jackland.demon.co.uk>
	<dab831d9-a89d-f0be-da3b-3586929f3ed4@redhat.com>
	<1005674c-474b-cd42-172a-ff1283b3f993@jackland.demon.co.uk>
	<57A1EE07.6020303@redhat.com>
Message-ID: <950cf02a-f39a-5dc1-92de-13a6102a8c1e@jackland.demon.co.uk>

On 03/08/2016 14:13, Rob Crittenden wrote:
> Bob Hinton wrote:
>> On 03/08/2016 07:15, Petr Spacek wrote:
>>> On 3.8.2016 00:58, Bob Hinton wrote:
>>>> Hi,
>>>>
>>>> Something went wrong when trying to restore some preserved users so I
>>>> deleted them and then tried to recreate them. This failed with -
>>>>
>>>> ipa: ERROR: Unable to create private group. A group 'XXXXX' 
>>>> already exists.
>>>>
>>>> Trying to delete this group produces -
>>>>
>>>> ipa: ERROR: Unable to create private group. A group 'XXXXX' already
>>>> exists.
>>>>
>>>> Trying to detach it with
>>>>
>>>> ipa group-detach XXXXX
>>>>
>>>> produces
>>>>
>>>> ipa: ERROR: XXXXX: group not found
>>>>
>>>> ipa group-show XXXXX
>>> I would try
>>> $ ipa group show XXXXX --all --raw
>>>
>>> that could show us if there is something interesting like
>>> replication conflict
>>> or so.
>>>
>>> Petr^2 Spacek
>> Hi Petr,
>>
>> This produces ...
>>
>> ipa group-show XXXXX --all --raw
>>    dn: cn=XXXXX,cn=groups,cn=accounts,dc=local,dc=com
>>    cn: XXXXX
>>    description: User private group for XXXXX
>>    gidnumber: 799830053
>>    ipaUniqueID: 3b8e0ec8-58c4-11e6-806d-005056015864
>>    mepManagedBy: uid=XXXXX,cn=users,cn=accounts,dc=local,dc=com
>>    objectClass: posixgroup
>>    objectClass: ipaobject
>>    objectClass: mepManagedEntry
>>    objectClass: top
>>
>> We do have some replication problems at the moment - two recreated
>> replicas currently have two RUVs so this could this be how the user
>> delete completed without the corresponding group?
>
> Not sure. The 389-ds plugin should, by definition, remove the group
> when a user is deleted. I'd be more inclined to believe that the group
> was added and the user not in a replication event.
>
> Removing the group requires an ldapmodify:
>
> % kinit admin
> % ldapmodify -Y GSSAPI
> SASL/GSSAPI authentication started
> SASL username: admin at EXAMPLE.COM
> SASL SSF: 56
> SASL data security layer installed.
> dn: cn=deleteme,cn=groups,cn=accounts,dc=example,dc=com
> changetype: modify
> delete: objectclass
> objectclass: mepManagedEntry
> -
> delete: mepManagedBy
> mepManagedBy: uid=deleteme,cn=users,cn=accounts,dc=example,dc=com
> ^D
> modifying entry "cn=deleteme,cn=groups,cn=accounts,dc=example,dc=com"
>
> % ipa group-del deleteme
> ------------------------
> Deleted group "deleteme"
> ------------------------
>
> Makes me wonder if the managed entry plugin should allow deletion if
> the other side of the link doesn't exist. I'll investigate this.
>
> rob
> .
>
Hi Rob,

Your procedure detailed above allowed me to delete the old private
groups and then recreate the user accounts.

Many Thanks

Bob



From freeipa at jacobdevans.com  Thu Aug  4 20:08:42 2016
From: freeipa at jacobdevans.com (Jake)
Date: Thu, 4 Aug 2016 16:08:42 -0400 (EDT)
Subject: [Freeipa-users] unable to auth to IPA Web panel as trusted user
	(4.2)
Message-ID: <824877976.9517.1470341321994@vegas.jacobdevans.com>

Hey All, 
I've added external enterprise admins to my local admins group, however I cannot authenticate to the IPA web interface (nor can I request kerberos spn's to generate dogtag certs even if authenticated on a ipa client). 

Is it possible to use external ldap credentials to manage the IPA Admin panel as well as request certs, if so what group/roles must I add. 

Thank You! 
-Jake 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/0f8dea5e/attachment.htm>

From abokovoy at redhat.com  Thu Aug  4 20:49:39 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 4 Aug 2016 23:49:39 +0300
Subject: [Freeipa-users] Active directory integration with FreeIPA domain
In-Reply-To: <VI1PR0802MB2624EF26B31690C6D5A092E3A8070@VI1PR0802MB2624.eurprd08.prod.outlook.com>
References: <VI1PR0802MB2624EF26B31690C6D5A092E3A8070@VI1PR0802MB2624.eurprd08.prod.outlook.com>
Message-ID: <20160804204939.z52ljwdbljue7ixj@redhat.com>

On Thu, 04 Aug 2016, Matt Comben wrote:
>Hi all,
>
>TLDR - Is it possible to sync users FROM FreeIPA TO 'AD'
TLDR - No.

>
>I've started introducing FreeIPA into our network (which is currently
>LDAP with linux clients) and migration client servers to authenticate
>against FreeIPA (which has been working great).
>
>In the past couple of weeks, we were forced to setup a couple of
>Windows servers, so AD seemed like a good improvement (for getting
>centralised authentication against our Windows workstations).
>
>I have read tonnes of information about setting up Trusts between
>FreeIPA and AD (and got a Trust itself working) and winsync using
>ipa-replica-manage, which said it was working.  Although from all this
>testing, I cannot seem to get a solution working for user
>synchronisation (or trusting) for authentication on Windows clients for
>FreeIPA users. Either having users synced from FreeIPA to AD to have
>them authenticate through the AD through a Forest Trust.
>FWIW, I'm using CentOS 7 with FreeIPA 4  (tried Ubuntu 16.04, but
>couldn't get Trust established at all) and Server 2012 for AD.  I also
>can't see anyone else doing it this way round... is what I'm trying to
>do impossible?
We don't have certain features expected by AD DC from a trusted AD
environment implemented in FreeIPA. They are planned but not
implemented.

-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Thu Aug  4 20:50:14 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 4 Aug 2016 23:50:14 +0300
Subject: [Freeipa-users] unable to auth to IPA Web panel as trusted user
 (4.2)
In-Reply-To: <824877976.9517.1470341321994@vegas.jacobdevans.com>
References: <824877976.9517.1470341321994@vegas.jacobdevans.com>
Message-ID: <20160804205014.t7ffoqy47is4qekd@redhat.com>

On Thu, 04 Aug 2016, Jake wrote:
>Hey All,
>I've added external enterprise admins to my local admins group, however
>I cannot authenticate to the IPA web interface (nor can I request
>kerberos spn's to generate dogtag certs even if authenticated on a ipa
>client).
Not possible right now.

>Is it possible to use external ldap credentials to manage the IPA Admin
>panel as well as request certs, if so what group/roles must I add.
Not possible right now.

-- 
/ Alexander Bokovoy



From pgb205 at yahoo.com  Fri Aug  5 03:24:01 2016
From: pgb205 at yahoo.com (pgb205)
Date: Fri, 5 Aug 2016 03:24:01 +0000 (UTC)
Subject: [Freeipa-users] <hostname> is an IPA Server, but it might be unknown,
 foreign or previously deleted one
References: <1410733016.9392864.1470367441485.JavaMail.yahoo.ref@mail.yahoo.com>
Message-ID: <1410733016.9392864.1470367441485.JavaMail.yahoo@mail.yahoo.com>

my previous setup wassrv2->replica
srv1->srv2

I have removed replica and set it up with the one with identical hostname.Now ?I have replication from srv1->replica
and am trying to create another agreement from srv2=>replica
but i am getting the error message above. My guess is that old hostname is there somewherebut ipa-replica-manage del command does not produce any results.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/9148f442/attachment.htm>

From mbasti at redhat.com  Fri Aug  5 08:18:41 2016
From: mbasti at redhat.com (Martin Basti)
Date: Fri, 5 Aug 2016 10:18:41 +0200
Subject: [Freeipa-users] <hostname> is an IPA Server,
 but it might be unknown, foreign or previously deleted one
In-Reply-To: <1410733016.9392864.1470367441485.JavaMail.yahoo@mail.yahoo.com>
References: <1410733016.9392864.1470367441485.JavaMail.yahoo.ref@mail.yahoo.com>
	<1410733016.9392864.1470367441485.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <e63107d7-76b3-dc96-310c-bf850db40a61@redhat.com>



On 05.08.2016 05:24, pgb205 wrote:
> my previous setup was
> srv2->replica
> srv1->srv2
>
> I have removed replica and set it up with the one with identical hostname.
> Now  I have replication from srv1->replica
> and am trying to create another agreement from srv2=>replica
> but i am getting the error message above. My guess is that old 
> hostname is there somewhere
> but ipa-replica-manage del command does not produce any results.
>
>

Hello,

I don't see the error message you are referring

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/b3281e41/attachment.htm>

From mbasti at redhat.com  Fri Aug  5 08:25:29 2016
From: mbasti at redhat.com (Martin Basti)
Date: Fri, 5 Aug 2016 10:25:29 +0200
Subject: [Freeipa-users] Querying the dir srv
In-Reply-To: <OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com>
References: <OFC975F97C.B1FCD44B-ON07258005.00547B5C-07258005.0055512E@notes.na.collabserv.com>
	<bb6a92e4-206f-27f9-bb08-816a0b34f6c5@redhat.com>
	<OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com>
Message-ID: <bf7183db-a13d-c09a-e802-1a0f6de29716@redhat.com>



On 04.08.2016 18:43, Sean Hogan wrote:
>
> Thanks Ben.. appreciated.. will give it a go. Do you guys recommend 
> any specific ldap viewer to view the internals? I was looking at 
> apache dir studio I think it was... but needs java and I don't want to 
> add java
> to a server that does not have it increasing the 
> mitigation/vulnerability factor of the box.
>
> I ran ipa host-find --all
> and noticed this setting in the list
> Keytab: True
>
> I am thinking Keytab entry = enroll true
>
> Sean Hogan
>
>

You can use also --raw option together with --all to see raw LDAP values

I use apache directory studio and ldapsearch

Martin
>
>
>
> Inactive hide details for Ben Lipton ---08/04/2016 09:08:40 AM---On 
> 08/04/2016 11:31 AM, Sean Hogan wrote: >Ben Lipton ---08/04/2016 
> 09:08:40 AM---On 08/04/2016 11:31 AM, Sean Hogan wrote: >
>
> From: Ben Lipton <blipton at redhat.com>
> To: Sean Hogan/Durham/IBM at IBMUS, freeipa-users <freeipa-users at redhat.com>
> Date: 08/04/2016 09:08 AM
> Subject: Re: [Freeipa-users] Querying the dir srv
>
> ------------------------------------------------------------------------
>
>
>
> On 08/04/2016 11:31 AM, Sean Hogan wrote:
> >
> > Hi All,
> >
> > Where can I find information about the IPA schema as in what = what in
> > the dir srv? I do not have a ldap viewer.
> > I am looking to pull specific info from it such as a list of servers
> > that have enrolled = true and have been playing with ldapsearch to no
> > avail.
> >
>
> You could try something like 'ipa <objecttype>-show --all <object>' to
> see the dn of the associated LDAP object for a particular IPA entity.
> This would give you a sense of what tree to ldapsearch. You could try
> adding the --raw flag as well to see the LDAP attributes of the object.
>
> # ipa user-show --all admin
>   dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
> [...]
> # ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw>
> -b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' |
> perl -p0e 's/\n //g' | less
>
> You can also take a look at
> https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78
> for a list of LDAP entities that act as containers for IPA objects
> (subtrees to search under).
>
> Someone else may have some better ideas, but maybe this can get you 
> started.
>
> Ben
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/09b8738d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/09b8738d/attachment.gif>

From mkosek at redhat.com  Fri Aug  5 11:33:21 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Fri, 5 Aug 2016 13:33:21 +0200
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <OFA53EE66C.7021B595-ON86258005.005B7B73-86258005.005B91AA@raytheon.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<57A36F3E.5010809@redhat.com>
	<OFA53EE66C.7021B595-ON86258005.005B7B73-86258005.005B91AA@raytheon.com>
Message-ID: <e6942e8f-4a9f-0361-5c50-4241dad14a8e@redhat.com>

Are you now asking about when upstream version is FIPS compliant or some
downstream distribution? If you are asking about RHEL, as indicated by
https://bugzilla.redhat.com/show_bug.cgi?id=1125174
the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it is
too late to add it there.

However, as Rob mentioned, it would really great if you file a support case (if
we are talking about RHEL) and get it linked to that bug. Due to the interest,
it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt and
you may also receive updates on development status.

Martin

On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
> Is there any indication of a timeframe for it to become FIPS compliant?  If we
> are talking weeks, rather than years...
> 
> *Michael Sean Conley*
> 
> 
> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23 AM---Michael
> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden ---08/04/2016
> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any experience
> getting IPA to work with FIPS?
> 
> From: Rob Crittenden <rcritten at redhat.com>
> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
> freeipa-users at redhat.com
> Date: 08/04/2016 11:37 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
> 
> -------------------------------------------------------------------------------
> 
> 
> 
> Michael Sean Conley wrote:
>> Does ANYONE have any experience getting IPA to work with FIPS?
>>
>> We're trying desperately to get this going, as we have some requirements
>> that the Identity Management Tool we choose must be FIPS 140-2 compliant.
> 
> No, it doesn't work in FIPS mode yet. If you open a support case with
> Red Hat your case can be added to
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
> 
> While most, if not all, of the individual components can run in FIPS
> mode there are a lot of moving parts to coordinate to ensure they comply
> with the FIPS Security Policy and to handle some corner cases in the
> management framework.
> 
> rob
> 
> 
> 



From rcritten at redhat.com  Fri Aug  5 13:28:29 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 5 Aug 2016 09:28:29 -0400
Subject: [Freeipa-users] <hostname> is an IPA Server,
 but it might be unknown, foreign or previously deleted one
In-Reply-To: <e63107d7-76b3-dc96-310c-bf850db40a61@redhat.com>
References: <1410733016.9392864.1470367441485.JavaMail.yahoo.ref@mail.yahoo.com>
	<1410733016.9392864.1470367441485.JavaMail.yahoo@mail.yahoo.com>
	<e63107d7-76b3-dc96-310c-bf850db40a61@redhat.com>
Message-ID: <57A4947D.6070309@redhat.com>

Martin Basti wrote:
>
>
> On 05.08.2016 05:24, pgb205 wrote:
>> my previous setup was
>> srv2->replica
>> srv1->srv2
>>
>> I have removed replica and set it up with the one with identical hostname.
>> Now  I have replication from srv1->replica
>> and am trying to create another agreement from srv2=>replica
>> but i am getting the error message above. My guess is that old
>> hostname is there somewhere
>> but ipa-replica-manage del command does not produce any results.
>>
>>
>
> Hello,
>
> I don't see the error message you are referring

This is an IPA 3.0 error message from ticket 
https://fedorahosted.org/freeipa/ticket/3105

What do you mean you removed it and setup an identical one? Did you do 
this with ipa-replica-install?

ipa-replica-manage is looking up the masters and it doesn't consider 
replica a master which is why it is throwing this error. I'd 
double-check that replication is working properly.

On each master run: ipa-replica-manage list -v `hostname`

And really, ipa-replica-manage list should show a list of all known masters.
rob



From pvoborni at redhat.com  Fri Aug  5 13:32:36 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Fri, 5 Aug 2016 15:32:36 +0200
Subject: [Freeipa-users] Querying the dir srv
In-Reply-To: <OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com>
References: <OFC975F97C.B1FCD44B-ON07258005.00547B5C-07258005.0055512E@notes.na.collabserv.com>
	<bb6a92e4-206f-27f9-bb08-816a0b34f6c5@redhat.com>
	<OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com>
Message-ID: <3f6c56d3-4a1a-63e8-c724-70ca04f562f0@redhat.com>

On 08/04/2016 06:43 PM, Sean Hogan wrote:
> Thanks Ben.. appreciated.. will give it a go. Do you guys recommend any specific 
> ldap viewer to view the internals? I was looking at apache dir studio I think it 
> was... but needs java and I don't want to add java
> to a server that does not have it increasing the mitigation/vulnerability factor 
> of the box.
> 
> I ran ipa host-find --all
> and noticed this setting in the list
> Keytab: True
> 
> I am thinking Keytab entry = enroll true

That is correct. Entrolled == true in Web UI means has_keytab in CLI
which means that the host object has krbprincipalkey LDAP attribute set.


> 
> Sean Hogan
> 
> 
> 
> 
> Inactive hide details for Ben Lipton ---08/04/2016 09:08:40 AM---On 08/04/2016 
> 11:31 AM, Sean Hogan wrote: >Ben Lipton ---08/04/2016 09:08:40 AM---On 
> 08/04/2016 11:31 AM, Sean Hogan wrote: >
> 
> From: Ben Lipton <blipton at redhat.com>
> To: Sean Hogan/Durham/IBM at IBMUS, freeipa-users <freeipa-users at redhat.com>
> Date: 08/04/2016 09:08 AM
> Subject: Re: [Freeipa-users] Querying the dir srv
> 
> --------------------------------------------------------------------------------
> 
> 
> 
> On 08/04/2016 11:31 AM, Sean Hogan wrote:
>  >
>  > Hi All,
>  >
>  > Where can I find information about the IPA schema as in what = what in
>  > the dir srv? I do not have a ldap viewer.
>  > I am looking to pull specific info from it such as a list of servers
>  > that have enrolled = true and have been playing with ldapsearch to no
>  > avail.
>  >
> 
> You could try something like 'ipa <objecttype>-show --all <object>' to
> see the dn of the associated LDAP object for a particular IPA entity.
> This would give you a sense of what tree to ldapsearch. You could try
> adding the --raw flag as well to see the LDAP attributes of the object.
> 
> # ipa user-show --all admin
>    dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
> [...]
> # ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw>
> -b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' |
> perl -p0e 's/\n //g' | less
> 
> You can also take a look at
> https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78
> for a list of LDAP entities that act as containers for IPA objects
> (subtrees to search under).
> 
> Someone else may have some better ideas, but maybe this can get you started.
> 
> Ben
> 
> 
> 
> 
> 
> 


-- 
Petr Vobornik



From linov.suresh at gmail.com  Fri Aug  5 14:52:43 2016
From: linov.suresh at gmail.com (Linov Suresh)
Date: Fri, 5 Aug 2016 10:52:43 -0400
Subject: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE
Message-ID: <CALdvvBNDxo04iKFpepzU_sPpYCwfG9zBwZN58ZROOF4B++y91g@mail.gmail.com>

We have FreeIPA 3.0.0 running on CentOS 6.4 and master-ipa01 (configured
with --setup-ca option) and replica- ipa02 (configured without --setup-ca)
option.

We use a script ipa clients to the server, when we tried to add new ipa
clients, we are getting error,

*ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information (KDC
returned error string: NOT_ALLOWED_TO_DELEGATE)*

What we have noticed is, memberPrincipal: HTTP/ipa02.teloip.net at TELOIP.NET
missing on both master and replica servers

IPA Master,

[root at ipa01 ~]# ldapsearch -x -b
cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
# extended LDIF
#
# LDAPv3
# base <cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with
scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ipa-http-delegation, s4u2proxy, etc, teloip.net
dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: ipaKrb5DelegationACL
objectClass: groupOfPrincipals
objectClass: top
ipaAllowedTarget:
cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
ipaAllowedTarget:
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
cn: ipa-http-delegation

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root at ipa01 ~]#

IPA Replica,

[root at ipa02 /]# ldapsearch -x -b
cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
# extended LDIF
#
# LDAPv3
# base <cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with
scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ipa-http-delegation, s4u2proxy, etc, teloip.net
dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
cn: ipa-http-delegation
memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
ipaAllowedTarget:
cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
ipaAllowedTarget:
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: ipaKrb5DelegationACL
objectClass: groupOfPrincipals
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Your help is highly appreciated,

Linov Suresh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/55305ed0/attachment.htm>

From pgb205 at yahoo.com  Fri Aug  5 15:37:29 2016
From: pgb205 at yahoo.com (pgb205)
Date: Fri, 5 Aug 2016 15:37:29 +0000 (UTC)
Subject: [Freeipa-users] <hostname> is an IPA Server,
 but it might be unknown, foreign or previously deleted one
In-Reply-To: <57A4947D.6070309@redhat.com>
References: <1410733016.9392864.1470367441485.JavaMail.yahoo.ref@mail.yahoo.com>
	<1410733016.9392864.1470367441485.JavaMail.yahoo@mail.yahoo.com>
	<e63107d7-76b3-dc96-310c-bf850db40a61@redhat.com>
	<57A4947D.6070309@redhat.com>
Message-ID: <554769852.9910050.1470411449146.JavaMail.yahoo@mail.yahoo.com>

so initially the setup waswith ipa-server-03 having replication to ipa-server-02i have then decomissioned ipa-server-03 and setup a new one with the same name.right now replication is between ipa-server-03 and ipa-server-01 but i would want to add anotherreplication agreement 02 and 03 same as before but am getting the error message.
All systems are centos 7 so I'd expect freeipa to be the latest version.

      From: Rob Crittenden <rcritten at redhat.com>
 To: Martin Basti <mbasti at redhat.com>; pgb205 <pgb205 at yahoo.com>; Freeipa-users <freeipa-users at redhat.com> 
 Sent: Friday, August 5, 2016 9:28 AM
 Subject: Re: [Freeipa-users] <hostname> is an IPA Server, but it might be unknown, foreign or previously deleted one
   
Martin Basti wrote:
>
>
> On 05.08.2016 05:24, pgb205 wrote:
>> my previous setup was
>> srv2->replica
>> srv1->srv2
>>
>> I have removed replica and set it up with the one with identical hostname.
>> Now? I have replication from srv1->replica
>> and am trying to create another agreement from srv2=>replica
>> but i am getting the error message above. My guess is that old
>> hostname is there somewhere
>> but ipa-replica-manage del command does not produce any results.
>>
>>
>
> Hello,
>
> I don't see the error message you are referring

This is an IPA 3.0 error message from ticket 
https://fedorahosted.org/freeipa/ticket/3105

What do you mean you removed it and setup an identical one? Did you do 
this with ipa-replica-install?

ipa-replica-manage is looking up the masters and it doesn't consider 
replica a master which is why it is throwing this error. I'd 
double-check that replication is working properly.

On each master run: ipa-replica-manage list -v `hostname`

And really, ipa-replica-manage list should show a list of all known masters.
rob


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/89b32d25/attachment.htm>

From rcritten at redhat.com  Fri Aug  5 15:50:02 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 5 Aug 2016 11:50:02 -0400
Subject: [Freeipa-users] <hostname> is an IPA Server,
 but it might be unknown, foreign or previously deleted one
In-Reply-To: <554769852.9910050.1470411449146.JavaMail.yahoo@mail.yahoo.com>
References: <1410733016.9392864.1470367441485.JavaMail.yahoo.ref@mail.yahoo.com>
	<1410733016.9392864.1470367441485.JavaMail.yahoo@mail.yahoo.com>
	<e63107d7-76b3-dc96-310c-bf850db40a61@redhat.com>
	<57A4947D.6070309@redhat.com>
	<554769852.9910050.1470411449146.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <57A4B5AA.8020706@redhat.com>

pgb205 wrote:
> so initially the setup was
> with ipa-server-03 having replication to ipa-server-02
> i have then decomissioned ipa-server-03 and setup a new one with the
> same name.
> right now replication is between ipa-server-03 and ipa-server-01 but i
> would want to add another
> replication agreement 02 and 03 same as before but am getting the error
> message.

Details, need details. What does decommissioned mean? What commands did 
you run?

How were the current agreements created? ipa-replica-manage, 
automatically when one was created as a replica of another?

> All systems are centos 7 so I'd expect freeipa to be the latest version.

Latest doesn't mean anything, especially if someone finds this thread in 
the future.

rpm -q ipa-server

rob

>
>
> ------------------------------------------------------------------------
> *From:* Rob Crittenden <rcritten at redhat.com>
> *To:* Martin Basti <mbasti at redhat.com>; pgb205 <pgb205 at yahoo.com>;
> Freeipa-users <freeipa-users at redhat.com>
> *Sent:* Friday, August 5, 2016 9:28 AM
> *Subject:* Re: [Freeipa-users] <hostname> is an IPA Server, but it might
> be unknown, foreign or previously deleted one
>
> Martin Basti wrote:
>
>  >
>  >
>  > On 05.08.2016 05:24, pgb205 wrote:
>  >> my previous setup was
>  >> srv2->replica
>  >> srv1->srv2
>  >>
>  >> I have removed replica and set it up with the one with identical
> hostname.
>  >> Now  I have replication from srv1->replica
>  >> and am trying to create another agreement from srv2=>replica
>  >> but i am getting the error message above. My guess is that old
>  >> hostname is there somewhere
>  >> but ipa-replica-manage del command does not produce any results.
>  >>
>  >>
>  >
>  > Hello,
>  >
>  > I don't see the error message you are referring
>
>
> This is an IPA 3.0 error message from ticket
> https://fedorahosted.org/freeipa/ticket/3105
>
> What do you mean you removed it and setup an identical one? Did you do
> this with ipa-replica-install?
>
> ipa-replica-manage is looking up the masters and it doesn't consider
> replica a master which is why it is throwing this error. I'd
> double-check that replication is working properly.
>
> On each master run: ipa-replica-manage list -v `hostname`
>
> And really, ipa-replica-manage list should show a list of all known masters.
> rob
>
>
>



From harri at afaics.de  Sun Aug  7 14:00:26 2016
From: harri at afaics.de (Harald Dunkel)
Date: Sun, 7 Aug 2016 16:00:26 +0200
Subject: [Freeipa-users] core dump within ipa-backup
Message-ID: <8d0b39fe-8b79-7e61-3545-deb8ccf674c2@afaics.de>

Hi folks,

ipa-backup gives me 2 segmentation faults in the logfile (see
attachment). Platform is Centos 7.2.

Is this something to worry about?


Every helpful comment is highly appreciated
Harri
-------------- next part --------------
Preparing backup on ipa1.example.com
Stopping IPA services
Backing up ipaca in EXAMPLE-COM to LDIF
db2ldif failed: [07/Aug/2016:15:49:08 +0200] - userRoot: entry cache size: 10485760B; db size: 5160960B
[07/Aug/2016:15:49:08 +0200] - ipaca: entry cache size: 10485760B; db size: 3268608B
[07/Aug/2016:15:49:08 +0200] - WARNING: changelog: entry cache size 2097152B is less than db size 112590848B; We recommend to increase the entry cache size nsslapd-cachememsize.
[07/Aug/2016:15:49:08 +0200] - Total entry cache size: 23068672B; dbcache size: 10000000B; available memory size: 3600707584B
[07/Aug/2016:15:49:08 +0200] ldbm_usn_init - backend: changelog (global mode)
[07/Aug/2016:15:49:08 +0200] ldbm_usn_init - backend: userRoot (global mode)
[07/Aug/2016:15:49:08 +0200] ldbm_usn_init - backend: ipaca (global mode)
[07/Aug/2016:15:49:08 +0200] nis-plugin - scheduled nis-plugin tree scan in about 5 seconds after the server startup!
[07/Aug/2016:15:49:08 +0200] schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup!
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target ou=sudoers,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[07/Aug/2016:15:49:08 +0200] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition.
[07/Aug/2016:15:49:08 +0200] ldbm_back_add - conn=0 op=0 modify_term: old_entry=0x0, new_entry=0x0
ldiffile: /var/lib/dirsrv/slapd-EXAMPLE-COM/ldif/EXAMPLE-COM-ipaca.ldif
[07/Aug/2016:15:49:08 +0200] nis-plugin - nis-plugin tree scan will start in about 5 seconds!
[07/Aug/2016:15:49:08 +0200] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x556cf345f780, new_entry=0x7f47a0003170, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x556cf345f780, new_entry=0x7f47a0003170, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x556cf345f780, new_entry=0x7f47a0003170, in_cache=1
[07/Aug/2016:15:49:08 +0200] - export ipaca: Processed 324 entries (100%).
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a0003170, new_entry=0x7f47a000b8f0, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a0003170, new_entry=0x7f47a000b8f0, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a0003170, new_entry=0x7f47a000b8f0, in_cache=1
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a000b8f0, new_entry=0x7f47a0001300, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a000b8f0, new_entry=0x7f47a0001300, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a000b8f0, new_entry=0x7f47a0001300, in_cache=1
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a0001300, new_entry=0x7f47a0003170, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a0001300, new_entry=0x7f47a0003170, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a0001300, new_entry=0x7f47a0003170, in_cache=1
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a0003170, new_entry=0x7f47a000e820, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a0003170, new_entry=0x7f47a000e820, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a0003170, new_entry=0x7f47a000e820, in_cache=1
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a000e820, new_entry=0x7f47a000dd50, rc=0
[07/Aug/2016:15:49:08 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a000e820, new_entry=0x7f47a000dd50, rc=0
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a000e820, new_entry=0x7f47a000dd50, in_cache=1
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a000dd50, new_entry=0x7f47a0000f20, rc=0
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a000dd50, new_entry=0x7f47a0000f20, rc=0
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a000dd50, new_entry=0x7f47a0000f20, in_cache=1
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f47a0000f20, new_entry=0x7f47a00044b0, rc=0
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f47a0000f20, new_entry=0x7f47a00044b0, rc=0
[07/Aug/2016:15:49:09 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f47a0000f20, new_entry=0x7f47a00044b0, in_cache=1
*** Error in `/usr/sbin/ns-slapd': double free or corruption (out): 0x00007f47b00008e0 ***
======= Backtrace: =========
/usr/lib64/libc.so.6(+0x7d053)[0x7f47cc9be053]
/usr/lib64/dirsrv/libslapd.so.0(slapi_ch_free+0x16)[0x7f47cf138a26]
/usr/lib64/dirsrv/plugins/libcos-plugin.so(cos_cache_release+0x282)[0x7f47c512d6a2]
/usr/lib64/dirsrv/plugins/libcos-plugin.so(+0x79ff)[0x7f47c512e9ff]
/usr/lib64/dirsrv/libslapd.so.0(slapi_vattr_namespace_value_compare_sp+0x1d5)[0x7f47cf1c1ae5]
/usr/lib64/dirsrv/libslapd.so.0(slapi_vattr_value_compare+0x1d)[0x7f47cf1c1b6d]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x14ebf)[0x7f47c18f6ebf]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0xfa59)[0x7f47c18f1a59]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x10ba6)[0x7f47c18f2ba6]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x1267c)[0x7f47c18f467c]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x4bb3)[0x7f47c18e6bb3]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x55e2)[0x7f47c18e75e2]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x6c76)[0x7f47c18e8c76]
/usr/lib64/dirsrv/libslapd.so.0(send_ldap_search_entry_ext+0x2bd)[0x7f47cf19d5cd]
/usr/lib64/dirsrv/libslapd.so.0(send_ldap_search_entry+0x1c)[0x7f47cf19de0c]
/usr/lib64/dirsrv/libslapd.so.0(+0x94b33)[0x7f47cf17ab33]
/usr/lib64/dirsrv/libslapd.so.0(+0x94cda)[0x7f47cf17acda]
/usr/lib64/dirsrv/libslapd.so.0(op_shared_search+0x11ee)[0x7f47cf17c6be]
/usr/lib64/dirsrv/libslapd.so.0(+0xa694e)[0x7f47cf18c94e]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0xb308)[0x7f47c18ed308]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x628d)[0x7f47c18e828d]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x6e31)[0x7f47c18e8e31]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x1d367)[0x7f47c18ff367]
/usr/lib64/libnspr4.so(+0x2896b)[0x7f47cd36996b]
/usr/lib64/libpthread.so.0(+0x7dc5)[0x7f47ccd0adc5]
/usr/lib64/libc.so.6(clone+0x6d)[0x7f47cca37ced]
======= Memory map: ========
556cf1327000-556cf1382000 r-xp 00000000 08:04 141065                     /usr/sbin/ns-slapd
556cf1582000-556cf1584000 r--p 0005b000 08:04 141065                     /usr/sbin/ns-slapd
556cf1584000-556cf1585000 rw-p 0005d000 08:04 141065                     /usr/sbin/ns-slapd
556cf2e88000-556cf3771000 rw-p 00000000 00:00 0                          [heap]
7f47a0000000-7f47a0021000 rw-p 00000000 00:00 0 
7f47a0021000-7f47a4000000 ---p 00000000 00:00 0 
7f47a4000000-7f47a4021000 rw-p 00000000 00:00 0 
7f47a4021000-7f47a8000000 ---p 00000000 00:00 0 
7f47aaffe000-7f47aafff000 ---p 00000000 00:00 0 
7f47aafff000-7f47ab7ff000 rw-p 00000000 00:00 0 
7f47ab7ff000-7f47ab800000 ---p 00000000 00:00 0 
7f47ab800000-7f47ac000000 rw-p 00000000 00:00 0 
7f47ac000000-7f47ac021000 rw-p 00000000 00:00 0 
7f47ac021000-7f47b0000000 ---p 00000000 00:00 0 
7f47b0000000-7f47b0021000 rw-p 00000000 00:00 0 
7f47b0021000-7f47b4000000 ---p 00000000 00:00 0 
7f47b4000000-7f47b402d000 rw-p 00000000 00:00 0 
7f47b402d000-7f47b8000000 ---p 00000000 00:00 0 
7f47b8be1000-7f47b8be2000 ---p 00000000 00:00 0 
7f47b8be2000-7f47b93e2000 rw-p 00000000 00:00 0 
7f47b93e2000-7f47b93e3000 ---p 00000000 00:00 0 
7f47b93e3000-7f47b9be3000 rw-p 00000000 00:00 0 
7f47b9be3000-7f47b9be4000 ---p 00000000 00:00 0 
7f47b9be4000-7f47ba3e4000 rw-p 00000000 00:00 0 
7f47ba3e4000-7f47ba3e5000 ---p 00000000 00:00 0 
7f47ba3e5000-7f47babe5000 rw-p 00000000 00:00 0 
7f47babe5000-7f47babed000 r-xp 00000000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f47babed000-7f47badec000 ---p 00008000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f47badec000-7f47baded000 r--p 00007000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f47baded000-7f47badee000 rw-p 00008000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f47badee000-7f47badef000 ---p 00000000 00:00 0 
7f47badef000-7f47bb5ef000 rw-p 00000000 00:00 0 
7f47bb5ef000-7f47bb5f0000 ---p 00000000 00:00 0 
7f47bb5f0000-7f47bbdf0000 rw-p 00000000 00:00 0 
7f47bbdf0000-7f47bbdf1000 ---p 00000000 00:00 0 
7f47bbdf1000-7f47bc5f1000 rw-p 00000000 00:00 0 
7f47bc5f1000-7f47bc5f2000 ---p 00000000 00:00 0 
7f47bc5f2000-7f47bcdf2000 rw-p 00000000 00:00 0 
7f47bcdf2000-7f47bcdf3000 ---p 00000000 00:00 0 
7f47bcdf3000-7f47bd5f3000 rw-p 00000000 00:00 0 
7f47bd5f3000-7f47be1e1000 rw-s 00000000 08:04 132061                     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/__db.003
7f47be1e1000-7f47be429000 rw-s 00000000 08:04 131908                     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/__db.002
7f47be429000-7f47bec6f000 rw-s 00000000 08:04 131698                     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/__db.001
7f47bec6f000-7f47bec8f000 r-xp 00000000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f47bec8f000-7f47bee8f000 ---p 00020000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f47bee8f000-7f47bee90000 r--p 00020000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f47bee90000-7f47bee91000 rw-p 00021000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f47bee91000-7f47bef0a000 r-xp 00000000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f47bef0a000-7f47bf109000 ---p 00079000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f47bf109000-7f47bf10c000 r--p 00078000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f47bf10c000-7f47bf10d000 rw-p 0007b000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f47bf10d000-7f47bf111000 rw-p 00000000 00:00 0 
7f47bf111000-7f47bf1c2000 r-xp 00000000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f47bf1c2000-7f47bf3c1000 ---p 000b1000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f47bf3c1000-7f47bf3c3000 r--p 000b0000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f47bf3c3000-7f47bf3c6000 rw-p 000b2000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f47bf3c6000-7f47bf402000 r-xp 00000000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f47bf402000-7f47bf602000 ---p 0003c000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f47bf602000-7f47bf603000 r--p 0003c000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f47bf603000-7f47bf604000 rw-p 0003d000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f47bf604000-7f47bf605000 r-xp 00000000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f47bf605000-7f47bf805000 ---p 00001000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f47bf805000-7f47bf806000 r--p 00001000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f47bf806000-7f47bf807000 rw-p 00002000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f47bf807000-7f47bf80c000 r-xp 00000000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f47bf80c000-7f47bfa0b000 ---p 00005000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f47bfa0b000-7f47bfa0c000 r--p 00004000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f47bfa0c000-7f47bfa0d000 rw-p 00005000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f47bfa0d000-7f47bfa13000 r-xp 00000000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f47bfa13000-7f47bfc12000 ---p 00006000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f47bfc12000-7f47bfc13000 r--p 00005000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f47bfc13000-7f47bfc14000 rw-p 00006000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f47bfc14000-7f47bfc17000 r-xp 00000000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f47bfc17000-7f47bfe16000 ---p 00003000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f47bfe16000-7f47bfe17000 r--p 00002000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f47bfe17000-7f47bfe18000 rw-p 00003000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f47bfe18000-7f47bfe1a000 r-xp 00000000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f47bfe1a000-7f47c001a000 ---p 00002000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f47c001a000-7f47c001b000 r--p 00002000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f47c001b000-7f47c001c000 rw-p 00003000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f47c001c000-7f47c0043000 r-xp 00000000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f47c0043000-7f47c0242000 ---p 00027000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f47c0242000-7f47c0243000 r--p 00026000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f47c0243000-7f47c0244000 rw-p 00027000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f47c0244000-7f47c0248000 r-xp 00000000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f47c0248000-7f47c0447000 ---p 00004000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f47c0447000-7f47c0448000 r--p 00003000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f47c0448000-7f47c0449000 rw-p 00004000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f47c0449000-7f47c0451000 r-xp 00000000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f47c0451000-7f47c0650000 ---p 00008000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f47c0650000-7f47c0651000 r--p 00007000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f47c0651000-7f47c0652000 rw-p 00008000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f47c0652000-7f47c065c000 r-xp 00000000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f47c065c000-7f47c085b000 ---p 0000a000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f47c085b000-7f47c085c000 r--p 00009000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f47c085c000-7f47c085d000 rw-p 0000a000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f47c085d000-7f47c0865000 r-xp 00000000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f47c0865000-7f47c0a64000 ---p 00008000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f47c0a64000-7f47c0a65000 r--p 00007000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f47c0a65000-7f47c0a66000 rw-p 00008000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f47c0a66000-7f47c0a67000 rw-p 00000000 00:00 0 
7f47c0a67000-7f47c0a79000 r-xp 00000000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f47c0a79000-7f47c0c78000 ---p 00012000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f47c0c78000-7f47c0c79000 r--p 00011000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f47c0c79000-7f47c0c7a000 rw-p 00012000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f47c0c7a000-7f47c0c7e000 r-xp 00000000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f47c0c7e000-7f47c0e7d000 ---p 00004000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f47c0e7d000-7f47c0e7e000 r--p 00003000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f47c0e7e000-7f47c0e7f000 rw-p 00004000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f47c0e7f000-7f47c0e9a000 r-xp 00000000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f47c0e9a000-7f47c109a000 ---p 0001b000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f47c109a000-7f47c109b000 r--p 0001b000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f47c109b000-7f47c109c000 rw-p 0001c000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f47c109c000-7f47c10a6000 rw-p 00000000 00:00 0 
7f47c10a6000-7f47c10b3000 r-xp 00000000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f47c10b3000-7f47c12b3000 ---p 0000d000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f47c12b3000-7f47c12b4000 r--p 0000d000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f47c12b4000-7f47c12b5000 rw-p 0000e000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f47c12b5000-7f47c12bd000 r-xp 00000000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f47c12bd000-7f47c14bc000 ---p 00008000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f47c14bc000-7f47c14bd000 r--p 00007000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f47c14bd000-7f47c14be000 rw-p 00008000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f47c14be000-7f47c14d4000 r-xp 00000000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f47c14d4000-7f47c16d3000 ---p 00016000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f47c16d3000-7f47c16d4000 r--p 00015000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f47c16d4000-7f47c16d5000 rw-p 00016000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f47c16d5000-7f47c16d7000 rw-p 00000000 00:00 0 
7f47c16d7000-7f47c16e0000 r-xp 00000000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f47c16e0000-7f47c18df000 ---p 00009000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f47c18df000-7f47c18e0000 r--p 00008000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f47c18e0000-7f47c18e1000 rw-p 00009000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f47c18e1000-7f47c18e2000 rw-p 00000000 00:00 0 
7f47c18e2000-7f47c1909000 r-xp 00000000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f47c1909000-7f47c1b08000 ---p 00027000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f47c1b08000-7f47c1b09000 r--p 00026000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f47c1b09000-7f47c1b0a000 rw-p 00027000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f47c1b0a000-7f47c1b17000 r-xp 00000000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f47c1b17000-7f47c1d16000 ---p 0000d000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f47c1d16000-7f47c1d17000 r--p 0000c000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f47c1d17000-7f47c1d18000 rw-p 0000d000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f47c1d18000-7f47c1d22000 r-xp 00000000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f47c1d22000-7f47c1f21000 ---p 0000a000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f47c1f21000-7f47c1f22000 r--p 00009000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f47c1f22000-7f47c1f23000 rw-p 0000a000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f47c1f23000-7f47c1f2d000 r-xp 00000000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f47c1f2d000-7f47c212c000 ---p 0000a000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f47c212c000-7f47c212d000 r--p 00009000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f47c212d000-7f47c212e000 rw-p 0000a000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f47c212e000-7f47c21d1000 r-xp 00000000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f47c21d1000-7f47c23d0000 ---p 000a3000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f47c23d0000-7f47c23d1000 r--p 000a2000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f47c23d1000-7f47c23d5000 rw-p 000a3000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f47c23d5000-7f47c2479000 r-xp 00000000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f47c2479000-7f47c2679000 ---p 000a4000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f47c2679000-7f47c267a000 r--p 000a4000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f47c267a000-7f47c267d000 rw-p 000a5000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f47c267d000-7f47c26a7000 r-xp 00000000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f47c26a7000-7f47c28a6000 ---p 0002a000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f47c28a6000-7f47c28a7000 r--p 00029000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f47c28a7000-7f47c28a9000 rw-p 0002a000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f47c28a9000-7f47c28ad000 r-xp 00000000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f47c28ad000-7f47c2aac000 ---p 00004000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f47c2aac000-7f47c2aad000 r--p 00003000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f47c2aad000-7f47c2aae000 rw-p 00004000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f47c2aae000-7f47c2ab3000 r-xp 00000000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f47c2ab3000-7f47c2cb2000 ---p 00005000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f47c2cb2000-7f47c2cb3000 r--p 00004000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f47c2cb3000-7f47c2cb4000 rw-p 00005000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f47c2cb4000-7f47c2cb7000 r-xp 00000000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f47c2cb7000-7f47c2eb6000 ---p 00003000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f47c2eb6000-7f47c2eb7000 r--p 00002000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f47c2eb7000-7f47c2eb8000 rw-p 00003000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f47c2eb8000-7f47c2ec2000 r-xp 00000000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f47c2ec2000-7f47c30c1000 ---p 0000a000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f47c30c1000-7f47c30c2000 r--p 00009000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f47c30c2000-7f47c30c3000 rw-p 0000a000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f47c30c3000-7f47c30c5000 r-xp 00000000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f47c30c5000-7f47c32c4000 ---p 00002000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f47c32c4000-7f47c32c5000 r--p 00001000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f47c32c5000-7f47c32c6000 rw-p 00002000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f47c32c6000-7f47c32ca000 r-xp 00000000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f47c32ca000-7f47c34c9000 ---p 00004000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f47c34c9000-7f47c34ca000 r--p 00003000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f47c34ca000-7f47c34cb000 rw-p 00004000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f47c34cb000-7f47c34d0000 r-xp 00000000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f47c34d0000-7f47c36cf000 ---p 00005000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f47c36cf000-7f47c36d0000 r--p 00004000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f47c36d0000-7f47c36d1000 rw-p 00005000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f47c36d1000-7f47c36d5000 r-xp 00000000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f47c36d5000-7f47c38d4000 ---p 00004000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f47c38d4000-7f47c38d5000 r--p 00003000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f47c38d5000-7f47c38d6000 rw-p 00004000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f47c38d6000-7f47c38d9000 r-xp 00000000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f47c38d9000-7f47c3ad9000 ---p 00003000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f47c3ad9000-7f47c3ada000 r--p 00003000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f47c3ada000-7f47c3adb000 rw-p 00004000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f47c3adb000-7f47c3ae0000 r-xp 00000000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f47c3ae0000-7f47c3cdf000 ---p 00005000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f47c3cdf000-7f47c3ce0000 r--p 00004000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f47c3ce0000-7f47c3ce1000 rw-p 00005000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f47c3ce1000-7f47c3ce4000 r-xp 00000000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f47c3ce4000-7f47c3ee3000 ---p 00003000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f47c3ee3000-7f47c3ee4000 r--p 00002000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f47c3ee4000-7f47c3ee5000 rw-p 00003000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f47c3ee5000-7f47c3ee8000 r-xp 00000000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f47c3ee8000-7f47c40e8000 ---p 00003000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f47c40e8000-7f47c40e9000 r--p 00003000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f47c40e9000-7f47c40ea000 rw-p 00004000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f47c40ea000-7f47c40ee000 r-xp 00000000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f47c40ee000-7f47c42ed000 ---p 00004000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f47c42ed000-7f47c42ee000 r--p 00003000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f47c42ee000-7f47c42ef000 rw-p 00004000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f47c42ef000-7f47c42f3000 r-xp 00000000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f47c42f3000-7f47c44f2000 ---p 00004000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f47c44f2000-7f47c44f3000 r--p 00003000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f47c44f3000-7f47c44f4000 rw-p 00004000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f47c44f4000-7f47c44fb000 r-xp 00000000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f47c44fb000-7f47c46fb000 ---p 00007000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f47c46fb000-7f47c46fe000 r--p 00007000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f47c46fe000-7f47c46ff000 rw-p 0000a000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f47c46ff000-7f47c4701000 r-xp 00000000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f47c4701000-7f47c4900000 ---p 00002000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f47c4900000-7f47c4901000 r--p 00001000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f47c4901000-7f47c4902000 rw-p 00002000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f47c4902000-7f47c4908000 r-xp 00000000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f47c4908000-7f47c4b07000 ---p 00006000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f47c4b07000-7f47c4b08000 r--p 00005000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f47c4b08000-7f47c4b09000 rw-p 00006000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f47c4b09000-7f47c4b17000 r-xp 00000000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f47c4b17000-7f47c4d16000 ---p 0000e000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f47c4d16000-7f47c4d17000 r--p 0000d000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f47c4d17000-7f47c4d18000 rw-p 0000e000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f47c4d18000-7f47c4d1c000 r-xp 00000000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f47c4d1c000-7f47c4f1b000 ---p 00004000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f47c4f1b000-7f47c4f1c000 r--p 00003000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f47c4f1c000-7f47c4f1d000 rw-p 00004000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f47c4f1d000-7f47c4f26000 r-xp 00000000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f47c4f26000-7f47c5125000 ---p 00009000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f47c5125000-7f47c5126000 r--p 00008000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f47c5126000-7f47c5127000 rw-p 00009000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f47c5127000-7f47c5132000 r-xp 00000000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f47c5132000-7f47c5331000 ---p 0000b000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f47c5331000-7f47c5332000 r--p 0000a000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f47c5332000-7f47c5333000 rw-p 0000b000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f47c5333000-7f47c534a000 r-xp 00000000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f47c534a000-7f47c554a000 ---p 00017000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f47c554a000-7f47c554b000 r--p 00017000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f47c554b000-7f47c554c000 rw-p 00018000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f47c554c000-7f47c5556000 r-xp 00000000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f47c5556000-7f47c5755000 ---p 0000a000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f47c5755000-7f47c5756000 r--p 00009000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f47c5756000-7f47c5757000 rw-p 0000a000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f47c5757000-7f47c5795000 r-xp 00000000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f47c5795000-7f47c5994000 ---p 0003e000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f47c5994000-7f47c5995000 r--p 0003d000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f47c5995000-7f47c599b000 rw-p 0003e000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f47c599b000-7f47c599d000 rw-p 00000000 00:00 0 
7f47c599d000-7f47c59c7000 r-xp 00000000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f47c59c7000-7f47c5bc6000 ---p 0002a000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f47c5bc6000-7f47c5bc7000 r--p 00029000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f47c5bc7000-7f47c5bc8000 rw-p 0002a000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f47c5bc8000-7f47c5bca000 r-xp 00000000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f47c5bca000-7f47c5dca000 ---p 00002000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f47c5dca000-7f47c5dcb000 r--p 00002000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f47c5dcb000-7f47c5dcc000 rw-p 00003000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f47c5dcc000-7f47c5dd2000 r-xp 00000000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f47c5dd2000-7f47c5fd1000 ---p 00006000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f47c5fd1000-7f47c5fd2000 r--p 00005000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f47c5fd2000-7f47c5fd3000 rw-p 00006000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f47c5fd3000-7f47c5fda000 r-xp 00000000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f47c5fda000-7f47c61d9000 ---p 00007000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f47c61d9000-7f47c61da000 r--p 00006000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f47c61da000-7f47c61db000 rw-p 00007000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f47c61db000-7f47c61df000 r-xp 00000000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f47c61df000-7f47c63de000 ---p 00004000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f47c63de000-7f47c63df000 r--p 00003000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f47c63df000-7f47c63e0000 rw-p 00004000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f47c63e0000-7f47c63e5000 r-xp 00000000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f47c63e5000-7f47c65e4000 ---p 00005000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f47c65e4000-7f47c65e5000 r--p 00004000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f47c65e5000-7f47c65e6000 rw-p 00005000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f47c65e6000-7f47c679a000 r-xp 00000000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f47c679a000-7f47c699a000 ---p 001b4000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f47c699a000-7f47c69a1000 r--p 001b4000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f47c69a1000-7f47c69a4000 rw-p 001bb000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f47c69a4000-7f47c69aa000 r-xp 00000000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f47c69aa000-7f47c6ba9000 ---p 00006000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f47c6ba9000-7f47c6baa000 r--p 00005000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f47c6baa000-7f47c6bab000 rw-p 00006000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f47c6bab000-7f47c6bf4000 r-xp 00000000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f47c6bf4000-7f47c6df4000 ---p 00049000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f47c6df4000-7f47c6df5000 r--p 00049000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f47c6df5000-7f47c6df7000 rw-p 0004a000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f47c6df7000-7f47c6dff000 r-xp 00000000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f47c6dff000-7f47c6ffe000 ---p 00008000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f47c6ffe000-7f47c6fff000 r--p 00007000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f47c6fff000-7f47c7000000 rw-p 00008000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f47c7000000-7f47c7004000 r-xp 00000000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f47c7004000-7f47c7203000 ---p 00004000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f47c7203000-7f47c7204000 r--p 00003000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f47c7204000-7f47c7205000 rw-p 00004000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f47c7205000-7f47c73c3000 r-xp 00000000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f47c73c3000-7f47c75c3000 ---p 001be000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f47c75c3000-7f47c75dd000 r--p 001be000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f47c75dd000-7f47c75e9000 rw-p 001d8000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f47c75e9000-7f47c75ed000 rw-p 00000000 00:00 0 
7f47c75ed000-7f47c75fa000 r-xp 00000000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f47c75fa000-7f47c77f9000 ---p 0000d000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f47c77f9000-7f47c77fa000 r--p 0000c000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f47c77fa000-7f47c77fb000 rw-p 0000d000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f47c77fb000-7f47c77ff000 r-xp 00000000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f47c77ff000-7f47c79fe000 ---p 00004000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f47c79fe000-7f47c79ff000 r--p 00003000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f47c79ff000-7f47c7a00000 rw-p 00004000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f47c7a00000-7f47c7a06000 r-xp 00000000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f47c7a06000-7f47c7c06000 ---p 00006000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f47c7c06000-7f47c7c07000 r--p 00006000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f47c7c07000-7f47c7c08000 rw-p 00007000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f47c7c08000-7f47c7c0c000 r-xp 00000000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f47c7c0c000-7f47c7e0b000 ---p 00004000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f47c7e0b000-7f47c7e0c000 r--p 00003000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f47c7e0c000-7f47c7e0d000 rw-p 00004000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f47c7e0d000-7f47c7e22000 r-xp 00000000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f47c7e22000-7f47c8021000 ---p 00015000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f47c8021000-7f47c8022000 r--p 00014000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f47c8022000-7f47c8023000 rw-p 00015000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f47c8023000-7f47c8124000 r-xp 00000000 08:04 144794                     /usr/lib64/libm-2.17.so
7f47c8124000-7f47c8323000 ---p 00101000 08:04 144794                     /usr/lib64/libm-2.17.so
7f47c8323000-7f47c8324000 r--p 00100000 08:04 144794                     /usr/lib64/libm-2.17.so
7f47c8324000-7f47c8325000 rw-p 00101000 08:04 144794                     /usr/lib64/libm-2.17.so
7f47c8325000-7f47c840e000 r-xp 00000000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f47c840e000-7f47c860e000 ---p 000e9000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f47c860e000-7f47c8616000 r--p 000e9000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f47c8616000-7f47c8618000 rw-p 000f1000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f47c8618000-7f47c862d000 rw-p 00000000 00:00 0 
7f47c862d000-7f47c9a00000 r-xp 00000000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f47c9a00000-7f47c9bff000 ---p 013d3000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f47c9bff000-7f47c9c00000 r--p 013d2000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f47c9c00000-7f47c9c01000 rw-p 013d3000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f47c9c01000-7f47c9d65000 r-xp 00000000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f47c9d65000-7f47c9f65000 ---p 00164000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f47c9f65000-7f47c9f75000 r--p 00164000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f47c9f75000-7f47c9f76000 rw-p 00174000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f47c9f76000-7f47c9f7a000 rw-p 00000000 00:00 0 
7f47c9f7a000-7f47ca16a000 r-xp 00000000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f47ca16a000-7f47ca36a000 ---p 001f0000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f47ca36a000-7f47ca376000 r--p 001f0000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f47ca376000-7f47ca378000 rw-p 001fc000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f47ca378000-7f47ca379000 rw-p 00000000 00:00 0 
7f47ca379000-7f47ca380000 r-xp 00000000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f47ca380000-7f47ca57f000 ---p 00007000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f47ca57f000-7f47ca580000 r--p 00006000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f47ca580000-7f47ca581000 rw-p 00007000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f47ca581000-7f47ca583000 rw-p 00000000 00:00 0 
7f47ca583000-7f47ca585000 r-xp 00000000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f47ca585000-7f47ca784000 ---p 00002000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f47ca784000-7f47ca785000 r--p 00001000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f47ca785000-7f47ca786000 rw-p 00002000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f47ca786000-7f47ca7a0000 r-xp 00000000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f47ca7a0000-7f47ca9a0000 ---p 0001a000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f47ca9a0000-7f47ca9a1000 r--p 0001a000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f47ca9a1000-7f47ca9a4000 rw-p 0001b000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f47ca9a4000-7f47ca9b0000 r-xp 00000000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f47ca9b0000-7f47cabaf000 ---p 0000c000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f47cabaf000-7f47cabb0000 r--p 0000b000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f47cabb0000-7f47cabb1000 rw-p 0000c000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f47cabb1000-7f47cabb7000 rw-p 00000000 00:00 0 
7f47cabb7000-7f47cabdb000 r-xp 00000000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f47cabdb000-7f47cadda000 ---p 00024000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f47cadda000-7f47caddb000 r--p 00023000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f47caddb000-7f47caddc000 rw-p 00024000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f47caddc000-7f47cadde000 r-xp 00000000 08:04 141535                     /usr/lib64/libfreebl3.so
7f47cadde000-7f47cafdd000 ---p 00002000 08:04 141535                     /usr/lib64/libfreebl3.so
7f47cafdd000-7f47cafde000 r--p 00001000 08:04 141535                     /usr/lib64/libfreebl3.so
7f47cafde000-7f47cafdf000 rw-p 00002000 08:04 141535                     /usr/lib64/libfreebl3.so
7f47cafdf000-7f47cb000000 r-xp 00000000 08:04 141775                     /usr/lib64/libselinux.so.1
7f47cb000000-7f47cb200000 ---p 00021000 08:04 141775                     /usr/lib64/libselinux.so.1
7f47cb200000-7f47cb201000 r--p 00021000 08:04 141775                     /usr/lib64/libselinux.so.1
7f47cb201000-7f47cb202000 rw-p 00022000 08:04 141775                     /usr/lib64/libselinux.so.1
7f47cb202000-7f47cb204000 rw-p 00000000 00:00 0 
7f47cb204000-7f47cb20c000 r-xp 00000000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f47cb20c000-7f47cb40b000 ---p 00008000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f47cb40b000-7f47cb40c000 r--p 00007000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f47cb40c000-7f47cb40d000 rw-p 00008000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f47cb40d000-7f47cb43b000 rw-p 00000000 00:00 0 
7f47cb43b000-7f47cb442000 r-xp 00000000 08:04 144800                     /usr/lib64/librt-2.17.so
7f47cb442000-7f47cb641000 ---p 00007000 08:04 144800                     /usr/lib64/librt-2.17.so
7f47cb641000-7f47cb642000 r--p 00006000 08:04 144800                     /usr/lib64/librt-2.17.so
7f47cb642000-7f47cb643000 rw-p 00007000 08:04 144800                     /usr/lib64/librt-2.17.so
7f47cb643000-7f47cb658000 r-xp 00000000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f47cb658000-7f47cb857000 ---p 00015000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f47cb857000-7f47cb858000 r--p 00014000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f47cb858000-7f47cb859000 rw-p 00015000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f47cb859000-7f47cb87f000 r-xp 00000000 08:04 132436                     /usr/lib64/libnssutil3.so
7f47cb87f000-7f47cba7e000 ---p 00026000 08:04 132436                     /usr/lib64/libnssutil3.so
7f47cba7e000-7f47cba84000 r--p 00025000 08:04 132436                     /usr/lib64/libnssutil3.so
7f47cba84000-7f47cba85000 rw-p 0002b000 08:04 132436                     /usr/lib64/libnssutil3.so
7f47cba85000-7f47cbaa9000 r-xp 00000000 08:04 132602                     /usr/lib64/libsmime3.so
7f47cbaa9000-7f47cbca8000 ---p 00024000 08:04 132602                     /usr/lib64/libsmime3.so
7f47cbca8000-7f47cbcab000 r--p 00023000 08:04 132602                     /usr/lib64/libsmime3.so
7f47cbcab000-7f47cbcac000 rw-p 00026000 08:04 132602                     /usr/lib64/libsmime3.so
7f47cbcac000-7f47cbcc2000 r-xp 00000000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f47cbcc2000-7f47cbec2000 ---p 00016000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f47cbec2000-7f47cbec3000 r--p 00016000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f47cbec3000-7f47cbec4000 rw-p 00017000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f47cbec4000-7f47cbec6000 rw-p 00000000 00:00 0 
7f47cbec6000-7f47cbec9000 r-xp 00000000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f47cbec9000-7f47cc0c8000 ---p 00003000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f47cc0c8000-7f47cc0c9000 r--p 00002000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f47cc0c9000-7f47cc0ca000 rw-p 00003000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f47cc0ca000-7f47cc0d7000 r-xp 00000000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f47cc0d7000-7f47cc2d7000 ---p 0000d000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f47cc2d7000-7f47cc2d8000 r--p 0000d000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f47cc2d8000-7f47cc2d9000 rw-p 0000e000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f47cc2d9000-7f47cc2e9000 r-xp 00000000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f47cc2e9000-7f47cc4e8000 ---p 00010000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f47cc4e8000-7f47cc4e9000 r--p 0000f000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f47cc4e9000-7f47cc4ea000 rw-p 00010000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f47cc4ea000-7f47cc4f8000 r-xp 00000000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f47cc4f8000-7f47cc6f7000 ---p 0000e000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f47cc6f7000-7f47cc6f8000 r--p 0000d000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f47cc6f8000-7f47cc6f9000 rw-p 0000e000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f47cc6f9000-7f47cc73f000 r-xp 00000000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f47cc73f000-7f47cc93e000 ---p 00046000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f47cc93e000-7f47cc93f000 r--p 00045000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f47cc93f000-7f47cc940000 rw-p 00046000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f47cc940000-7f47cc941000 rw-p 00000000 00:00 0 
7f47cc941000-7f47ccaf8000 r-xp 00000000 08:04 135998                     /usr/lib64/libc-2.17.so
7f47ccaf8000-7f47cccf8000 ---p 001b7000 08:04 135998                     /usr/lib64/libc-2.17.so
7f47cccf8000-7f47cccfc000 r--p 001b7000 08:04 135998                     /usr/lib64/libc-2.17.so
7f47cccfc000-7f47cccfe000 rw-p 001bb000 08:04 135998                     /usr/lib64/libc-2.17.so
7f47cccfe000-7f47ccd03000 rw-p 00000000 00:00 0 
7f47ccd03000-7f47ccd19000 r-xp 00000000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f47ccd19000-7f47ccf19000 ---p 00016000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f47ccf19000-7f47ccf1a000 r--p 00016000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f47ccf1a000-7f47ccf1b000 rw-p 00017000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f47ccf1b000-7f47ccf1f000 rw-p 00000000 00:00 0 
7f47ccf1f000-7f47ccf23000 r-xp 00000000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f47ccf23000-7f47cd122000 ---p 00004000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f47cd122000-7f47cd123000 r--p 00003000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f47cd123000-7f47cd124000 rw-p 00004000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f47cd124000-7f47cd140000 r-xp 00000000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f47cd140000-7f47cd33f000 ---p 0001c000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f47cd33f000-7f47cd340000 r--p 0001b000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f47cd340000-7f47cd341000 rw-p 0001c000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f47cd341000-7f47cd37b000 r-xp 00000000 08:04 142552                     /usr/lib64/libnspr4.so
7f47cd37b000-7f47cd57a000 ---p 0003a000 08:04 142552                     /usr/lib64/libnspr4.so
7f47cd57a000-7f47cd57b000 r--p 00039000 08:04 142552                     /usr/lib64/libnspr4.so
7f47cd57b000-7f47cd57d000 rw-p 0003a000 08:04 142552                     /usr/lib64/libnspr4.so
7f47cd57d000-7f47cd57f000 rw-p 00000000 00:00 0 
7f47cd57f000-7f47cd582000 r-xp 00000000 08:04 142555                     /usr/lib64/libplds4.so
7f47cd582000-7f47cd781000 ---p 00003000 08:04 142555                     /usr/lib64/libplds4.so
7f47cd781000-7f47cd782000 r--p 00002000 08:04 142555                     /usr/lib64/libplds4.so
7f47cd782000-7f47cd783000 rw-p 00003000 08:04 142555                     /usr/lib64/libplds4.so
7f47cd783000-7f47cd787000 r-xp 00000000 08:04 142553                     /usr/lib64/libplc4.so
7f47cd787000-7f47cd986000 ---p 00004000 08:04 142553                     /usr/lib64/libplc4.so
7f47cd986000-7f47cd987000 r--p 00003000 08:04 142553                     /usr/lib64/libplc4.so
7f47cd987000-7f47cd988000 rw-p 00004000 08:04 142553                     /usr/lib64/libplc4.so
7f47cd988000-7f47cd98b000 r-xp 00000000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f47cd98b000-7f47cdb8a000 ---p 00003000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f47cdb8a000-7f47cdb8b000 r--p 00002000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f47cdb8b000-7f47cdb8c000 rw-p 00003000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f47cdb8c000-7f47cdcaa000 r-xp 00000000 08:04 131878                     /usr/lib64/libnss3.so
7f47cdcaa000-7f47cdea9000 ---p 0011e000 08:04 131878                     /usr/lib64/libnss3.so
7f47cdea9000-7f47cdeae000 r--p 0011d000 08:04 131878                     /usr/lib64/libnss3.so
7f47cdeae000-7f47cdeb0000 rw-p 00122000 08:04 131878                     /usr/lib64/libnss3.so
7f47cdeb0000-7f47cdeb2000 rw-p 00000000 00:00 0 
7f47cdeb2000-7f47cdef0000 r-xp 00000000 08:04 142755                     /usr/lib64/libssl3.so
7f47cdef0000-7f47ce0ef000 ---p 0003e000 08:04 142755                     /usr/lib64/libssl3.so
7f47ce0ef000-7f47ce0f3000 r--p 0003d000 08:04 142755                     /usr/lib64/libssl3.so
7f47ce0f3000-7f47ce0f4000 rw-p 00041000 08:04 142755                     /usr/lib64/libssl3.so
7f47ce0f4000-7f47ce0f5000 rw-p 00000000 00:00 0 
7f47ce0f5000-7f47ce103000 r-xp 00000000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f47ce103000-7f47ce302000 ---p 0000e000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f47ce302000-7f47ce303000 r--p 0000d000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f47ce303000-7f47ce304000 rw-p 0000e000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f47ce304000-7f47ce35a000 r-xp 00000000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f47ce35a000-7f47ce55a000 ---p 00056000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f47ce55a000-7f47ce55d000 r--p 00056000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f47ce55d000-7f47ce55e000 rw-p 00059000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f47ce55e000-7f47ce560000 rw-p 00000000 00:00 0 
7f47ce560000-7f47ce5c0000 r-xp 00000000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f47ce5c0000-7f47ce7bf000 ---p 00060000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f47ce7bf000-7f47ce7c0000 r--p 0005f000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f47ce7c0000-7f47ce7c1000 rw-p 00060000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f47ce7c1000-7f47ce7c4000 r-xp 00000000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f47ce7c4000-7f47ce9c3000 ---p 00003000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f47ce9c3000-7f47ce9c4000 r--p 00002000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f47ce9c4000-7f47ce9c5000 rw-p 00003000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f47ce9c5000-7f47ce9f4000 r-xp 00000000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f47ce9f4000-7f47cebf3000 ---p 0002f000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f47cebf3000-7f47cebf5000 r--p 0002e000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f47cebf5000-7f47cebf6000 rw-p 00030000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f47cebf6000-7f47cebf7000 rw-p 00000000 00:00 0 
7f47cebf7000-7f47ceccc000 r-xp 00000000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f47ceccc000-7f47ceecc000 ---p 000d5000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f47ceecc000-7f47ceed9000 r--p 000d5000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f47ceed9000-7f47ceedc000 rw-p 000e2000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f47ceedc000-7f47ceee5000 r-xp 00000000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f47ceee5000-7f47cf0e4000 ---p 00009000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f47cf0e4000-7f47cf0e5000 r--p 00008000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f47cf0e5000-7f47cf0e6000 rw-p 00009000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f47cf0e6000-7f47cf206000 r-xp 00000000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f47cf206000-7f47cf406000 ---p 00120000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f47cf406000-7f47cf409000 r--p 00120000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f47cf409000-7f47cf418000 rw-p 00123000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f47cf418000-7f47cf41c000 rw-p 00000000 00:00 0 
7f47cf41c000-7f47cf43d000 r-xp 00000000 08:04 135993                     /usr/lib64/ld-2.17.so
7f47cf567000-7f47cf568000 rw-p 00000000 00:00 0 
7f47cf568000-7f47cf569000 ---p 00000000 00:00 0 
7f47cf569000-7f47cf589000 rw-p 00000000 00:00 0 
7f47cf589000-7f47cf58a000 ---p 00000000 00:00 0 
7f47cf58a000-7f47cf63d000 rw-p 00000000 00:00 0 
7f47cf63d000-7f47cf63e000 r--p 00021000 08:04 135993                     /usr/lib64/ld-2.17.so
7f47cf63e000-7f47cf63f000 rw-p 00022000 08:04 135993                     /usr/lib64/ld-2.17.so
7f47cf63f000-7f47cf640000 rw-p 00000000 00:00 0 
7fffc24f0000-7fffc2512000 rw-p 00000000 00:00 0                          [stack]
7fffc25b9000-7fffc25bc000 r--p 00000000 00:00 0                          [vvar]
7fffc25bc000-7fffc25be000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/sbin/db2ldif: line 157:  2183 Aborted                 /usr/sbin/ns-slapd db2ldif -D /etc/dirsrv/slapd-EXAMPLE-COM -n ipaca -a "/var/lib/dirsrv/slapd-EXAMPLE-COM/ldif/EXAMPLE-COM-ipaca.ldif" -r

Backing up userRoot in EXAMPLE-COM to LDIF
db2ldif failed: [07/Aug/2016:15:49:14 +0200] - userRoot: entry cache size: 10485760B; db size: 5160960B
[07/Aug/2016:15:49:14 +0200] - ipaca: entry cache size: 10485760B; db size: 3268608B
[07/Aug/2016:15:49:14 +0200] - WARNING: changelog: entry cache size 2097152B is less than db size 112590848B; We recommend to increase the entry cache size nsslapd-cachememsize.
[07/Aug/2016:15:49:14 +0200] - Total entry cache size: 23068672B; dbcache size: 10000000B; available memory size: 3600707584B
[07/Aug/2016:15:49:14 +0200] - Detected Disorderly Shutdown last time Directory Server was running, recovering database.
[07/Aug/2016:15:49:14 +0200] ldbm_usn_init - backend: changelog (global mode)
[07/Aug/2016:15:49:14 +0200] ldbm_usn_init - backend: userRoot (global mode)
[07/Aug/2016:15:49:14 +0200] ldbm_usn_init - backend: ipaca (global mode)
[07/Aug/2016:15:49:14 +0200] nis-plugin - scheduled nis-plugin tree scan in about 5 seconds after the server startup!
[07/Aug/2016:15:49:14 +0200] schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup!
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=keys,cn=sec,cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=dns,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=groups,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=computers,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=ng,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target ou=sudoers,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=users,cn=compat,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=ad,cn=etc,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=com does not exist
[07/Aug/2016:15:49:14 +0200] - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=example,dc=com--no CoS Templates found, which should be added before the CoS Definition.
[07/Aug/2016:15:49:14 +0200] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica dc=example,dc=com. Check if DB RUV needs to be updated
[07/Aug/2016:15:49:14 +0200] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: disordely shutdown for replica o=ipaca. Check if DB RUV needs to be updated
[07/Aug/2016:15:49:14 +0200] ldbm_back_add - conn=0 op=0 modify_term: old_entry=0x0, new_entry=0x0
ldiffile: /var/lib/dirsrv/slapd-EXAMPLE-COM/ldif/EXAMPLE-COM-userRoot.ldif
[07/Aug/2016:15:49:14 +0200] nis-plugin - nis-plugin tree scan will start in about 5 seconds!
[07/Aug/2016:15:49:14 +0200] schema-compat-plugin - schema-compat-plugin tree scan will start in about 5 seconds!
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x5621c02b3b80, new_entry=0x7f584c003170, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x5621c02b3b80, new_entry=0x7f584c003170, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x5621c02b3b80, new_entry=0x7f584c003170, in_cache=1
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f584c003170, new_entry=0x7f584c001300, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f584c003170, new_entry=0x7f584c001300, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f584c003170, new_entry=0x7f584c001300, in_cache=1
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f584c001300, new_entry=0x7f584c00c200, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f584c001300, new_entry=0x7f584c00c200, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f584c001300, new_entry=0x7f584c00c200, in_cache=1
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f584c00c200, new_entry=0x7f584c002780, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f584c00c200, new_entry=0x7f584c002780, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f584c00c200, new_entry=0x7f584c002780, in_cache=1
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f584c002780, new_entry=0x7f584c00b9e0, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f584c002780, new_entry=0x7f584c00b9e0, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f584c002780, new_entry=0x7f584c00b9e0, in_cache=1
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f584c00b9e0, new_entry=0x7f584c005b20, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f584c00b9e0, new_entry=0x7f584c005b20, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f584c00b9e0, new_entry=0x7f584c005b20, in_cache=1
[07/Aug/2016:15:49:14 +0200] - export userRoot: Processed 1000 entries (93%).
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_update_all: old_entry=0x7f584c005b20, new_entry=0x7f584c003330, rc=0
[07/Aug/2016:15:49:14 +0200] - export userRoot: Processed 1075 entries (100%).
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_switch_entries: old_entry=0x7f584c005b20, new_entry=0x7f584c003330, rc=0
[07/Aug/2016:15:49:14 +0200] ldbm_back_delete - conn=0 op=0 modify_term: old_entry=0x7f584c005b20, new_entry=0x7f584c003330, in_cache=1
*** Error in `/usr/sbin/ns-slapd': double free or corruption (out): 0x00007f58600008e0 ***
======= Backtrace: =========
/usr/lib64/libc.so.6(+0x7d053)[0x7f587c34e053]
/usr/lib64/dirsrv/libslapd.so.0(slapi_ch_free+0x16)[0x7f587eac8a26]
/usr/lib64/dirsrv/plugins/libcos-plugin.so(cos_cache_release+0x282)[0x7f5874abd6a2]
/usr/lib64/dirsrv/plugins/libcos-plugin.so(+0x79ff)[0x7f5874abe9ff]
/usr/lib64/dirsrv/libslapd.so.0(slapi_vattr_namespace_value_compare_sp+0x1d5)[0x7f587eb51ae5]
/usr/lib64/dirsrv/libslapd.so.0(slapi_vattr_value_compare+0x1d)[0x7f587eb51b6d]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x14ebf)[0x7f5871286ebf]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0xfa59)[0x7f5871281a59]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x10ba6)[0x7f5871282ba6]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x1267c)[0x7f587128467c]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x4bb3)[0x7f5871276bb3]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x55e2)[0x7f58712775e2]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x6c76)[0x7f5871278c76]
/usr/lib64/dirsrv/libslapd.so.0(send_ldap_search_entry_ext+0x2bd)[0x7f587eb2d5cd]
/usr/lib64/dirsrv/libslapd.so.0(send_ldap_search_entry+0x1c)[0x7f587eb2de0c]
/usr/lib64/dirsrv/libslapd.so.0(+0x94b33)[0x7f587eb0ab33]
/usr/lib64/dirsrv/libslapd.so.0(+0x94cda)[0x7f587eb0acda]
/usr/lib64/dirsrv/libslapd.so.0(op_shared_search+0x11ee)[0x7f587eb0c6be]
/usr/lib64/dirsrv/libslapd.so.0(+0xa694e)[0x7f587eb1c94e]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0xb308)[0x7f587127d308]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x628d)[0x7f587127828d]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x6e31)[0x7f5871278e31]
/usr/lib64/dirsrv/plugins/nisserver-plugin.so(+0x1d367)[0x7f587128f367]
/usr/lib64/libnspr4.so(+0x2896b)[0x7f587ccf996b]
/usr/lib64/libpthread.so.0(+0x7dc5)[0x7f587c69adc5]
/usr/lib64/libc.so.6(clone+0x6d)[0x7f587c3c7ced]
======= Memory map: ========
5621bf09c000-5621bf0f7000 r-xp 00000000 08:04 141065                     /usr/sbin/ns-slapd
5621bf2f7000-5621bf2f9000 r--p 0005b000 08:04 141065                     /usr/sbin/ns-slapd
5621bf2f9000-5621bf2fa000 rw-p 0005d000 08:04 141065                     /usr/sbin/ns-slapd
5621bfcdd000-5621c05cc000 rw-p 00000000 00:00 0                          [heap]
7f584c000000-7f584c021000 rw-p 00000000 00:00 0 
7f584c021000-7f5850000000 ---p 00000000 00:00 0 
7f5854000000-7f5854021000 rw-p 00000000 00:00 0 
7f5854021000-7f5858000000 ---p 00000000 00:00 0 
7f585a7fd000-7f585a7fe000 ---p 00000000 00:00 0 
7f585a7fe000-7f585affe000 rw-p 00000000 00:00 0 
7f585affe000-7f585afff000 ---p 00000000 00:00 0 
7f585afff000-7f585b7ff000 rw-p 00000000 00:00 0 
7f585c000000-7f585c021000 rw-p 00000000 00:00 0 
7f585c021000-7f5860000000 ---p 00000000 00:00 0 
7f5860000000-7f5860021000 rw-p 00000000 00:00 0 
7f5860021000-7f5864000000 ---p 00000000 00:00 0 
7f5864000000-7f586402d000 rw-p 00000000 00:00 0 
7f586402d000-7f5868000000 ---p 00000000 00:00 0 
7f5868571000-7f5868572000 ---p 00000000 00:00 0 
7f5868572000-7f5868d72000 rw-p 00000000 00:00 0 
7f5868d72000-7f5868d73000 ---p 00000000 00:00 0 
7f5868d73000-7f5869573000 rw-p 00000000 00:00 0 
7f5869573000-7f5869574000 ---p 00000000 00:00 0 
7f5869574000-7f5869d74000 rw-p 00000000 00:00 0 
7f5869d74000-7f5869d75000 ---p 00000000 00:00 0 
7f5869d75000-7f586a575000 rw-p 00000000 00:00 0 
7f586a575000-7f586a57d000 r-xp 00000000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f586a57d000-7f586a77c000 ---p 00008000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f586a77c000-7f586a77d000 r--p 00007000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f586a77d000-7f586a77e000 rw-p 00008000 08:04 147129                     /usr/lib64/libnss_sss.so.2
7f586a77e000-7f586a77f000 ---p 00000000 00:00 0 
7f586a77f000-7f586af7f000 rw-p 00000000 00:00 0 
7f586af7f000-7f586af80000 ---p 00000000 00:00 0 
7f586af80000-7f586b780000 rw-p 00000000 00:00 0 
7f586b780000-7f586b781000 ---p 00000000 00:00 0 
7f586b781000-7f586bf81000 rw-p 00000000 00:00 0 
7f586bf81000-7f586bf82000 ---p 00000000 00:00 0 
7f586bf82000-7f586c782000 rw-p 00000000 00:00 0 
7f586c782000-7f586c783000 ---p 00000000 00:00 0 
7f586c783000-7f586cf83000 rw-p 00000000 00:00 0 
7f586cf83000-7f586db71000 rw-s 00000000 08:04 132061                     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/__db.003
7f586db71000-7f586ddb9000 rw-s 00000000 08:04 131908                     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/__db.002
7f586ddb9000-7f586e5ff000 rw-s 00000000 08:04 131698                     /var/lib/dirsrv/slapd-EXAMPLE-COM/db/__db.001
7f586e5ff000-7f586e61f000 r-xp 00000000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f586e61f000-7f586e81f000 ---p 00020000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f586e81f000-7f586e820000 r--p 00020000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f586e820000-7f586e821000 rw-p 00021000 08:04 141691                     /usr/lib64/libnssdbm3.so
7f586e821000-7f586e89a000 r-xp 00000000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f586e89a000-7f586ea99000 ---p 00079000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f586ea99000-7f586ea9c000 r--p 00078000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f586ea9c000-7f586ea9d000 rw-p 0007b000 08:04 141537                     /usr/lib64/libfreeblpriv3.so
7f586ea9d000-7f586eaa1000 rw-p 00000000 00:00 0 
7f586eaa1000-7f586eb52000 r-xp 00000000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f586eb52000-7f586ed51000 ---p 000b1000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f586ed51000-7f586ed53000 r--p 000b0000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f586ed53000-7f586ed56000 rw-p 000b2000 08:04 141793                     /usr/lib64/libsqlite3.so.0.8.6
7f586ed56000-7f586ed92000 r-xp 00000000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f586ed92000-7f586ef92000 ---p 0003c000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f586ef92000-7f586ef93000 r--p 0003c000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f586ef93000-7f586ef94000 rw-p 0003d000 08:04 141789                     /usr/lib64/libsoftokn3.so
7f586ef94000-7f586ef95000 r-xp 00000000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f586ef95000-7f586f195000 ---p 00001000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f586f195000-7f586f196000 r--p 00001000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f586f196000-7f586f197000 rw-p 00002000 08:04 147272                     /usr/lib64/dirsrv/plugins/libwhoami-plugin.so
7f586f197000-7f586f19c000 r-xp 00000000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f586f19c000-7f586f39b000 ---p 00005000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f586f39b000-7f586f39c000 r--p 00004000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f586f39c000-7f586f39d000 rw-p 00005000 08:04 147271                     /usr/lib64/dirsrv/plugins/libviews-plugin.so
7f586f39d000-7f586f3a3000 r-xp 00000000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f586f3a3000-7f586f5a2000 ---p 00006000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f586f5a2000-7f586f5a3000 r--p 00005000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f586f5a3000-7f586f5a4000 rw-p 00006000 08:04 147270                     /usr/lib64/dirsrv/plugins/libusn-plugin.so
7f586f5a4000-7f586f5a7000 r-xp 00000000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f586f5a7000-7f586f7a6000 ---p 00003000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f586f7a6000-7f586f7a7000 r--p 00002000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f586f7a7000-7f586f7a8000 rw-p 00003000 08:04 147268                     /usr/lib64/dirsrv/plugins/libstatechange-plugin.so
7f586f7a8000-7f586f7aa000 r-xp 00000000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f586f7aa000-7f586f9aa000 ---p 00002000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f586f9aa000-7f586f9ab000 r--p 00002000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f586f9ab000-7f586f9ac000 rw-p 00003000 08:04 147267                     /usr/lib64/dirsrv/plugins/libschemareload-plugin.so
7f586f9ac000-7f586f9d3000 r-xp 00000000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f586f9d3000-7f586fbd2000 ---p 00027000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f586fbd2000-7f586fbd3000 r--p 00026000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f586fbd3000-7f586fbd4000 rw-p 00027000 08:04 147126                     /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
7f586fbd4000-7f586fbd8000 r-xp 00000000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f586fbd8000-7f586fdd7000 ---p 00004000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f586fdd7000-7f586fdd8000 r--p 00003000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f586fdd8000-7f586fdd9000 rw-p 00004000 08:04 147266                     /usr/lib64/dirsrv/plugins/librootdn-access-plugin.so
7f586fdd9000-7f586fde1000 r-xp 00000000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f586fde1000-7f586ffe0000 ---p 00008000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f586ffe0000-7f586ffe1000 r--p 00007000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f586ffe1000-7f586ffe2000 rw-p 00008000 08:04 147265                     /usr/lib64/dirsrv/plugins/libroles-plugin.so
7f586ffe2000-7f586ffec000 r-xp 00000000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f586ffec000-7f58701eb000 ---p 0000a000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f58701eb000-7f58701ec000 r--p 00009000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f58701ec000-7f58701ed000 rw-p 0000a000 08:04 147264                     /usr/lib64/dirsrv/plugins/libretrocl-plugin.so
7f58701ed000-7f58701f5000 r-xp 00000000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f58701f5000-7f58703f4000 ---p 00008000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f58703f4000-7f58703f5000 r--p 00007000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f58703f5000-7f58703f6000 rw-p 00008000 08:04 147168                     /usr/lib64/dirsrv/plugins/libreferint-plugin.so
7f58703f6000-7f58703f7000 rw-p 00000000 00:00 0 
7f58703f7000-7f5870409000 r-xp 00000000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f5870409000-7f5870608000 ---p 00012000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f5870608000-7f5870609000 r--p 00011000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f5870609000-7f587060a000 rw-p 00012000 08:04 147166                     /usr/lib64/dirsrv/plugins/libposix-winsync-plugin.so
7f587060a000-7f587060e000 r-xp 00000000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f587060e000-7f587080d000 ---p 00004000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f587080d000-7f587080e000 r--p 00003000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f587080e000-7f587080f000 rw-p 00004000 08:04 147164                     /usr/lib64/dirsrv/plugins/libpassthru-plugin.so
7f587080f000-7f587082a000 r-xp 00000000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f587082a000-7f5870a2a000 ---p 0001b000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f5870a2a000-7f5870a2b000 r--p 0001b000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f5870a2b000-7f5870a2c000 rw-p 0001c000 08:04 141446                     /usr/lib64/libaudit.so.1.0.0
7f5870a2c000-7f5870a36000 rw-p 00000000 00:00 0 
7f5870a36000-7f5870a43000 r-xp 00000000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f5870a43000-7f5870c43000 ---p 0000d000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f5870c43000-7f5870c44000 r--p 0000d000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f5870c44000-7f5870c45000 rw-p 0000e000 08:04 141704                     /usr/lib64/libpam.so.0.83.1
7f5870c45000-7f5870c4d000 r-xp 00000000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f5870c4d000-7f5870e4c000 ---p 00008000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f5870e4c000-7f5870e4d000 r--p 00007000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f5870e4d000-7f5870e4e000 rw-p 00008000 08:04 147163                     /usr/lib64/dirsrv/plugins/libpam-passthru-plugin.so
7f5870e4e000-7f5870e64000 r-xp 00000000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f5870e64000-7f5871063000 ---p 00016000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f5871063000-7f5871064000 r--p 00015000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f5871064000-7f5871065000 rw-p 00016000 08:04 144795                     /usr/lib64/libnsl-2.17.so
7f5871065000-7f5871067000 rw-p 00000000 00:00 0 
7f5871067000-7f5871070000 r-xp 00000000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f5871070000-7f587126f000 ---p 00009000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f587126f000-7f5871270000 r--p 00008000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f5871270000-7f5871271000 rw-p 00009000 08:04 141842                     /usr/lib64/libwrap.so.0.7.6
7f5871271000-7f5871272000 rw-p 00000000 00:00 0 
7f5871272000-7f5871299000 r-xp 00000000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f5871299000-7f5871498000 ---p 00027000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f5871498000-7f5871499000 r--p 00026000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f5871499000-7f587149a000 rw-p 00027000 08:04 143725                     /usr/lib64/dirsrv/plugins/nisserver-plugin.so
7f587149a000-7f58714a7000 r-xp 00000000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f58714a7000-7f58716a6000 ---p 0000d000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f58716a6000-7f58716a7000 r--p 0000c000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f58716a7000-7f58716a8000 rw-p 0000d000 08:04 147162                     /usr/lib64/dirsrv/plugins/libmemberof-plugin.so
7f58716a8000-7f58716b2000 r-xp 00000000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f58716b2000-7f58718b1000 ---p 0000a000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f58718b1000-7f58718b2000 r--p 00009000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f58718b2000-7f58718b3000 rw-p 0000a000 08:04 147161                     /usr/lib64/dirsrv/plugins/libmanagedentries-plugin.so
7f58718b3000-7f58718bd000 r-xp 00000000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f58718bd000-7f5871abc000 ---p 0000a000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f5871abc000-7f5871abd000 r--p 00009000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f5871abd000-7f5871abe000 rw-p 0000a000 08:04 147160                     /usr/lib64/dirsrv/plugins/liblinkedattrs-plugin.so
7f5871abe000-7f5871b61000 r-xp 00000000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f5871b61000-7f5871d60000 ---p 000a3000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f5871d60000-7f5871d61000 r--p 000a2000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f5871d61000-7f5871d65000 rw-p 000a3000 08:04 147263                     /usr/lib64/dirsrv/plugins/libreplication-plugin.so
7f5871d65000-7f5871e09000 r-xp 00000000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f5871e09000-7f5872009000 ---p 000a4000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f5872009000-7f587200a000 r--p 000a4000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f587200a000-7f587200d000 rw-p 000a5000 08:04 147151                     /usr/lib64/dirsrv/plugins/libback-ldbm.so
7f587200d000-7f5872037000 r-xp 00000000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f5872037000-7f5872236000 ---p 0002a000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f5872236000-7f5872237000 r--p 00029000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f5872237000-7f5872239000 rw-p 0002a000 08:04 147321                     /usr/lib64/dirsrv/plugins/libipa_pwd_extop.so
7f5872239000-7f587223d000 r-xp 00000000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f587223d000-7f587243c000 ---p 00004000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f587243c000-7f587243d000 r--p 00003000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f587243d000-7f587243e000 rw-p 00004000 08:04 145463                     /usr/lib64/libsss_nss_idmap.so.0.1.0
7f587243e000-7f5872443000 r-xp 00000000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f5872443000-7f5872642000 ---p 00005000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f5872642000-7f5872643000 r--p 00004000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f5872643000-7f5872644000 rw-p 00005000 08:04 147316                     /usr/lib64/dirsrv/plugins/libipa_extdom_extop.so
7f5872644000-7f5872647000 r-xp 00000000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f5872647000-7f5872846000 ---p 00003000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f5872846000-7f5872847000 r--p 00002000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f5872847000-7f5872848000 rw-p 00003000 08:04 147315                     /usr/lib64/dirsrv/plugins/libipa_enrollment_extop.so
7f5872848000-7f5872852000 r-xp 00000000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f5872852000-7f5872a51000 ---p 0000a000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f5872a51000-7f5872a52000 r--p 00009000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f5872a52000-7f5872a53000 rw-p 0000a000 08:04 147326                     /usr/lib64/dirsrv/plugins/libipa_winsync.so
7f5872a53000-7f5872a55000 r-xp 00000000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f5872a55000-7f5872c54000 ---p 00002000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f5872c54000-7f5872c55000 r--p 00001000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f5872c55000-7f5872c56000 rw-p 00002000 08:04 147323                     /usr/lib64/dirsrv/plugins/libipa_repl_version.so
7f5872c56000-7f5872c5a000 r-xp 00000000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f5872c5a000-7f5872e59000 ---p 00004000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f5872e59000-7f5872e5a000 r--p 00003000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f5872e5a000-7f5872e5b000 rw-p 00004000 08:04 143624                     /usr/lib64/libuuid.so.1.3.0
7f5872e5b000-7f5872e60000 r-xp 00000000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f5872e60000-7f587305f000 ---p 00005000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f587305f000-7f5873060000 r--p 00004000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f5873060000-7f5873061000 rw-p 00005000 08:04 145057                     /usr/lib64/dirsrv/plugins/libipa_uuid.so
7f5873061000-7f5873065000 r-xp 00000000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f5873065000-7f5873264000 ---p 00004000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f5873264000-7f5873265000 r--p 00003000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f5873265000-7f5873266000 rw-p 00004000 08:04 147324                     /usr/lib64/dirsrv/plugins/libipa_sidgen.so
7f5873266000-7f5873269000 r-xp 00000000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f5873269000-7f5873469000 ---p 00003000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f5873469000-7f587346a000 r--p 00003000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f587346a000-7f587346b000 rw-p 00004000 08:04 147322                     /usr/lib64/dirsrv/plugins/libipa_range_check.so
7f587346b000-7f5873470000 r-xp 00000000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f5873470000-7f587366f000 ---p 00005000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f587366f000-7f5873670000 r--p 00004000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f5873670000-7f5873671000 rw-p 00005000 08:04 147320                     /usr/lib64/dirsrv/plugins/libipa_otp_lasttoken.so
7f5873671000-7f5873674000 r-xp 00000000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f5873674000-7f5873873000 ---p 00003000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f5873873000-7f5873874000 r--p 00002000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f5873874000-7f5873875000 rw-p 00003000 08:04 147319                     /usr/lib64/dirsrv/plugins/libipa_otp_counter.so
7f5873875000-7f5873878000 r-xp 00000000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f5873878000-7f5873a78000 ---p 00003000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f5873a78000-7f5873a79000 r--p 00003000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f5873a79000-7f5873a7a000 rw-p 00004000 08:04 147318                     /usr/lib64/dirsrv/plugins/libipa_modrdn.so
7f5873a7a000-7f5873a7e000 r-xp 00000000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f5873a7e000-7f5873c7d000 ---p 00004000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f5873c7d000-7f5873c7e000 r--p 00003000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f5873c7e000-7f5873c7f000 rw-p 00004000 08:04 147317                     /usr/lib64/dirsrv/plugins/libipa_lockout.so
7f5873c7f000-7f5873c83000 r-xp 00000000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f5873c83000-7f5873e82000 ---p 00004000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f5873e82000-7f5873e83000 r--p 00003000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f5873e83000-7f5873e84000 rw-p 00004000 08:04 141837                     /usr/lib64/libverto.so.1.0.0
7f5873e84000-7f5873e8b000 r-xp 00000000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f5873e8b000-7f587408b000 ---p 00007000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f587408b000-7f587408e000 r--p 00007000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f587408e000-7f587408f000 rw-p 0000a000 08:04 140310                     /usr/lib64/libkrad.so.0.0
7f587408f000-7f5874091000 r-xp 00000000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f5874091000-7f5874290000 ---p 00002000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f5874290000-7f5874291000 r--p 00001000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f5874291000-7f5874292000 rw-p 00002000 08:04 140943                     /usr/lib64/dirsrv/plugins/libipa_dns.so
7f5874292000-7f5874298000 r-xp 00000000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f5874298000-7f5874497000 ---p 00006000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f5874497000-7f5874498000 r--p 00005000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f5874498000-7f5874499000 rw-p 00006000 08:04 147159                     /usr/lib64/dirsrv/plugins/libhttp-client-plugin.so
7f5874499000-7f58744a7000 r-xp 00000000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f58744a7000-7f58746a6000 ---p 0000e000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f58746a6000-7f58746a7000 r--p 0000d000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f58746a7000-7f58746a8000 rw-p 0000e000 08:04 145832                     /usr/lib64/dirsrv/plugins/libdna-plugin.so
7f58746a8000-7f58746ac000 r-xp 00000000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f58746ac000-7f58748ab000 ---p 00004000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f58748ab000-7f58748ac000 r--p 00003000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f58748ac000-7f58748ad000 rw-p 00004000 08:04 147157                     /usr/lib64/dirsrv/plugins/libderef-plugin.so
7f58748ad000-7f58748b6000 r-xp 00000000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f58748b6000-7f5874ab5000 ---p 00009000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f5874ab5000-7f5874ab6000 r--p 00008000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f5874ab6000-7f5874ab7000 rw-p 00009000 08:04 147155                     /usr/lib64/dirsrv/plugins/libcontentsync-plugin.so
7f5874ab7000-7f5874ac2000 r-xp 00000000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f5874ac2000-7f5874cc1000 ---p 0000b000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f5874cc1000-7f5874cc2000 r--p 0000a000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f5874cc2000-7f5874cc3000 rw-p 0000b000 08:04 147156                     /usr/lib64/dirsrv/plugins/libcos-plugin.so
7f5874cc3000-7f5874cda000 r-xp 00000000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f5874cda000-7f5874eda000 ---p 00017000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f5874eda000-7f5874edb000 r--p 00017000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f5874edb000-7f5874edc000 rw-p 00018000 08:04 147153                     /usr/lib64/dirsrv/plugins/libchainingdb-plugin.so
7f5874edc000-7f5874ee6000 r-xp 00000000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f5874ee6000-7f58750e5000 ---p 0000a000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f58750e5000-7f58750e6000 r--p 00009000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f58750e6000-7f58750e7000 rw-p 0000a000 08:04 147150                     /usr/lib64/dirsrv/plugins/libautomember-plugin.so
7f58750e7000-7f5875125000 r-xp 00000000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f5875125000-7f5875324000 ---p 0003e000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f5875324000-7f5875325000 r--p 0003d000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f5875325000-7f587532b000 rw-p 0003e000 08:04 141666                     /usr/lib64/dirsrv/libns-dshttpd.so.0.0.0
7f587532b000-7f587532d000 rw-p 00000000 00:00 0 
7f587532d000-7f5875357000 r-xp 00000000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f5875357000-7f5875556000 ---p 0002a000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f5875556000-7f5875557000 r--p 00029000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f5875557000-7f5875558000 rw-p 0002a000 08:04 147148                     /usr/lib64/dirsrv/plugins/libacl-plugin.so
7f5875558000-7f587555a000 r-xp 00000000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f587555a000-7f587575a000 ---p 00002000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f587575a000-7f587575b000 r--p 00002000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f587575b000-7f587575c000 rw-p 00003000 08:04 147147                     /usr/lib64/dirsrv/plugins/libacctusability-plugin.so
7f587575c000-7f5875762000 r-xp 00000000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f5875762000-7f5875961000 ---p 00006000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f5875961000-7f5875962000 r--p 00005000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f5875962000-7f5875963000 rw-p 00006000 08:04 140924                     /usr/lib64/dirsrv/plugins/libacctpolicy-plugin.so
7f5875963000-7f587596a000 r-xp 00000000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f587596a000-7f5875b69000 ---p 00007000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f5875b69000-7f5875b6a000 r--p 00006000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f5875b6a000-7f5875b6b000 rw-p 00007000 08:04 147149                     /usr/lib64/dirsrv/plugins/libattr-unique-plugin.so
7f5875b6b000-7f5875b6f000 r-xp 00000000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f5875b6f000-7f5875d6e000 ---p 00004000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f5875d6e000-7f5875d6f000 r--p 00003000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f5875d6f000-7f5875d70000 rw-p 00004000 08:04 141309                     /usr/lib64/sasl2/liblogin.so.3.0.0
7f5875d70000-7f5875d75000 r-xp 00000000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f5875d75000-7f5875f74000 ---p 00005000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f5875f74000-7f5875f75000 r--p 00004000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f5875f75000-7f5875f76000 rw-p 00005000 08:04 140894                     /usr/lib64/sasl2/libcrammd5.so.3.0.0
7f5875f76000-7f587612a000 r-xp 00000000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f587612a000-7f587632a000 ---p 001b4000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f587632a000-7f5876331000 r--p 001b4000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f5876331000-7f5876334000 rw-p 001bb000 08:04 141489                     /usr/lib64/libdb-5.3.so
7f5876334000-7f587633a000 r-xp 00000000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f587633a000-7f5876539000 ---p 00006000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f5876539000-7f587653a000 r--p 00005000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f587653a000-7f587653b000 rw-p 00006000 08:04 139899                     /usr/lib64/sasl2/libsasldb.so.3.0.0
7f587653b000-7f5876584000 r-xp 00000000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f5876584000-7f5876784000 ---p 00049000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f5876784000-7f5876785000 r--p 00049000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f5876785000-7f5876787000 rw-p 0004a000 08:04 140254                     /usr/lib64/libgssapi_krb5.so.2.2
7f5876787000-7f587678f000 r-xp 00000000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f587678f000-7f587698e000 ---p 00008000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f587698e000-7f587698f000 r--p 00007000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f587698f000-7f5876990000 rw-p 00008000 08:04 140124                     /usr/lib64/sasl2/libgssapiv2.so.3.0.0
7f5876990000-7f5876994000 r-xp 00000000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f5876994000-7f5876b93000 ---p 00004000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f5876b93000-7f5876b94000 r--p 00003000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f5876b94000-7f5876b95000 rw-p 00004000 08:04 141386                     /usr/lib64/sasl2/libplain.so.3.0.0
7f5876b95000-7f5876d53000 r-xp 00000000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f5876d53000-7f5876f53000 ---p 001be000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f5876f53000-7f5876f6d000 r--p 001be000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f5876f6d000-7f5876f79000 rw-p 001d8000 08:04 132392                     /usr/lib64/libcrypto.so.1.0.1e
7f5876f79000-7f5876f7d000 rw-p 00000000 00:00 0 
7f5876f7d000-7f5876f8a000 r-xp 00000000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f5876f8a000-7f5877189000 ---p 0000d000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f5877189000-7f587718a000 r--p 0000c000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f587718a000-7f587718b000 rw-p 0000d000 08:04 140899                     /usr/lib64/sasl2/libdigestmd5.so.3.0.0
7f587718b000-7f587718f000 r-xp 00000000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f587718f000-7f587738e000 ---p 00004000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f587738e000-7f587738f000 r--p 00003000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f587738f000-7f5877390000 rw-p 00004000 08:04 139895                     /usr/lib64/sasl2/libanonymous.so.3.0.0
7f5877390000-7f5877396000 r-xp 00000000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f5877396000-7f5877596000 ---p 00006000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f5877596000-7f5877597000 r--p 00006000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f5877597000-7f5877598000 rw-p 00007000 08:04 147167                     /usr/lib64/dirsrv/plugins/libpwdstorage-plugin.so
7f5877598000-7f587759c000 r-xp 00000000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f587759c000-7f587779b000 ---p 00004000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f587779b000-7f587779c000 r--p 00003000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f587779c000-7f587779d000 rw-p 00004000 08:04 147165                     /usr/lib64/dirsrv/plugins/libpbe-plugin.so
7f587779d000-7f58777b2000 r-xp 00000000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f58777b2000-7f58779b1000 ---p 00015000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f58779b1000-7f58779b2000 r--p 00014000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f58779b2000-7f58779b3000 rw-p 00015000 08:04 141543                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f58779b3000-7f5877ab4000 r-xp 00000000 08:04 144794                     /usr/lib64/libm-2.17.so
7f5877ab4000-7f5877cb3000 ---p 00101000 08:04 144794                     /usr/lib64/libm-2.17.so
7f5877cb3000-7f5877cb4000 r--p 00100000 08:04 144794                     /usr/lib64/libm-2.17.so
7f5877cb4000-7f5877cb5000 rw-p 00101000 08:04 144794                     /usr/lib64/libm-2.17.so
7f5877cb5000-7f5877d9e000 r-xp 00000000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f5877d9e000-7f5877f9e000 ---p 000e9000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f5877f9e000-7f5877fa6000 r--p 000e9000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f5877fa6000-7f5877fa8000 rw-p 000f1000 08:04 141801                     /usr/lib64/libstdc++.so.6.0.19
7f5877fa8000-7f5877fbd000 rw-p 00000000 00:00 0 
7f5877fbd000-7f5879390000 r-xp 00000000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f5879390000-7f587958f000 ---p 013d3000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f587958f000-7f5879590000 r--p 013d2000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f5879590000-7f5879591000 rw-p 013d3000 08:04 141584                     /usr/lib64/libicudata.so.50.1.2
7f5879591000-7f58796f5000 r-xp 00000000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f58796f5000-7f58798f5000 ---p 00164000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f58798f5000-7f5879905000 r--p 00164000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f5879905000-7f5879906000 rw-p 00174000 08:04 141591                     /usr/lib64/libicuuc.so.50.1.2
7f5879906000-7f587990a000 rw-p 00000000 00:00 0 
7f587990a000-7f5879afa000 r-xp 00000000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f5879afa000-7f5879cfa000 ---p 001f0000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f5879cfa000-7f5879d06000 r--p 001f0000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f5879d06000-7f5879d08000 rw-p 001fc000 08:04 141585                     /usr/lib64/libicui18n.so.50.1.2
7f5879d08000-7f5879d09000 rw-p 00000000 00:00 0 
7f5879d09000-7f5879d10000 r-xp 00000000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f5879d10000-7f5879f0f000 ---p 00007000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f5879f0f000-7f5879f10000 r--p 00006000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f5879f10000-7f5879f11000 rw-p 00007000 08:04 147154                     /usr/lib64/dirsrv/plugins/libcollation-plugin.so
7f5879f11000-7f5879f13000 rw-p 00000000 00:00 0 
7f5879f13000-7f5879f15000 r-xp 00000000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f5879f15000-7f587a114000 ---p 00002000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f587a114000-7f587a115000 r--p 00001000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f587a115000-7f587a116000 rw-p 00002000 08:04 147152                     /usr/lib64/dirsrv/plugins/libbitwise-plugin.so
7f587a116000-7f587a130000 r-xp 00000000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f587a130000-7f587a330000 ---p 0001a000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f587a330000-7f587a331000 r--p 0001a000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f587a331000-7f587a334000 rw-p 0001b000 08:04 147269                     /usr/lib64/dirsrv/plugins/libsyntax-plugin.so
7f587a334000-7f587a340000 r-xp 00000000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f587a340000-7f587a53f000 ---p 0000c000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f587a53f000-7f587a540000 r--p 0000b000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f587a540000-7f587a541000 rw-p 0000c000 08:04 144797                     /usr/lib64/libnss_files-2.17.so
7f587a541000-7f587a547000 rw-p 00000000 00:00 0 
7f587a547000-7f587a56b000 r-xp 00000000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f587a56b000-7f587a76a000 ---p 00024000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f587a76a000-7f587a76b000 r--p 00023000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f587a76b000-7f587a76c000 rw-p 00024000 08:04 141637                     /usr/lib64/liblzma.so.5.0.99
7f587a76c000-7f587a76e000 r-xp 00000000 08:04 141535                     /usr/lib64/libfreebl3.so
7f587a76e000-7f587a96d000 ---p 00002000 08:04 141535                     /usr/lib64/libfreebl3.so
7f587a96d000-7f587a96e000 r--p 00001000 08:04 141535                     /usr/lib64/libfreebl3.so
7f587a96e000-7f587a96f000 rw-p 00002000 08:04 141535                     /usr/lib64/libfreebl3.so
7f587a96f000-7f587a990000 r-xp 00000000 08:04 141775                     /usr/lib64/libselinux.so.1
7f587a990000-7f587ab90000 ---p 00021000 08:04 141775                     /usr/lib64/libselinux.so.1
7f587ab90000-7f587ab91000 r--p 00021000 08:04 141775                     /usr/lib64/libselinux.so.1
7f587ab91000-7f587ab92000 rw-p 00022000 08:04 141775                     /usr/lib64/libselinux.so.1
7f587ab92000-7f587ab94000 rw-p 00000000 00:00 0 
7f587ab94000-7f587ab9c000 r-xp 00000000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f587ab9c000-7f587ad9b000 ---p 00008000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f587ad9b000-7f587ad9c000 r--p 00007000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f587ad9c000-7f587ad9d000 rw-p 00008000 08:04 136002                     /usr/lib64/libcrypt-2.17.so
7f587ad9d000-7f587adcb000 rw-p 00000000 00:00 0 
7f587adcb000-7f587add2000 r-xp 00000000 08:04 144800                     /usr/lib64/librt-2.17.so
7f587add2000-7f587afd1000 ---p 00007000 08:04 144800                     /usr/lib64/librt-2.17.so
7f587afd1000-7f587afd2000 r--p 00006000 08:04 144800                     /usr/lib64/librt-2.17.so
7f587afd2000-7f587afd3000 rw-p 00007000 08:04 144800                     /usr/lib64/librt-2.17.so
7f587afd3000-7f587afe8000 r-xp 00000000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f587afe8000-7f587b1e7000 ---p 00015000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f587b1e7000-7f587b1e8000 r--p 00014000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f587b1e8000-7f587b1e9000 rw-p 00015000 08:04 141881                     /usr/lib64/libz.so.1.2.7
7f587b1e9000-7f587b20f000 r-xp 00000000 08:04 132436                     /usr/lib64/libnssutil3.so
7f587b20f000-7f587b40e000 ---p 00026000 08:04 132436                     /usr/lib64/libnssutil3.so
7f587b40e000-7f587b414000 r--p 00025000 08:04 132436                     /usr/lib64/libnssutil3.so
7f587b414000-7f587b415000 rw-p 0002b000 08:04 132436                     /usr/lib64/libnssutil3.so
7f587b415000-7f587b439000 r-xp 00000000 08:04 132602                     /usr/lib64/libsmime3.so
7f587b439000-7f587b638000 ---p 00024000 08:04 132602                     /usr/lib64/libsmime3.so
7f587b638000-7f587b63b000 r--p 00023000 08:04 132602                     /usr/lib64/libsmime3.so
7f587b63b000-7f587b63c000 rw-p 00026000 08:04 132602                     /usr/lib64/libsmime3.so
7f587b63c000-7f587b652000 r-xp 00000000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f587b652000-7f587b852000 ---p 00016000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f587b852000-7f587b853000 r--p 00016000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f587b853000-7f587b854000 rw-p 00017000 08:04 144799                     /usr/lib64/libresolv-2.17.so
7f587b854000-7f587b856000 rw-p 00000000 00:00 0 
7f587b856000-7f587b859000 r-xp 00000000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f587b859000-7f587ba58000 ---p 00003000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f587ba58000-7f587ba59000 r--p 00002000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f587ba59000-7f587ba5a000 rw-p 00003000 08:04 141619                     /usr/lib64/libkeyutils.so.1.5
7f587ba5a000-7f587ba67000 r-xp 00000000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f587ba67000-7f587bc67000 ---p 0000d000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f587bc67000-7f587bc68000 r--p 0000d000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f587bc68000-7f587bc69000 rw-p 0000e000 08:04 140312                     /usr/lib64/libkrb5support.so.0.1
7f587bc69000-7f587bc79000 r-xp 00000000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f587bc79000-7f587be78000 ---p 00010000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f587be78000-7f587be79000 r--p 0000f000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f587be79000-7f587be7a000 rw-p 00010000 08:04 140493                     /usr/lib64/libtalloc.so.2.1.5
7f587be7a000-7f587be88000 r-xp 00000000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f587be88000-7f587c087000 ---p 0000e000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f587c087000-7f587c088000 r--p 0000d000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f587c088000-7f587c089000 rw-p 0000e000 08:04 143615                     /usr/lib64/libtevent.so.0.9.26
7f587c089000-7f587c0cf000 r-xp 00000000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f587c0cf000-7f587c2ce000 ---p 00046000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f587c2ce000-7f587c2cf000 r--p 00045000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f587c2cf000-7f587c2d0000 rw-p 00046000 08:04 141519                     /usr/lib64/libevent-2.0.so.5.1.9
7f587c2d0000-7f587c2d1000 rw-p 00000000 00:00 0 
7f587c2d1000-7f587c488000 r-xp 00000000 08:04 135998                     /usr/lib64/libc-2.17.so
7f587c488000-7f587c688000 ---p 001b7000 08:04 135998                     /usr/lib64/libc-2.17.so
7f587c688000-7f587c68c000 r--p 001b7000 08:04 135998                     /usr/lib64/libc-2.17.so
7f587c68c000-7f587c68e000 rw-p 001bb000 08:04 135998                     /usr/lib64/libc-2.17.so
7f587c68e000-7f587c693000 rw-p 00000000 00:00 0 
7f587c693000-7f587c6a9000 r-xp 00000000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f587c6a9000-7f587c8a9000 ---p 00016000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f587c8a9000-7f587c8aa000 r--p 00016000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f587c8aa000-7f587c8ab000 rw-p 00017000 08:04 136024                     /usr/lib64/libpthread-2.17.so
7f587c8ab000-7f587c8af000 rw-p 00000000 00:00 0 
7f587c8af000-7f587c8b3000 r-xp 00000000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f587c8b3000-7f587cab2000 ---p 00004000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f587cab2000-7f587cab3000 r--p 00003000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f587cab3000-7f587cab4000 rw-p 00004000 08:04 141803                     /usr/lib64/libsvrcore.so.0.0.0
7f587cab4000-7f587cad0000 r-xp 00000000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f587cad0000-7f587cccf000 ---p 0001c000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f587cccf000-7f587ccd0000 r--p 0001b000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f587ccd0000-7f587ccd1000 rw-p 0001c000 08:04 139891                     /usr/lib64/libsasl2.so.3.0.0
7f587ccd1000-7f587cd0b000 r-xp 00000000 08:04 142552                     /usr/lib64/libnspr4.so
7f587cd0b000-7f587cf0a000 ---p 0003a000 08:04 142552                     /usr/lib64/libnspr4.so
7f587cf0a000-7f587cf0b000 r--p 00039000 08:04 142552                     /usr/lib64/libnspr4.so
7f587cf0b000-7f587cf0d000 rw-p 0003a000 08:04 142552                     /usr/lib64/libnspr4.so
7f587cf0d000-7f587cf0f000 rw-p 00000000 00:00 0 
7f587cf0f000-7f587cf12000 r-xp 00000000 08:04 142555                     /usr/lib64/libplds4.so
7f587cf12000-7f587d111000 ---p 00003000 08:04 142555                     /usr/lib64/libplds4.so
7f587d111000-7f587d112000 r--p 00002000 08:04 142555                     /usr/lib64/libplds4.so
7f587d112000-7f587d113000 rw-p 00003000 08:04 142555                     /usr/lib64/libplds4.so
7f587d113000-7f587d117000 r-xp 00000000 08:04 142553                     /usr/lib64/libplc4.so
7f587d117000-7f587d316000 ---p 00004000 08:04 142553                     /usr/lib64/libplc4.so
7f587d316000-7f587d317000 r--p 00003000 08:04 142553                     /usr/lib64/libplc4.so
7f587d317000-7f587d318000 rw-p 00004000 08:04 142553                     /usr/lib64/libplc4.so
7f587d318000-7f587d31b000 r-xp 00000000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f587d31b000-7f587d51a000 ---p 00003000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f587d51a000-7f587d51b000 r--p 00002000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f587d51b000-7f587d51c000 rw-p 00003000 08:04 144786                     /usr/lib64/libdl-2.17.so
7f587d51c000-7f587d63a000 r-xp 00000000 08:04 131878                     /usr/lib64/libnss3.so
7f587d63a000-7f587d839000 ---p 0011e000 08:04 131878                     /usr/lib64/libnss3.so
7f587d839000-7f587d83e000 r--p 0011d000 08:04 131878                     /usr/lib64/libnss3.so
7f587d83e000-7f587d840000 rw-p 00122000 08:04 131878                     /usr/lib64/libnss3.so
7f587d840000-7f587d842000 rw-p 00000000 00:00 0 
7f587d842000-7f587d880000 r-xp 00000000 08:04 142755                     /usr/lib64/libssl3.so
7f587d880000-7f587da7f000 ---p 0003e000 08:04 142755                     /usr/lib64/libssl3.so
7f587da7f000-7f587da83000 r--p 0003d000 08:04 142755                     /usr/lib64/libssl3.so
7f587da83000-7f587da84000 rw-p 00041000 08:04 142755                     /usr/lib64/libssl3.so
7f587da84000-7f587da85000 rw-p 00000000 00:00 0 
7f587da85000-7f587da93000 r-xp 00000000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f587da93000-7f587dc92000 ---p 0000e000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f587dc92000-7f587dc93000 r--p 0000d000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f587dc93000-7f587dc94000 rw-p 0000e000 08:04 140313                     /usr/lib64/liblber-2.4.so.2.10.3
7f587dc94000-7f587dcea000 r-xp 00000000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f587dcea000-7f587deea000 ---p 00056000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f587deea000-7f587deed000 r--p 00056000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f587deed000-7f587deee000 rw-p 00059000 08:04 140316                     /usr/lib64/libldap_r-2.4.so.2.10.3
7f587deee000-7f587def0000 rw-p 00000000 00:00 0 
7f587def0000-7f587df50000 r-xp 00000000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f587df50000-7f587e14f000 ---p 00060000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f587e14f000-7f587e150000 r--p 0005f000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f587e150000-7f587e151000 rw-p 00060000 08:04 139887                     /usr/lib64/libpcre.so.1.2.0
7f587e151000-7f587e154000 r-xp 00000000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f587e154000-7f587e353000 ---p 00003000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f587e353000-7f587e354000 r--p 00002000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f587e354000-7f587e355000 rw-p 00003000 08:04 141473                     /usr/lib64/libcom_err.so.2.1
7f587e355000-7f587e384000 r-xp 00000000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f587e384000-7f587e583000 ---p 0002f000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f587e583000-7f587e585000 r--p 0002e000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f587e585000-7f587e586000 rw-p 00030000 08:04 140302                     /usr/lib64/libk5crypto.so.3.1
7f587e586000-7f587e587000 rw-p 00000000 00:00 0 
7f587e587000-7f587e65c000 r-xp 00000000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f587e65c000-7f587e85c000 ---p 000d5000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f587e85c000-7f587e869000 r--p 000d5000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f587e869000-7f587e86c000 rw-p 000e2000 08:04 140311                     /usr/lib64/libkrb5.so.3.3
7f587e86c000-7f587e875000 r-xp 00000000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f587e875000-7f587ea74000 ---p 00009000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f587ea74000-7f587ea75000 r--p 00008000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f587ea75000-7f587ea76000 rw-p 00009000 08:04 143730                     /usr/lib64/dirsrv/libnunc-stans.so.0.0.0
7f587ea76000-7f587eb96000 r-xp 00000000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f587eb96000-7f587ed96000 ---p 00120000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f587ed96000-7f587ed99000 r--p 00120000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f587ed99000-7f587eda8000 rw-p 00123000 08:04 145803                     /usr/lib64/dirsrv/libslapd.so.0.0.0
7f587eda8000-7f587edac000 rw-p 00000000 00:00 0 
7f587edac000-7f587edcd000 r-xp 00000000 08:04 135993                     /usr/lib64/ld-2.17.so
7f587eef7000-7f587eef8000 rw-p 00000000 00:00 0 
7f587eef8000-7f587eef9000 ---p 00000000 00:00 0 
7f587eef9000-7f587ef19000 rw-p 00000000 00:00 0 
7f587ef19000-7f587ef1a000 ---p 00000000 00:00 0 
7f587ef1a000-7f587efcd000 rw-p 00000000 00:00 0 
7f587efcd000-7f587efce000 r--p 00021000 08:04 135993                     /usr/lib64/ld-2.17.so
7f587efce000-7f587efcf000 rw-p 00022000 08:04 135993                     /usr/lib64/ld-2.17.so
7f587efcf000-7f587efd0000 rw-p 00000000 00:00 0 
7ffd772cf000-7ffd772f3000 rw-p 00000000 00:00 0                          [stack]
7ffd77315000-7ffd77318000 r--p 00000000 00:00 0                          [vvar]
7ffd77318000-7ffd7731a000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/sbin/db2ldif: line 157:  2242 Aborted                 /usr/sbin/ns-slapd db2ldif -D /etc/dirsrv/slapd-EXAMPLE-COM -n userRoot -a "/var/lib/dirsrv/slapd-EXAMPLE-COM/ldif/EXAMPLE-COM-userRoot.ldif" -r

Backing up EXAMPLE-COM
Backing up files
Backed up to /var/lib/ipa/backup/ipa-full-2016-08-07-15-49-50
Starting IPA service
The ipa-backup command was successful
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160807/a3499556/attachment.sig>

From bentech4you at gmail.com  Mon Aug  8 06:06:30 2016
From: bentech4you at gmail.com (Ben .T.George)
Date: Mon, 8 Aug 2016 09:06:30 +0300
Subject: [Freeipa-users] freeipa 4.4 online repo is down
Message-ID: <CA+C_GOW0+vqAxa_rPOTZbvCmf5vr_qLGMqsRVGW_PUSKdcYnDQ@mail.gmail.com>

Hi List,

always https://copr.fedorainfracloud.org/ is down, is there any alternative
repo were i can get IPA 4.4?

Regards,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/d5303fbf/attachment.htm>

From lslebodn at redhat.com  Mon Aug  8 07:14:56 2016
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Mon, 8 Aug 2016 09:14:56 +0200
Subject: [Freeipa-users] freeipa 4.4 online repo is down
In-Reply-To: <CA+C_GOW0+vqAxa_rPOTZbvCmf5vr_qLGMqsRVGW_PUSKdcYnDQ@mail.gmail.com>
References: <CA+C_GOW0+vqAxa_rPOTZbvCmf5vr_qLGMqsRVGW_PUSKdcYnDQ@mail.gmail.com>
Message-ID: <20160808071455.GB7069@10.4.128.1>

On (08/08/16 09:06), Ben .T.George wrote:
>Hi List,
>
>always https://copr.fedorainfracloud.org/ is down, is there any alternative
>repo were i can get IPA 4.4?
>
Your link does not point to any specific repo?
Which copr reposiory did you mean?

LS



From mbasti at redhat.com  Mon Aug  8 07:36:15 2016
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 8 Aug 2016 09:36:15 +0200
Subject: [Freeipa-users] freeipa 4.4 online repo is down
In-Reply-To: <20160808071455.GB7069@10.4.128.1>
References: <CA+C_GOW0+vqAxa_rPOTZbvCmf5vr_qLGMqsRVGW_PUSKdcYnDQ@mail.gmail.com>
	<20160808071455.GB7069@10.4.128.1>
Message-ID: <c0f734f3-44ad-209d-d86a-5b98743a096b@redhat.com>



On 08.08.2016 09:14, Lukas Slebodnik wrote:
> On (08/08/16 09:06), Ben .T.George wrote:
>> Hi List,
>>
>> always https://copr.fedorainfracloud.org/ is down, is there any alternative
>> repo were i can get IPA 4.4?
>>
> Your link does not point to any specific repo?
> Which copr reposiory did you mean?
>
> LS
>
IIRC we haven't released 4.4 in any repo.

Martin



From mbasti at redhat.com  Mon Aug  8 07:41:11 2016
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 8 Aug 2016 09:41:11 +0200
Subject: [Freeipa-users] core dump within ipa-backup
In-Reply-To: <8d0b39fe-8b79-7e61-3545-deb8ccf674c2@afaics.de>
References: <8d0b39fe-8b79-7e61-3545-deb8ccf674c2@afaics.de>
Message-ID: <4fd8684e-7dec-bb00-3d31-0130d66ef0ea@redhat.com>



On 07.08.2016 16:00, Harald Dunkel wrote:
> Hi folks,
>
> ipa-backup gives me 2 segmentation faults in the logfile (see
> attachment). Platform is Centos 7.2.
>
> Is this something to worry about?
>
>
> Every helpful comment is highly appreciated
> Harri
>
>
Hello, this is probably issue https://fedorahosted.org/389/ticket/48388

It was fixed, but IMO not backported to centos7.2

Martin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/f8ee13a6/attachment.htm>

From deepak_dimri at hotmail.com  Mon Aug  8 08:03:20 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Mon, 8 Aug 2016 04:03:20 -0400
Subject: [Freeipa-users] Delegated Administration in IPA
Message-ID: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>

Hi List,
I want some help here! i have 100 of linux servers and ec2 instances  used by various teams/departments.   I want to have group wise  clubbing of these servers so that i can delegate administration access to manager of  that particular group. For example lets say out of those 100 servers, 25 servers belongs to engineering team so i want to register these 25 servers under engineering group/domain and then assign the full administration access to engineering manager to manage these 25 servers and there accesses. 
I am getting a sense that we can create DNS subdomains for each team i.e. engineering.<ipa server domain name> and then register those 25 servers under engineering.<ipa server domain name> but then i am not sure how i can assign the access and do rest of the configurations. 
I would be thankfully if any of you can provide with configuration steps to help me
Thanks,Deepak 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/63dbbe32/attachment.htm>

From mbasti at redhat.com  Mon Aug  8 08:41:59 2016
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 8 Aug 2016 10:41:59 +0200
Subject: [Freeipa-users] Delegated Administration in IPA
In-Reply-To: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>
References: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>
Message-ID: <e7ae7ba2-ce4e-4925-c499-6ff631247d89@redhat.com>



On 08.08.2016 10:03, Deepak Dimri wrote:
> Hi List,
>
> I want some help here! i have 100 of linux servers and ec2 instances 
>  used by various teams/departments.   I want to have group wise 
>  clubbing of these servers so that i can delegate administration 
> access to manager of  that particular group. For example lets say out 
> of those 100 servers, 25 servers belongs to engineering team so i want 
> to register these 25 servers under engineering group/domain and then 
> assign the full administration access to engineering manager to manage 
> these 25 servers and there accesses.
>
> I am getting a sense that we can create DNS subdomains for each team 
> i.e. engineering.<ipa server domain name> and then register those 25 
> servers under engineering.<ipa server domain name> but then i am not 
> sure how i can assign the access and do rest of the configurations.
>
> I would be thankfully if any of you can provide with configuration 
> steps to help me
>
> Thanks,
> Deepak
>
>

Hello,

I think you need HBAC 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html

You need add servers to particular hostgroups, and create HBAC rules 
according the doc ^^^

Martin



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/50ca9c3d/attachment.htm>

From abokovoy at redhat.com  Mon Aug  8 08:54:23 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 8 Aug 2016 11:54:23 +0300
Subject: [Freeipa-users] Delegated Administration in IPA
In-Reply-To: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>
References: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>
Message-ID: <20160808085423.whdfs7ss4xw45a62@redhat.com>

On Mon, 08 Aug 2016, Deepak Dimri wrote:
>Hi List,
>I want some help here! i have 100 of linux servers and ec2 instances
>used by various teams/departments.   I want to have group wise
>clubbing of these servers so that i can delegate administration access
>to manager of  that particular group. For example lets say out of those
>100 servers, 25 servers belongs to engineering team so i want to
>register these 25 servers under engineering group/domain and then
>assign the full administration access to engineering manager to manage
>these 25 servers and there accesses.  I am getting a sense that we can
>create DNS subdomains for each team i.e. engineering.<ipa server domain
>name> and then register those 25 servers under engineering.<ipa server
>domain name> but then i am not sure how i can assign the access and do
>rest of the configurations.  I would be thankfully if any of you can
>provide with configuration steps to help me
What kind of administration do you want to achieve?

- Managing IPA objects themselves?
- Managing actual machines as in login to them, run sudo, etc?

For the former you'd need to learn how to deal with
permissions/privileges/roles and create separate
permissions/privileges/roles that look like a default one with
additional target filter based on the hostgroup membership.

For the latter you'd use HBAC rules.

-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Mon Aug  8 09:49:33 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 8 Aug 2016 12:49:33 +0300
Subject: [Freeipa-users] Delegated Administration in IPA
In-Reply-To: <SNT152-W295217DD427E6F86F586BDF51B0@phx.gbl>
References: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>
	<20160808085423.whdfs7ss4xw45a62@redhat.com>
	<SNT152-W295217DD427E6F86F586BDF51B0@phx.gbl>
Message-ID: <20160808094933.q7w4fbswtlrmibq3@redhat.com>

On Mon, 08 Aug 2016, Deepak Dimri wrote:
>Thanks Alexander,
Please do not reply directly, always reply to the list.

>Basically i want full administration capability given to a user to
>manage the everything for certain hosts.  I was thinking of creating
>hierarchal domain and subdomains structure ( with root domain being
>main IPA server) and subdomains being the department/teams.  Based on
>your response below it seems i just need to create a hostgroup and
>assign admin role permissions to that hostgroup and add admin user to
>it.  No need to create hierarchal domain like structure?
You don't need to create hierarchical domains.

You need to create additional permissions because the default one
applies to every object of a certain type.

>Thanks,Deepak
>
>
>> Date: Mon, 8 Aug 2016 11:54:23 +0300
>> From: abokovoy at redhat.com
>> To: deepak_dimri at hotmail.com
>> CC: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] Delegated Administration in IPA
>>
>> On Mon, 08 Aug 2016, Deepak Dimri wrote:
>> >Hi List,
>> >I want some help here! i have 100 of linux servers and ec2 instances
>> >used by various teams/departments.   I want to have group wise
>> >clubbing of these servers so that i can delegate administration access
>> >to manager of  that particular group. For example lets say out of those
>> >100 servers, 25 servers belongs to engineering team so i want to
>> >register these 25 servers under engineering group/domain and then
>> >assign the full administration access to engineering manager to manage
>> >these 25 servers and there accesses.  I am getting a sense that we can
>> >create DNS subdomains for each team i.e. engineering.<ipa server domain
>> >name> and then register those 25 servers under engineering.<ipa server
>> >domain name> but then i am not sure how i can assign the access and do
>> >rest of the configurations.  I would be thankfully if any of you can
>> >provide with configuration steps to help me
>> What kind of administration do you want to achieve?
>>
>> - Managing IPA objects themselves?
>> - Managing actual machines as in login to them, run sudo, etc?
>>
>> For the former you'd need to learn how to deal with
>> permissions/privileges/roles and create separate
>> permissions/privileges/roles that look like a default one with
>> additional target filter based on the hostgroup membership.
>>
>> For the latter you'd use HBAC rules.
>>
>> --
>> / Alexander Bokovoy
> 		 	   		

-- 
/ Alexander Bokovoy



From mbasti at redhat.com  Mon Aug  8 09:52:59 2016
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 8 Aug 2016 11:52:59 +0200
Subject: [Freeipa-users] Delegated Administration in IPA
In-Reply-To: <SNT152-W1440C1B97E7781E4DA2390F51B0@phx.gbl>
References: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>
	<e7ae7ba2-ce4e-4925-c499-6ff631247d89@redhat.com>
	<SNT152-W1440C1B97E7781E4DA2390F51B0@phx.gbl>
Message-ID: <6ba18606-1856-bf17-a277-2fd77703d615@redhat.com>

Please keep freeipa-users in CC



On 08.08.2016 11:22, Deepak Dimri wrote:
> Thanks Martin,
>
> Don't i need to create subdomain for each team and then register the 
> hosts under that domain and finally assign HBAC?

HBAC rule is per host/hostgroup and it is unrelated to domain. Read doc 
there should be everything :)

Martin


>
>
>
> Regards,
> Deepak
>
>
>
> ------------------------------------------------------------------------
> Subject: Re: [Freeipa-users] Delegated Administration in IPA
> To: deepak_dimri at hotmail.com; freeipa-users at redhat.com
> From: mbasti at redhat.com
> Date: Mon, 8 Aug 2016 10:41:59 +0200
>
>
>
>
> On 08.08.2016 10:03, Deepak Dimri wrote:
>
>     Hi List,
>
>     I want some help here! i have 100 of linux servers and ec2
>     instances  used by various teams/departments.   I want to have
>     group wise  clubbing of these servers so that i can delegate
>     administration access to manager of  that particular group. For
>     example lets say out of those 100 servers, 25 servers belongs to
>     engineering team so i want to register these 25 servers under
>     engineering group/domain and then assign the full administration
>     access to engineering manager to manage these 25 servers and there
>     accesses.
>
>     I am getting a sense that we can create DNS subdomains for each
>     team i.e. engineering.<ipa server domain name> and then register
>     those 25 servers under engineering.<ipa server domain name> but
>     then i am not sure how i can assign the access and do rest of the
>     configurations.
>
>     I would be thankfully if any of you can provide with configuration
>     steps to help me
>
>     Thanks,
>     Deepak
>
>
>
> Hello,
>
> I think you need HBAC 
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html
>
> You need add servers to particular hostgroups, and create HBAC rules 
> according the doc ^^^
>
> Martin
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/387ef1ca/attachment.htm>

From harald.dunkel at aixigo.de  Mon Aug  8 11:28:50 2016
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Mon, 8 Aug 2016 13:28:50 +0200
Subject: [Freeipa-users] core dump within ipa-backup
In-Reply-To: <4fd8684e-7dec-bb00-3d31-0130d66ef0ea@redhat.com>
References: <8d0b39fe-8b79-7e61-3545-deb8ccf674c2@afaics.de>
	<4fd8684e-7dec-bb00-3d31-0130d66ef0ea@redhat.com>
Message-ID: <6e6190ca-ab83-4d26-58a2-80d66e27a606@aixigo.de>

Hi Martin,

On 08/08/2016 09:41 AM, Martin Basti wrote:
> Hello, this is probably issue https://fedorahosted.org/389/ticket/48388
> 
> It was fixed, but IMO not backported to centos7.2
> 
> Martin
> 
> 
> 

Does it put my ipa installation at risk? Are the backups
generated by ipa-backup corrupted?


Regards
Harri



From mbasti at redhat.com  Mon Aug  8 13:28:32 2016
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 8 Aug 2016 15:28:32 +0200
Subject: [Freeipa-users] core dump within ipa-backup
In-Reply-To: <6e6190ca-ab83-4d26-58a2-80d66e27a606@aixigo.de>
References: <8d0b39fe-8b79-7e61-3545-deb8ccf674c2@afaics.de>
	<4fd8684e-7dec-bb00-3d31-0130d66ef0ea@redhat.com>
	<6e6190ca-ab83-4d26-58a2-80d66e27a606@aixigo.de>
Message-ID: <13ede5a6-07fd-27fe-aa86-bc5f5c66bffc@redhat.com>



On 08.08.2016 13:28, Harald Dunkel wrote:
> Hi Martin,
>
> On 08/08/2016 09:41 AM, Martin Basti wrote:
>> Hello, this is probably issue https://fedorahosted.org/389/ticket/48388
>>
>> It was fixed, but IMO not backported to centos7.2
>>
>> Martin
>>
>>
>>
> Does it put my ipa installation at risk? Are the backups
> generated by ipa-backup corrupted?
IMO it is affected, but dirsrv people may know more details, I would ask 
in ticket I posted.

Martin

>
> Regards
> Harri
>



From Michael.Sean.Conley at raytheon.com  Mon Aug  8 14:24:00 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Mon, 8 Aug 2016 09:24:00 -0500
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <e6942e8f-4a9f-0361-5c50-4241dad14a8e@redhat.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<57A36F3E.5010809@redhat.com>
	<OFA53EE66C.7021B595-ON86258005.005B7B73-86258005.005B91AA@raytheon.com>
	<e6942e8f-4a9f-0361-5c50-4241dad14a8e@redhat.com>
Message-ID: <OF4972BE37.6CFB4A73-ON86258009.004F0C2D-86258009.004F1A05@raytheon.com>


Yep, did so right away.  and yes, this is for the future state of IPA.


Michael Sean Conley
Hardware/Infrastructure
Intelligence, Information and Services
Raytheon Company
972-643-9887 (office)

Michael.Sean.Conley at raytheon.com



From:	Martin Kosek <mkosek at redhat.com>
To:	Michael Sean Conley <Michael.Sean.Conley at raytheon.com>, Rob
            Crittenden <rcritten at redhat.com>
Cc:	freeipa-users at redhat.com
Date:	08/05/2016 06:33 AM
Subject:	Re: [Freeipa-users] IPA and FIPS 140-2



Are you now asking about when upstream version is FIPS compliant or some
downstream distribution? If you are asking about RHEL, as indicated by
https://bugzilla.redhat.com/show_bug.cgi?id=1125174
the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it
is
too late to add it there.

However, as Rob mentioned, it would really great if you file a support case
(if
we are talking about RHEL) and get it linked to that bug. Due to the
interest,
it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt
and
you may also receive updates on development status.

Martin

On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
> Is there any indication of a timeframe for it to become FIPS compliant?
If we
> are talking weeks, rather than years...
>
> *Michael Sean Conley*
>
>
> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23
AM---Michael
> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden
---08/04/2016
> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any
experience
> getting IPA to work with FIPS?
>
> From: Rob Crittenden <rcritten at redhat.com>
> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
> freeipa-users at redhat.com
> Date: 08/04/2016 11:37 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
>
>
-------------------------------------------------------------------------------

>
>
>
> Michael Sean Conley wrote:
>> Does ANYONE have any experience getting IPA to work with FIPS?
>>
>> We're trying desperately to get this going, as we have some requirements
>> that the Identity Management Tool we choose must be FIPS 140-2
compliant.
>
> No, it doesn't work in FIPS mode yet. If you open a support case with
> Red Hat your case can be added to
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
>
> While most, if not all, of the individual components can run in FIPS
> mode there are a lot of moving parts to coordinate to ensure they comply
> with the FIPS Security Policy and to handle some corner cases in the
> management framework.
>
> rob
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/193e0b69/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/193e0b69/attachment.gif>

From pvoborni at redhat.com  Mon Aug  8 16:27:45 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Mon, 8 Aug 2016 18:27:45 +0200
Subject: [Freeipa-users] freeipa 4.4 online repo is down
In-Reply-To: <c0f734f3-44ad-209d-d86a-5b98743a096b@redhat.com>
References: <CA+C_GOW0+vqAxa_rPOTZbvCmf5vr_qLGMqsRVGW_PUSKdcYnDQ@mail.gmail.com>
	<20160808071455.GB7069@10.4.128.1>
	<c0f734f3-44ad-209d-d86a-5b98743a096b@redhat.com>
Message-ID: <e4a274e3-8fbe-7e8c-3f0f-cbb275e63da0@redhat.com>

On 08/08/2016 09:36 AM, Martin Basti wrote:
> 
> 
> On 08.08.2016 09:14, Lukas Slebodnik wrote:
>> On (08/08/16 09:06), Ben .T.George wrote:
>>> Hi List,
>>>
>>> always https://copr.fedorainfracloud.org/ is down, is there any
>>> alternative
>>> repo were i can get IPA 4.4?
>>>
>> Your link does not point to any specific repo?
>> Which copr reposiory did you mean?
>>
>> LS
>>
> IIRC we haven't released 4.4 in any repo.
> 
> Martin
> 

Right, FreeIPA 4.4 contained a bigger number of regressions, especially
in CLI, that it was not even announced. The FreeIPA team is working on
stabilization which will result in FreeIPA 4.4.1. That release will
most-likely be available for Fedora 25 and also probably in a COPR
repository for testing on CentOS 7.

-- 
Petr Vobornik



From datakid at gmail.com  Mon Aug  8 22:39:15 2016
From: datakid at gmail.com (Lachlan Musicman)
Date: Tue, 9 Aug 2016 08:39:15 +1000
Subject: [Freeipa-users] sssd stopping randomly
Message-ID: <CAGBeqiM9kpR=dFxamvp4aOygbPZchP6khbqd_S2jeUAez6izrQ@mail.gmail.com>

We are seeing SSSD in a failed state at random intervals.

Using the 1.14.0 COPR repo on Centos 7, FreeIPA 4.2

Unfortunately it's not something we want to reproduce and I'd turned the
debug logs off because of their size. I'm turning them back on one by one
as the crashes happen.

The only thing we see in the logs when it happens is:


(Mon Aug  8 09:39:44 2016) [sssd] [watchdog_handler] (0x0010): Watchdog
timer overflow, killing process!
(Mon Aug  8 09:39:44 2016) [sssd] [orderly_shutdown] (0x0010): SIGTERM:
killing children



Any ideas on what might cause this?


Cheers
L.
------
The most dangerous phrase in the language is, "We've always done it this
way."

- Grace Hopper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/9ce3def6/attachment.htm>

From mkosek at redhat.com  Tue Aug  9 06:20:26 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Tue, 9 Aug 2016 08:20:26 +0200
Subject: [Freeipa-users] IPA and FIPS 140-2
In-Reply-To: <OF4972BE37.6CFB4A73-ON86258009.004F0C2D-86258009.004F1A05@raytheon.com>
References: <mailman.19910.1470325637.3910.freeipa-users@redhat.com>
	<OF93729599.5BCFFFA4-ON86258005.0059F329-86258005.005A1555@raytheon.com>
	<57A36F3E.5010809@redhat.com>
	<OFA53EE66C.7021B595-ON86258005.005B7B73-86258005.005B91AA@raytheon.com>
	<e6942e8f-4a9f-0361-5c50-4241dad14a8e@redhat.com>
	<OF4972BE37.6CFB4A73-ON86258009.004F0C2D-86258009.004F1A05@raytheon.com>
Message-ID: <231e9a64-2322-325c-fb96-dbcfb3ddebd2@redhat.com>

Ok, good! BTW, I opened the IPA and FIPS bug to the public, so that everyone
can track the progress:

https://bugzilla.redhat.com/show_bug.cgi?id=1125174

Martin

On 08/08/2016 04:24 PM, Michael Sean Conley wrote:
> Yep, did so right away.  and yes, this is for the future state of IPA.
> 
> 
> *Michael Sean Conley*
> Hardware/Infrastructure
> Intelligence, Information and Services
> *Raytheon Company*
> 972-643-9887 (office)
> 
> Michael.Sean.Conley at raytheon.com
> 
> Inactive hide details for Martin Kosek ---08/05/2016 06:33:27 AM---Are you now
> asking about when upstream version is FIPS complMartin Kosek ---08/05/2016
> 06:33:27 AM---Are you now asking about when upstream version is FIPS compliant
> or some downstream distribution? If
> 
> From: Martin Kosek <mkosek at redhat.com>
> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>, Rob Crittenden
> <rcritten at redhat.com>
> Cc: freeipa-users at redhat.com
> Date: 08/05/2016 06:33 AM
> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
> 
> -------------------------------------------------------------------------------
> 
> 
> 
> Are you now asking about when upstream version is FIPS compliant or some
> downstream distribution? If you are asking about RHEL, as indicated by
> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
> the bug is still in a NEW state. Given the state of RHEL-7.3 life cycle, it is
> too late to add it there.
> 
> However, as Rob mentioned, it would really great if you file a support case (if
> we are talking about RHEL) and get it linked to that bug. Due to the interest,
> it is already high in the RHEL-7.4 considerations, but adding +1 won't hurt and
> you may also receive updates on development status.
> 
> Martin
> 
> On 08/04/2016 06:40 PM, Michael Sean Conley wrote:
>> Is there any indication of a timeframe for it to become FIPS compliant?  If we
>> are talking weeks, rather than years...
>>
>> *Michael Sean Conley*
>>
>>
>> Inactive hide details for Rob Crittenden ---08/04/2016 11:37:23 AM---Michael
>> Sean Conley wrote: > Does ANYONE have any experienRob Crittenden ---08/04/2016
>> 11:37:23 AM---Michael Sean Conley wrote: > Does ANYONE have any experience
>> getting IPA to work with FIPS?
>>
>> From: Rob Crittenden <rcritten at redhat.com>
>> To: Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
>> freeipa-users at redhat.com
>> Date: 08/04/2016 11:37 AM
>> Subject: Re: [Freeipa-users] IPA and FIPS 140-2
>>
>> -------------------------------------------------------------------------------
>>
>>
>>
>> Michael Sean Conley wrote:
>>> Does ANYONE have any experience getting IPA to work with FIPS?
>>>
>>> We're trying desperately to get this going, as we have some requirements
>>> that the Identity Management Tool we choose must be FIPS 140-2 compliant.
>>
>> No, it doesn't work in FIPS mode yet. If you open a support case with
>> Red Hat your case can be added to
>> https://bugzilla.redhat.com/show_bug.cgi?id=1125174
>>
>> While most, if not all, of the individual components can run in FIPS
>> mode there are a lot of moving parts to coordinate to ensure they comply
>> with the FIPS Security Policy and to handle some corner cases in the
>> management framework.
>>
>> rob
>>
>>
>>
> 
> 



From tba at statsbiblioteket.dk  Tue Aug  9 07:12:30 2016
From: tba at statsbiblioteket.dk (Tony Brian Albers)
Date: Tue, 9 Aug 2016 07:12:30 +0000
Subject: [Freeipa-users] sudo Cmnd_Alias ?
Message-ID: <1470726750.24863.3.camel@statsbiblioteket.dk>

Hi guys,

I'm working on getting ambari from IBM BigInsights working using sudo in
FreeIPA, and I've come across the following(there are a few of these):

Cmnd_Alias BIGSQL_SERVICE_AGNT=
        /var/lib/ambari-agent/cache/stacks/BigInsights/*/services/BIGSQL/package/scripts/*

Does anyone know how to implement a cmnd_alias in FreeIPA's sudo? I can't find anything about it in the docs.

TIA

/tony
-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316






From deepak_dimri at hotmail.com  Tue Aug  9 08:08:10 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 9 Aug 2016 04:08:10 -0400
Subject: [Freeipa-users] FreeIPA LDAP Directory Extenion
Message-ID: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>

Hi All,
I want to extend my FreeIPA Directory Scheme - want to add a new ObjectClass and add few attributes to existing person ObjectClass. I see lot of places it is mentioned i can do it through 389-console command but i dont find it in my freeIPA server.  I am getting ObjectClass not found error when trying to add using FreeIPA admin gui configuration tab. Is there any documentarians steps available how schema can be extended in freeIPA using GUI or outside? I am not finding any helpful material on this and hence thought of checking with you all!
Thanks,Deepak
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/f01e23fc/attachment.htm>

From jhrozek at redhat.com  Tue Aug  9 08:15:28 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 10:15:28 +0200
Subject: [Freeipa-users] sssd stopping randomly
In-Reply-To: <CAGBeqiM9kpR=dFxamvp4aOygbPZchP6khbqd_S2jeUAez6izrQ@mail.gmail.com>
References: <CAGBeqiM9kpR=dFxamvp4aOygbPZchP6khbqd_S2jeUAez6izrQ@mail.gmail.com>
Message-ID: <20160809081528.GC4479@hendrix>

On Tue, Aug 09, 2016 at 08:39:15AM +1000, Lachlan Musicman wrote:
> We are seeing SSSD in a failed state at random intervals.
> 
> Using the 1.14.0 COPR repo on Centos 7, FreeIPA 4.2
> 
> Unfortunately it's not something we want to reproduce and I'd turned the
> debug logs off because of their size. I'm turning them back on one by one
> as the crashes happen.
> 
> The only thing we see in the logs when it happens is:
> 
> 
> (Mon Aug  8 09:39:44 2016) [sssd] [watchdog_handler] (0x0010): Watchdog
> timer overflow, killing process!
> (Mon Aug  8 09:39:44 2016) [sssd] [orderly_shutdown] (0x0010): SIGTERM:
> killing children

This means the sssd process was 'stuck' for some time so that the
watchdog killed it. Getting a pstack of that process might be valuable.

> 
> 
> 
> Any ideas on what might cause this?
> 
> 
> Cheers
> L.
> ------
> The most dangerous phrase in the language is, "We've always done it this
> way."
> 
> - Grace Hopper

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From mbasti at redhat.com  Tue Aug  9 08:15:47 2016
From: mbasti at redhat.com (Martin Basti)
Date: Tue, 9 Aug 2016 10:15:47 +0200
Subject: [Freeipa-users] FreeIPA LDAP Directory Extenion
In-Reply-To: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>
References: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>
Message-ID: <2276ba44-c68c-9529-786b-cd59d2d99a8a@redhat.com>



On 09.08.2016 10:08, Deepak Dimri wrote:
> Hi All,
>
> I want to extend my FreeIPA Directory Scheme - want to add a new 
> ObjectClass and add few attributes to existing person ObjectClass. I 
> see lot of places it is mentioned i can do it through 389-console 
> command but i dont find it in my freeIPA server.  I am getting 
> ObjectClass not found error when trying to add using FreeIPA admin gui 
> configuration tab. Is there any documentarians steps available how 
> schema can be extended in freeIPA using GUI or outside? I am not 
> finding any helpful material on this and hence thought of checking 
> with you all!
>
> Thanks,
> Deepak
>
>
>
Hello,

please read [pages 6-7]
https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf

You should *not* extend IPA objectclasses, you have to create own, 
otherwise we may and will break your schema during upgrade

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/1f7ebb09/attachment.htm>

From jhrozek at redhat.com  Tue Aug  9 08:16:01 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 10:16:01 +0200
Subject: [Freeipa-users] sudo Cmnd_Alias ?
In-Reply-To: <1470726750.24863.3.camel@statsbiblioteket.dk>
References: <1470726750.24863.3.camel@statsbiblioteket.dk>
Message-ID: <20160809081601.GD4479@hendrix>

On Tue, Aug 09, 2016 at 07:12:30AM +0000, Tony Brian Albers wrote:
> Hi guys,
> 
> I'm working on getting ambari from IBM BigInsights working using sudo in
> FreeIPA, and I've come across the following(there are a few of these):
> 
> Cmnd_Alias BIGSQL_SERVICE_AGNT=
>         /var/lib/ambari-agent/cache/stacks/BigInsights/*/services/BIGSQL/package/scripts/*
> 
> Does anyone know how to implement a cmnd_alias in FreeIPA's sudo? I can't find anything about it in the docs.

Would sudo command group work the way you want?



From tba at statsbiblioteket.dk  Tue Aug  9 08:43:26 2016
From: tba at statsbiblioteket.dk (Tony Brian Albers)
Date: Tue, 9 Aug 2016 08:43:26 +0000
Subject: [Freeipa-users] sudo Cmnd_Alias ?
In-Reply-To: <20160809081601.GD4479@hendrix>
References: <1470726750.24863.3.camel@statsbiblioteket.dk>
	<20160809081601.GD4479@hendrix>
Message-ID: <1470732206.24863.4.camel@statsbiblioteket.dk>

On Tue, 2016-08-09 at 10:16 +0200, Jakub Hrozek wrote:
> On Tue, Aug 09, 2016 at 07:12:30AM +0000, Tony Brian Albers wrote:
> > Hi guys,
> > 
> > I'm working on getting ambari from IBM BigInsights working using sudo in
> > FreeIPA, and I've come across the following(there are a few of these):
> > 
> > Cmnd_Alias BIGSQL_SERVICE_AGNT=
> >         /var/lib/ambari-agent/cache/stacks/BigInsights/*/services/BIGSQL/package/scripts/*
> > 
> > Does anyone know how to implement a cmnd_alias in FreeIPA's sudo? I can't find anything about it in the docs.
> 
> Would sudo command group work the way you want?
> 


It might, I'm trying it now.

Thanks for the suggestion.

/tony
-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316






From deepak_dimri at hotmail.com  Tue Aug  9 09:06:18 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 9 Aug 2016 05:06:18 -0400
Subject: [Freeipa-users] FreeIPA LDAP Directory Extenion
In-Reply-To: <2276ba44-c68c-9529-786b-cd59d2d99a8a@redhat.com>
References: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>,
	<2276ba44-c68c-9529-786b-cd59d2d99a8a@redhat.com>
Message-ID: <SNT152-W32E6D2975FF5BAF2C02A1CF51C0@phx.gbl>

Thanks Martin, This helps!
i also like this link https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html-single/Administration_Guide/index.html#extending-the-schema
would you know how can i access "Directory Server Console" what file i need to run to open it how its given in this document
Regards,Deepak

Subject: Re: [Freeipa-users] FreeIPA LDAP Directory Extenion
To: deepak_dimri at hotmail.com; freeipa-users at redhat.com
From: mbasti at redhat.com
Date: Tue, 9 Aug 2016 10:15:47 +0200


  
    
  
  
    

    

    

    On 09.08.2016 10:08, Deepak Dimri
      wrote:

    
    
      
      Hi All,
        

        
        I want to extend my FreeIPA Directory Scheme - want to add
          a new ObjectClass and add few attributes to existing person
          ObjectClass. I see lot of places it is mentioned i can do it
          through 389-console command but i dont find it in my freeIPA
          server.  I am getting ObjectClass not found error when trying
          to add using FreeIPA admin gui configuration tab. Is there any
          documentarians steps available how schema can be extended in
          freeIPA using GUI or outside? I am not finding any helpful
          material on this and hence thought of checking with you all!
        

        
        Thanks,
        Deepak
        

        
      
      

      
      

    
    Hello,

    

    please read [pages 6-7]

    https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf

    

    You should *not* extend IPA objectclasses, you have to create own,
    otherwise we may and will break your schema during upgrade

    

    Martin
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/9dfa339b/attachment.htm>

From mkosek at redhat.com  Tue Aug  9 09:10:09 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Tue, 9 Aug 2016 11:10:09 +0200
Subject: [Freeipa-users] FreeIPA LDAP Directory Extenion
In-Reply-To: <SNT152-W32E6D2975FF5BAF2C02A1CF51C0@phx.gbl>
References: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>
	<2276ba44-c68c-9529-786b-cd59d2d99a8a@redhat.com>
	<SNT152-W32E6D2975FF5BAF2C02A1CF51C0@phx.gbl>
Message-ID: <e321c31b-4c95-a276-293f-295690e82090@redhat.com>

Hi Deepak,

This console is not available for regular or shipped with FreeIPA (AFAIK), it
is only included in the Red Hat Directory Server product. With FreeIPA, you
will need to extend the schema with CLI tools (ldapmodify) as indicated in the
presentation that Martin Basti shared.

Martin

On 08/09/2016 11:06 AM, Deepak Dimri wrote:
> Thanks Martin, This helps!
> 
> i also like this
> link https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html-single/Administration_Guide/index.html#extending-the-schema
> 
> would you know how can i access "Directory Server Console" what file i need to
> run to open it how its given in this document
> 
> Regards,
> Deepak
> 
> 
> -------------------------------------------------------------------------------
> Subject: Re: [Freeipa-users] FreeIPA LDAP Directory Extenion
> To: deepak_dimri at hotmail.com; freeipa-users at redhat.com
> From: mbasti at redhat.com
> Date: Tue, 9 Aug 2016 10:15:47 +0200
> 
> 
> 
> 
> On 09.08.2016 10:08, Deepak Dimri wrote:
> 
>     Hi All,
> 
>     I want to extend my FreeIPA Directory Scheme - want to add a new
>     ObjectClass and add few attributes to existing person ObjectClass. I see
>     lot of places it is mentioned i can do it through 389-console command but i
>     dont find it in my freeIPA server.  I am getting ObjectClass not found
>     error when trying to add using FreeIPA admin gui configuration tab. Is
>     there any documentarians steps available how schema can be extended in
>     freeIPA using GUI or outside? I am not finding any helpful material on this
>     and hence thought of checking with you all!
> 
>     Thanks,
>     Deepak
> 
> 
> 
> Hello,
> 
> please read [pages 6-7]
> https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
> 
> You should *not* extend IPA objectclasses, you have to create own, otherwise we
> may and will break your schema during upgrade
> 
> Martin
> 
> 



From th at casalogic.dk  Tue Aug  9 09:37:46 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 11:37:46 +0200 (CEST)
Subject: [Freeipa-users] SSH auth failing in IPA trust
In-Reply-To: <20160804140542.GG29960@hendrix>
References: <201917807.281080.1470308260737.JavaMail.zimbra@casalogic.dk>
	<20160804112229.GC29960@hendrix>
	<943910922.282523.1470311802195.JavaMail.zimbra@casalogic.dk>
	<1601153421.282800.1470313906643.JavaMail.zimbra@casalogic.dk>
	<926287887.284477.1470317966426.JavaMail.zimbra@casalogic.dk>
	<20160804140542.GG29960@hendrix>
Message-ID: <400933401.394538.1470735466227.JavaMail.zimbra@casalogic.dk>

Hmm, can't get it to work, but right now it looks like I have other problems......

I'll try to follow up on this if the problem continues when I get the other problems solved.

> 
> Can you clear the caches on the client? The client receives the principals
> from the server the same way as it receives other attributes.
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From th at casalogic.dk  Tue Aug  9 10:34:04 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 12:34:04 +0200 (CEST)
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
Message-ID: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>

Hi,I have an sssd client which is currently causing problems when looking up IPA / AD users. 

# getent passwd drextrha at net.dr.dk 
returns nothing. 

# getent passwd admin at linux.dr.dk 
admin at linux.dr.dk:*:10000:10000:admin admin:/home/admin:/bin/bash 

works, so it can see the IPA domain. 

tried re-enrolling the client on IPA server (ipa-client-install --uninstall), didn't make a difftence. 

SSSD configuration parameters is the same on IPA server, and client. 

Only thins I can find on the client (loglevel 5) is: 
(Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=drextrha] 
(Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument. 
(Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 22 
(Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,22,Account info lookup failed 

Can't grasp what that error covers? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/906f0760/attachment.htm>

From jhrozek at redhat.com  Tue Aug  9 11:19:33 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 13:19:33 +0200
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160809111933.GA4479@hendrix>

On Tue, Aug 09, 2016 at 12:34:04PM +0200, Troels Hansen wrote:
> Hi,I have an sssd client which is currently causing problems when looking up IPA / AD users. 
> 
> # getent passwd drextrha at net.dr.dk 
> returns nothing. 
> 
> # getent passwd admin at linux.dr.dk 
> admin at linux.dr.dk:*:10000:10000:admin admin:/home/admin:/bin/bash 
> 
> works, so it can see the IPA domain. 
> 
> tried re-enrolling the client on IPA server (ipa-client-install --uninstall), didn't make a difftence. 
> 
> SSSD configuration parameters is the same on IPA server, and client. 
> 
> Only thins I can find on the client (loglevel 5) is: 
> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=drextrha] 
> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument. 
> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 22 
> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,22,Account info lookup failed 
> 
> Can't grasp what that error covers? 

You need to look into the corresponding server-side sssd logs. See:
    https://fedorahosted.org/sssd/wiki/Troubleshooting
search for 'Common IPA provider issues'.



From th at casalogic.dk  Tue Aug  9 11:45:27 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 13:45:27 +0200 (CEST)
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <20160809111933.GA4479@hendrix>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
Message-ID: <1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>

Think it was a combination af multiple things, without ever really figuring out what I have now made it work.

Mainly, I think it had to do with the "full_name_format" parameter, which seems to cause problems if being set on the IPA client?

If I set it
"full_name_format = %1$s"

I'm unable to look up user on the SSSD client, despite the same thing works on SSSD on the IPA server?

My config looks like this:

[domain/linux.dr.dk]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = linux.dr.dk
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = rhel02udv.linux.dr.dk
chpass_provider = ipa
ipa_server = ipa02tst.linux.dr.dk
ldap_tls_cacert = /etc/ipa/ca.crt

# Bugfix untill RHEL 7.3 arrives
# http://www.redhat.com/archives/freeipa-users/2016-May/msg00209.html
ldap_user_principal = nosuchattr
subdomain_inherit = ldap_user_principal

debug_level=5

[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains = linux.dr.dk
default_domain_suffix = NET.DR.DK
# full_name_format = %1$s

[nss]
homedir_substring = /home

[pam]
[sudo]
[autofs]
[ssh]
[pac]

With this I can lookup users, but not log in using SSH.

I think I'm circeling aroud the solution as both lookup and ssh login works on the IPA server.


----- On Aug 9, 2016, at 1:19 PM, Jakub Hrozek jhrozek at redhat.com wrote:

> On Tue, Aug 09, 2016 at 12:34:04PM +0200, Troels Hansen wrote:
>> Hi,I have an sssd client which is currently causing problems when looking up IPA
>> / AD users.
>> 
>> # getent passwd drextrha at net.dr.dk
>> returns nothing.
>> 
>> # getent passwd admin at linux.dr.dk
>> admin at linux.dr.dk:*:10000:10000:admin admin:/home/admin:/bin/bash
>> 
>> works, so it can see the IPA domain.
>> 
>> tried re-enrolling the client on IPA server (ipa-client-install --uninstall),
>> didn't make a difftence.
>> 
>> SSSD configuration parameters is the same on IPA server, and client.
>> 
>> Only thins I can find on the client (loglevel 5) is:
>> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [be_get_account_info]
>> (0x0200): Got request for [0x1001][1][name=drextrha]
>> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [ipa_srv_ad_acct_lookup_done]
>> (0x0040): ipa_get_*_acct request failed: [22]: Invalid argument.
>> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [ipa_subdomain_account_done]
>> (0x0040): ipa_get_*_acct request failed: 22
>> (Tue Aug 9 11:33:44 2016) [sssd[be[linux.dr.dk]]] [acctinfo_callback] (0x0100):
>> Request processed. Returned 3,22,Account info lookup failed
>> 
>> Can't grasp what that error covers?
> 
> You need to look into the corresponding server-side sssd logs. See:
>    https://fedorahosted.org/sssd/wiki/Troubleshooting
> search for 'Common IPA provider issues'.
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From jhrozek at redhat.com  Tue Aug  9 11:57:25 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 13:57:25 +0200
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160809115725.GE4479@hendrix>

On Tue, Aug 09, 2016 at 01:45:27PM +0200, Troels Hansen wrote:
> Think it was a combination af multiple things, without ever really figuring out what I have now made it work.
> 
> Mainly, I think it had to do with the "full_name_format" parameter, which seems to cause problems if being set on the IPA client?
> 
> If I set it
> "full_name_format = %1$s"

Yes, This only works with 1.14.0 or newer.
> 
> I'm unable to look up user on the SSSD client, despite the same thing works on SSSD on the IPA server?



From jhrozek at redhat.com  Tue Aug  9 12:09:28 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 14:09:28 +0200
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
	<1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160809120928.GH4479@hendrix>

On Tue, Aug 09, 2016 at 02:04:21PM +0200, Troels Hansen wrote:
> ----- On Aug 9, 2016, at 1:57 PM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
> >> 
> >> If I set it
> >> "full_name_format = %1$s"
> > 
> > Yes, This only works with 1.14.0 or newer.
> >> 
> 
> So, I currently works in the current RedHat (sssd-ipa-1.13.0-40.el7_2.12) but only on the server, but not on a pure IPA client, but will work in 1.14.0 ?

I would not recommend this setting on the server, even with 1.14,
because some components of the stack rely on the name of trusted users
being qualified, namely the compat plugin IIRC parses the names.

But on clients, this should work.

> 
> I guess this will be included in RedHat 7.3?

Yes.



From th at casalogic.dk  Tue Aug  9 12:04:21 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 14:04:21 +0200 (CEST)
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <20160809115725.GE4479@hendrix>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
Message-ID: <1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>

----- On Aug 9, 2016, at 1:57 PM, Jakub Hrozek jhrozek at redhat.com wrote:

>> 
>> If I set it
>> "full_name_format = %1$s"
> 
> Yes, This only works with 1.14.0 or newer.
>> 

So, I currently works in the current RedHat (sssd-ipa-1.13.0-40.el7_2.12) but only on the server, but not on a pure IPA client, but will work in 1.14.0 ?

I guess this will be included in RedHat 7.3?



From deepak_dimri at hotmail.com  Tue Aug  9 12:20:59 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 9 Aug 2016 08:20:59 -0400
Subject: [Freeipa-users] FreeIPA LDAP Directory Extenion
In-Reply-To: <e321c31b-4c95-a276-293f-295690e82090@redhat.com>
References: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>,
	<2276ba44-c68c-9529-786b-cd59d2d99a8a@redhat.com>,
	<SNT152-W32E6D2975FF5BAF2C02A1CF51C0@phx.gbl>,
	<e321c31b-4c95-a276-293f-295690e82090@redhat.com>
Message-ID: <SNT152-W635B7D91949797A56FD9B2F51C0@phx.gbl>

Ok, got it, Martin
One more query on this.
I have extended the ObjectClass under inerorgperson and added the custom attributes successfully. i could add my newly custom ObjectClass under "default user object class" tab of my FreeIPA configuration. But then the question how do i use these attributes? i dont event see them listed under user identity profile along with other out of the attributes like first name, address etc..
Best Regards,Deepak

> Subject: Re: [Freeipa-users] FreeIPA LDAP Directory Extenion
> To: deepak_dimri at hotmail.com; mbasti at redhat.com; freeipa-users at redhat.com
> From: mkosek at redhat.com
> Date: Tue, 9 Aug 2016 11:10:09 +0200
> 
> Hi Deepak,
> 
> This console is not available for regular or shipped with FreeIPA (AFAIK), it
> is only included in the Red Hat Directory Server product. With FreeIPA, you
> will need to extend the schema with CLI tools (ldapmodify) as indicated in the
> presentation that Martin Basti shared.
> 
> Martin
> 
> On 08/09/2016 11:06 AM, Deepak Dimri wrote:
> > Thanks Martin, This helps!
> > 
> > i also like this
> > link https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html-single/Administration_Guide/index.html#extending-the-schema
> > 
> > would you know how can i access "Directory Server Console" what file i need to
> > run to open it how its given in this document
> > 
> > Regards,
> > Deepak
> > 
> > 
> > -------------------------------------------------------------------------------
> > Subject: Re: [Freeipa-users] FreeIPA LDAP Directory Extenion
> > To: deepak_dimri at hotmail.com; freeipa-users at redhat.com
> > From: mbasti at redhat.com
> > Date: Tue, 9 Aug 2016 10:15:47 +0200
> > 
> > 
> > 
> > 
> > On 09.08.2016 10:08, Deepak Dimri wrote:
> > 
> >     Hi All,
> > 
> >     I want to extend my FreeIPA Directory Scheme - want to add a new
> >     ObjectClass and add few attributes to existing person ObjectClass. I see
> >     lot of places it is mentioned i can do it through 389-console command but i
> >     dont find it in my freeIPA server.  I am getting ObjectClass not found
> >     error when trying to add using FreeIPA admin gui configuration tab. Is
> >     there any documentarians steps available how schema can be extended in
> >     freeIPA using GUI or outside? I am not finding any helpful material on this
> >     and hence thought of checking with you all!
> > 
> >     Thanks,
> >     Deepak
> > 
> > 
> > 
> > Hello,
> > 
> > please read [pages 6-7]
> > https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
> > 
> > You should *not* extend IPA objectclasses, you have to create own, otherwise we
> > may and will break your schema during upgrade
> > 
> > Martin
> > 
> > 
> 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/d9cd0f01/attachment.htm>

From th at casalogic.dk  Tue Aug  9 12:29:51 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 14:29:51 +0200 (CEST)
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <20160809120928.GH4479@hendrix>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
	<1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
	<20160809120928.GH4479@hendrix>
Message-ID: <2080880503.396840.1470745791511.JavaMail.zimbra@casalogic.dk>



----- On Aug 9, 2016, at 2:09 PM, Jakub Hrozek jhrozek at redhat.com wrote:


>> 
>> So, I currently works in the current RedHat (sssd-ipa-1.13.0-40.el7_2.12) but
>> only on the server, but not on a pure IPA client, but will work in 1.14.0 ?
> 
> I would not recommend this setting on the server, even with 1.14,
> because some components of the stack rely on the name of trusted users
> being qualified, namely the compat plugin IIRC parses the names.
> 
> But on clients, this should work.
> 
>> 
>> I guess this will be included in RedHat 7.3?
> 
> Yes.

I guess I have hit some sort of configuration parameter combination that made it not work......  I have removed the full_name_format on the server, but kept
"ldap_user_principal = nosuchattr" and
"subdomain_inherit = ldap_user_principal" on both server untill 7.3 arrives.

This seems to work.




From th at casalogic.dk  Tue Aug  9 13:13:25 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 15:13:25 +0200 (CEST)
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <2080880503.396840.1470745791511.JavaMail.zimbra@casalogic.dk>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
	<1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
	<20160809120928.GH4479@hendrix>
	<2080880503.396840.1470745791511.JavaMail.zimbra@casalogic.dk>
Message-ID: <125839496.397823.1470748405936.JavaMail.zimbra@casalogic.dk>

At least for some users....

One user failing:

(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [unpack_buffer] (0x0100): cmd [249] uid [1349930179] gid
 [1349930179] validate [true] enterprise principal [false] offline [true] UPN [hlau at NET.DR.DK]
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Trying to become user [134993017
9][1349930179].
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Trying to become user [134993017
9][1349930179].
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Already user [1349930179].
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_
RENEWABLE_LIFETIME] from environment.
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_
LIFETIME] from environment.
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [sss_krb5_prompter] (0x0020): Cannot handle password pro
mpts.
(Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [k5c_send_data] (0x0200): Received error code 0


Me logging in works....
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [unpack_buffer] (0x0100): cmd [241] uid [1349938498] gid [1349938498] validate [true] enterprise principal [false] offline [false] UPN [DREXTRHA at NET.DR.DK]
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1349938498] old_ccname: [KEYRING:persistent:1349938498] keytab: [/etc/krb5.keytab]
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [switch_creds] (0x0200): Switch user to [1349938498][1349938498].
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [switch_creds] (0x0200): Switch user to [0][0].
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/rhel02udv.linux.dr.dk at LINUX.DR.DK]
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid.
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [become_user] (0x0200): Trying to become user [1349938498][1349938498].
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
(Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]


What does "Cannot handle password prompts" mean? the only thing I can find is some sssd krb5 commits looking to be related to password change?

----- On Aug 9, 2016, at 2:29 PM, Troels Hansen th at casalogic.dk wrote:

> ----- On Aug 9, 2016, at 2:09 PM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
> 
>>> 
>>> So, I currently works in the current RedHat (sssd-ipa-1.13.0-40.el7_2.12) but
>>> only on the server, but not on a pure IPA client, but will work in 1.14.0 ?
>> 
>> I would not recommend this setting on the server, even with 1.14,
>> because some components of the stack rely on the name of trusted users
>> being qualified, namely the compat plugin IIRC parses the names.
>> 
>> But on clients, this should work.
>> 
>>> 
>>> I guess this will be included in RedHat 7.3?
>> 
>> Yes.
> 
> I guess I have hit some sort of configuration parameter combination that made it
> not work......  I have removed the full_name_format on the server, but kept
> "ldap_user_principal = nosuchattr" and
> "subdomain_inherit = ldap_user_principal" on both server untill 7.3 arrives.
> 
> This seems to work.
> 
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From jhrozek at redhat.com  Tue Aug  9 13:16:04 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 15:16:04 +0200
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <125839496.397823.1470748405936.JavaMail.zimbra@casalogic.dk>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<20160809111933.GA4479@hendrix>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
	<1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
	<20160809120928.GH4479@hendrix>
	<2080880503.396840.1470745791511.JavaMail.zimbra@casalogic.dk>
	<125839496.397823.1470748405936.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160809131604.GM4479@hendrix>

On Tue, Aug 09, 2016 at 03:13:25PM +0200, Troels Hansen wrote:
> At least for some users....
> 
> One user failing:
> 
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [unpack_buffer] (0x0100): cmd [249] uid [1349930179] gid
>  [1349930179] validate [true] enterprise principal [false] offline [true] UPN [hlau at NET.DR.DK]
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Trying to become user [134993017
> 9][1349930179].
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Trying to become user [134993017
> 9][1349930179].
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Already user [1349930179].
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_
> RENEWABLE_LIFETIME] from environment.
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_
> LIFETIME] from environment.
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [sss_krb5_prompter] (0x0020): Cannot handle password pro
> mpts.
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [k5c_send_data] (0x0200): Received error code 0
> 
> 
> Me logging in works....
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [unpack_buffer] (0x0100): cmd [241] uid [1349938498] gid [1349938498] validate [true] enterprise principal [false] offline [false] UPN [DREXTRHA at NET.DR.DK]
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1349938498] old_ccname: [KEYRING:persistent:1349938498] keytab: [/etc/krb5.keytab]
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [switch_creds] (0x0200): Switch user to [1349938498][1349938498].
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [switch_creds] (0x0200): Switch user to [0][0].
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/rhel02udv.linux.dr.dk at LINUX.DR.DK]
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid.
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [become_user] (0x0200): Trying to become user [1349938498][1349938498].
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> 
> 
> What does "Cannot handle password prompts" mean? the only thing I can find is some sssd krb5 commits looking to be related to password change?

I'm not sure this is related, can you paste more context?



From mkosek at redhat.com  Tue Aug  9 13:22:28 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Tue, 9 Aug 2016 15:22:28 +0200
Subject: [Freeipa-users] FreeIPA LDAP Directory Extenion
In-Reply-To: <SNT152-W635B7D91949797A56FD9B2F51C0@phx.gbl>
References: <SNT152-W331476F36C3BE6563F0B32F51C0@phx.gbl>
	<2276ba44-c68c-9529-786b-cd59d2d99a8a@redhat.com>
	<SNT152-W32E6D2975FF5BAF2C02A1CF51C0@phx.gbl>
	<e321c31b-4c95-a276-293f-295690e82090@redhat.com>
	<SNT152-W635B7D91949797A56FD9B2F51C0@phx.gbl>
Message-ID: <c8e47bdc-7e0b-6fc8-2481-103f5503f93a@redhat.com>

Please check the FreeIPA training presentation. There are more details for
this. TLDR, you will need to create one Python plugin to get this into API/CLI
and one Web UI plugin if you also want to extend Web UI. The presentation above
has some examples.

On 08/09/2016 02:20 PM, Deepak Dimri wrote:
> Ok, got it, Martin
> 
> One more query on this.
> 
> I have extended the ObjectClass under inerorgperson and added the custom
> attributes successfully. i could add my newly custom ObjectClass under "default
> user object class" tab of my FreeIPA configuration. But then the question how
> do i use these attributes? i dont event see them listed under user identity
> profile along with other out of the attributes like first name, address etc..
> 
> Best Regards,
> Deepak
> 
> 
>> Subject: Re: [Freeipa-users] FreeIPA LDAP Directory Extenion
>> To: deepak_dimri at hotmail.com; mbasti at redhat.com; freeipa-users at redhat.com
>> From: mkosek at redhat.com
>> Date: Tue, 9 Aug 2016 11:10:09 +0200
>>
>> Hi Deepak,
>>
>> This console is not available for regular or shipped with FreeIPA (AFAIK), it
>> is only included in the Red Hat Directory Server product. With FreeIPA, you
>> will need to extend the schema with CLI tools (ldapmodify) as indicated in the
>> presentation that Martin Basti shared.
>>
>> Martin
>>
>> On 08/09/2016 11:06 AM, Deepak Dimri wrote:
>> > Thanks Martin, This helps!
>> >
>> > i also like this
>> > link
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html-single/Administration_Guide/index.html#extending-the-schema
>> >
>> > would you know how can i access "Directory Server Console" what file i need to
>> > run to open it how its given in this document
>> >
>> > Regards,
>> > Deepak
>> >
>> >
>> > -------------------------------------------------------------------------------
>> > Subject: Re: [Freeipa-users] FreeIPA LDAP Directory Extenion
>> > To: deepak_dimri at hotmail.com; freeipa-users at redhat.com
>> > From: mbasti at redhat.com
>> > Date: Tue, 9 Aug 2016 10:15:47 +0200
>> >
>> >
>> >
>> >
>> > On 09.08.2016 10:08, Deepak Dimri wrote:
>> >
>> > Hi All,
>> >
>> > I want to extend my FreeIPA Directory Scheme - want to add a new
>> > ObjectClass and add few attributes to existing person ObjectClass. I see
>> > lot of places it is mentioned i can do it through 389-console command but i
>> > dont find it in my freeIPA server. I am getting ObjectClass not found
>> > error when trying to add using FreeIPA admin gui configuration tab. Is
>> > there any documentarians steps available how schema can be extended in
>> > freeIPA using GUI or outside? I am not finding any helpful material on this
>> > and hence thought of checking with you all!
>> >
>> > Thanks,
>> > Deepak
>> >
>> >
>> >
>> > Hello,
>> >
>> > please read [pages 6-7]
>> > https://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
>> >
>> > You should *not* extend IPA objectclasses, you have to create own, otherwise we
>> > may and will break your schema during upgrade
>> >
>> > Martin
>> >
>> >
>>



From th at casalogic.dk  Tue Aug  9 13:29:37 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 9 Aug 2016 15:29:37 +0200 (CEST)
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <20160809131604.GM4479@hendrix>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
	<1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
	<20160809120928.GH4479@hendrix>
	<2080880503.396840.1470745791511.JavaMail.zimbra@casalogic.dk>
	<125839496.397823.1470748405936.JavaMail.zimbra@casalogic.dk>
	<20160809131604.GM4479@hendrix>
Message-ID: <1566556378.397900.1470749377753.JavaMail.zimbra@casalogic.dk>

----- On Aug 9, 2016, at 3:16 PM, Jakub Hrozek jhrozek at redhat.com wrote:

>> 
>> What does "Cannot handle password prompts" mean? the only thing I can find is
>> some sssd krb5 commits looking to be related to password change?
> 
> I'm not sure this is related, can you paste more context?


Actually, that was the full sssd krb5 log from a log in try with loglevel 5.
Raised it to loglevel 6 and restarted and had the user try again, this time he could log in.

I'll leave it at loglevel 6 and see if it happens again.



From harald.dunkel at aixigo.de  Tue Aug  9 13:42:10 2016
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 9 Aug 2016 15:42:10 +0200
Subject: [Freeipa-users] core dump within ipa-backup
In-Reply-To: <13ede5a6-07fd-27fe-aa86-bc5f5c66bffc@redhat.com>
References: <8d0b39fe-8b79-7e61-3545-deb8ccf674c2@afaics.de>
	<4fd8684e-7dec-bb00-3d31-0130d66ef0ea@redhat.com>
	<6e6190ca-ab83-4d26-58a2-80d66e27a606@aixigo.de>
	<13ede5a6-07fd-27fe-aa86-bc5f5c66bffc@redhat.com>
Message-ID: <f381d609-4cf4-a7b4-676c-b957a062d761@aixigo.de>

On 08/08/2016 03:28 PM, Martin Basti wrote:
> 
> 
> On 08.08.2016 13:28, Harald Dunkel wrote:
>> Hi Martin,
>>
>> On 08/08/2016 09:41 AM, Martin Basti wrote:
>>> Hello, this is probably issue https://fedorahosted.org/389/ticket/48388
>>>
>>> It was fixed, but IMO not backported to centos7.2
>>>
>>> Martin
>>>
>>>
>>>
>> Does it put my ipa installation at risk? Are the backups
>> generated by ipa-backup corrupted?
> IMO it is affected, but dirsrv people may know more details, I would ask in ticket I posted.
> 

Seriously, this was not fixed in Redhat's current distro,
putting freeipa's backup procedure at risk?

I am still waiting for the confirmation mail for the signup
procedure ...


Thanx anyway
Harri



From jhrozek at redhat.com  Tue Aug  9 13:59:37 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 9 Aug 2016 15:59:37 +0200
Subject: [Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid
 argument on IPA client when looking up AD users
In-Reply-To: <1566556378.397900.1470749377753.JavaMail.zimbra@casalogic.dk>
References: <1188503490.395459.1470738844508.JavaMail.zimbra@casalogic.dk>
	<1256629030.396350.1470743127954.JavaMail.zimbra@casalogic.dk>
	<20160809115725.GE4479@hendrix>
	<1488977894.396621.1470744261767.JavaMail.zimbra@casalogic.dk>
	<20160809120928.GH4479@hendrix>
	<2080880503.396840.1470745791511.JavaMail.zimbra@casalogic.dk>
	<125839496.397823.1470748405936.JavaMail.zimbra@casalogic.dk>
	<20160809131604.GM4479@hendrix>
	<1566556378.397900.1470749377753.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160809135937.GP4479@hendrix>

On Tue, Aug 09, 2016 at 03:29:37PM +0200, Troels Hansen wrote:
> ----- On Aug 9, 2016, at 3:16 PM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
> >> 
> >> What does "Cannot handle password prompts" mean? the only thing I can find is
> >> some sssd krb5 commits looking to be related to password change?
> > 
> > I'm not sure this is related, can you paste more context?
> 
> 
> Actually, that was the full sssd krb5 log from a log in try with loglevel 5.
> Raised it to loglevel 6 and restarted and had the user try again, this time he could log in.
> 
> I'll leave it at loglevel 6 and see if it happens again.

I think seeing the full domain log might be helpful there as well.



From jcnt at use.startmail.com  Tue Aug  9 15:48:29 2016
From: jcnt at use.startmail.com (Josh)
Date: Tue, 9 Aug 2016 11:48:29 -0400
Subject: [Freeipa-users] updating certificates
In-Reply-To: <57728EB8.2050805@redhat.com>
References: <961a039c237577e3b3a460ab3a33e6d5.startmail@www.startmail.com>
	<57728EB8.2050805@redhat.com>
Message-ID: <61e11459-f429-2d93-c0f4-d489911b0ecf@use.startmail.com>

Rob,

One must also update /etc/ipa/nssdb the same way, otherwise ipa cli tool 
gets SEC_ERROR_UNTRUSTED_ISSUER !

It would be nice to have an IPA tool  to update all certificates in all 
required places.

Also, why would I need to add CA that already in system ca-trust to the 
private IPA nssdb?

Josh.


On 06/28/2016 10:50 AM, Rob Crittenden wrote:
> jcnt at use.startmail.com wrote:
>> Greetings,
>>
>> About a year ago I installed my freeipa server with certificates from
>> startssl using command line options --dirsrv-cert-file --http-cert-file
>> etc.
>> The certificate is about to expire, what is the proper way to update it
>> in all places?
>
> It depends on whether you kept the original CSR or not. If you kept 
> the original CSR and are just renewing the certificate(s) then when 
> you get the new one, use certutil to add the updated cert to the 
> appropriate NSS database like:
>
> # certutil -A -n Server-Cert -d /etc/httpd/alias -t u,u,u -a -i 
> /path/to/new.crt
>
> If you need to generate a new CSR then you can use 
> ipa-server-certinstall to install the updated key and crt files.
>
> In either case probably worth backing up /etc/httpd/alias/*.db and 
> /etc/dirsrv/slapd-INSTANCE/*.db.
>
> rob
>



From joe at joethielen.com  Tue Aug  9 19:37:35 2016
From: joe at joethielen.com (Joe Thielen)
Date: Tue, 9 Aug 2016 15:37:35 -0400
Subject: [Freeipa-users] FreeIPA Session Management (WebUI, Kerberos, ...?)
Message-ID: <CAM9FSFyMHkLqPKhmcz-mXONKy_rWOMW_L5Z63ivfef-dwK8=7A@mail.gmail.com>

First off, let me say THANK YOU to all of you who've helped make FreeIPA
what it is.  I think it's a fantastic project and it's amazing what it has
achieved.

Second off, I'm still quite new to FreeIPA, especially the internals.  This
includes Kerberos.  I'm also very very limited at Python (I come from a PHP
background - please don't hold it against me).  I have toyed around with
LDAP a little bit before looking at FreeIPA.

After re-reading this e-mail I think it'd be important to note here at the
top that my focus is on web-based apps and non-kerberized clients.  The web
app server would be an IPA client.  I don't foresee a lot of terminal-based
stuff going on, aside from potential admin CLI tasks (for the web-based
app).

I apologize in advance for the length of this e-mail.  I have searched, a
lot, to try and answer my own questions.  That's actually how I found
FreeIPA in the first place.  I've looked at the site/wiki, the mailing list
archive, and the Internet in general.  But I've been unable to find a
solution, or suggestions, which achieves exactly what I'm looking for.  It
may be that I'm just using the wrong terminology and/or getting lost in the
buzzwords.

What I'm trying to figure out is if there is a way to centrally manage
sessions, in addition to everything else FreeIPA currently does.  I'm not
necessarily just talking about WebUI sessions, I'd like external web apps
to be able to make use of it too.  And, I'd like to be able to manage them
via the WebUI.

For example, let's say "joe" logs in to the WebUI (OR another web app tied
to FreeIPA).  Now, on another computer, "admin" logs into the WebUI.  Can
admin have a way to see that "joe" logged in, and, if need be, kill Joe's
session?

I'd like for it to maintain history.  For each login/session, I'd like to
see who logged in, when, from where, what their last access was, when they
logged out (or if their session timed out), and the logout reason (manual
logout, session timeout, or admin intervention).

But like I said, I'm not just looking for WebUI sessions.

Let's say I create a web app.  I put it on a machine which is an IPA
client.  Thanks to the wealth of documentation and options, I have a
variety of methods to achieve authentication.  FreeIPA makes this great,
and for that I'm thankful.  However, in most of the documentation, it just
says "create the session" cookie, and the rest is left as an exercise to
the reader.  I'm familiar with web apps and have implemented session
management before.  What I'd love to see is FreeIPA to be able to handle
not just the auth but also the session management.

Why?  Because I'd not like to have to re-invent the wheel.  And I'm trying
to see if there is already some method to do this that I'm just
fundamentally missing.  Or at least if there are enough pieces that I could
put together to make it happen.

For "fun", I've tried to set up auth using different methods.  I've
successfully set it up using intercept_form_submit_module and
lookup_identity_module.  That's pretty neat, works great for auth.  But, as
far as I can tell, this method doesn't create a session or login trail in
the memcached DB.  In fact, I can't really find any trail aside from the
Kerberos logging messages in /var/log/krbkdc.log.

I've also used Tobias Sette's php-freeipa from GitHub.  That works great
too... for auth.  And since that uses the JSON API, it looks like it does
create a record in the memcached DB.  So I suppose this could be one way
in, maybe by a FreeIPA plugin?

I guess I'm running in circles because then again I think... "what about
pure Kerberos" clients...  or those using intercept_form_submit_module?
I'm not familiar with PAM.  But from what I can tell, I assume there is a
way to add a "pluggable" module for it too.  But on the server?  i.e., if a
Kerberos session is established, is there a way, via PAM (or something
else?) to log that session to the FreeIPA server?   I think this is kinda
what Kerberos is trying to get away from, but for the use cases I'm
thinking of, it'd be a big feature.  In my searching I've seen things like
nss_mysql which look interesting, but of course wouldn't mesh with the
FreeIPA WebUI memcached method.

Speaking of which, I know that memcached is not by any means a permanent
session log, and I understand it's not intended to be.  So would this go
into the LDAP tree?  Would this clog it up too much?  I'm looking to store
a year of  info... or more depending on the scenario.

I've briefly looked at the Apache Shiro project.  I'm not a Java guy, but
from I'm reading it kind of has the right idea.  It even notes that the
session management portions can be accessed from other apps (on other
machines) and not necessarily from Java.  But due to the whole thing being
a mostly-Java product, I get lost far too easily.  If this were already in
FreeIPA I think that's kind of what I'm looking for.

A single source of session information on the server.  Along with the
ability to view/search it via the FreeIPA WebUI (which I assume would mean
it'd come from the JSON API).

For someone creating a new app from scratch, this would not only cover the
user/IdM and auth items, but also session management, and allow for more
administrative control (kill a session administratively).  I think this
would really decrease the barrier to entry and give app authors a "known
good" path to follow.  Especially smaller, domain- or niche-specific
projects.

I've looked at the FreeIPA session recording page (
http://www.freeipa.org/page/Session_Recording).  That looks neat.  However,
if I'm reading it right, it's just for terminal sessions.  It mentions
being able to record login info, but being a newbie I can't quite follow
exactly how it's achieving this goal (is that part all a function of tlog?).

Anyway, again, I apologize for this very long e-mail.  Am I totally barking
up the wrong tree?  Is this something FreeIPA can do and I just haven't
figured out how?  Or would it require far too much customization and/or be
too far outside of the core functionality?  Any hints, suggestions, or even
criticism would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/5db70797/attachment.htm>

From guy at bluebatgames.com  Tue Aug  9 23:32:57 2016
From: guy at bluebatgames.com (Guy Knights)
Date: Tue, 9 Aug 2016 16:32:57 -0700
Subject: [Freeipa-users] ipa-client login as AD user in trusted domain
Message-ID: <CAFtmDk-NDmz4=RGweZz=eqapu0wYBZug9Y=MYep-D-Bdi9B1fA@mail.gmail.com>

I've set up a freeipa server on a centos 7 machine and have successfully
configured a 2-way trust between it and our active directory domain
controller. I've also installed ipa-client on an ubuntu 14.04 machine and
have run ipa-client-install, which has apparently successfully joined the
FreeIPA domain.

So far, I can successfully do the following:

1. Log into the FreeIPA machine with an AD user account.
2. Log into the Ubuntu machine with a FreeIPA account.
3. Run 'getent passwd <freeipa username>' on the Ubuntu machine and have it
return the associated FreeIPA user account details (eg.
"jackt:*:1131000005:1131000005:Jack Test:/home/ipa.bbg.net/jackt:/bin/bash")
4. Run 'getent passwd <ad username>' on the Ubuntu machine and have it
return the associated AD user account details (eg. "bobt at ad.bbg.net:
*:1946801107:1946801107::/home/ad.bbg.net/bobt:/bin/bash")

What I can't do is log into the Ubuntu machine with the AD user. I'm using
the following SSH command from the command line on my mac:

ssh -o User=bobt at ad.bbg.net vm1.bbg.com

It asks me for the password, I enter it and it says permissions denied,
please try again. I set the debug level in SSSD on the ubuntu client to 5
and this is what shows up in the log during the login attempt:

(Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net]]] [be_get_account_info]
(0x0100): Got request for [4097][1][name=bobt]
(Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
(0x0100): Request processed. Returned 3,95,Account info lookup failed
(Tue Aug  9 16:25:57 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
(0x0100): Request processed. Returned 0,0,Success
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [be_get_account_info]
(0x0100): Got request for [3][1][name=bobt]
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
(0x0100): Request processed. Returned 3,95,Account info lookup failed
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [be_pam_handler]
(0x0100): Got request with the following data
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): command: PAM_AUTHENTICATE
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): domain: ad.bbg.net
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): user: bobt at ad.bbg.net
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): service: sshd
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): tty: ssh
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): ruser:
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): rhost: 192.168.100.157
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): authtok type: 1
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): priv: 1
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
(0x0100): cli_pid: 16230
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [krb5_auth_send]
(0x0100): No ccache file for user [bobt at ad.bbg.net] found.
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
[be_resolve_server_process] (0x0200): Found address for server
dc.ipa.bbg.net: [192.168.100.14] TTL 3600
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>)
[Success]
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
[be_pam_handler_callback] (0x0100): Sending result [4][ad.bbg.net]
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
[be_pam_handler_callback] (0x0100): Sent result [4][ad.bbg.net]
(Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [child_sig_handler]
(0x0100): child [16313] finished successfully.

Can anyone explain why it's saying account info lookup failed when it can
get the account info fine via getent?

Thanks,
Guy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/e33993cd/attachment.htm>

From jstephen at redhat.com  Wed Aug 10 01:47:20 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Tue, 9 Aug 2016 21:47:20 -0400
Subject: [Freeipa-users] ipa-client login as AD user in trusted domain
In-Reply-To: <CAFtmDk-NDmz4=RGweZz=eqapu0wYBZug9Y=MYep-D-Bdi9B1fA@mail.gmail.com>
References: <CAFtmDk-NDmz4=RGweZz=eqapu0wYBZug9Y=MYep-D-Bdi9B1fA@mail.gmail.com>
Message-ID: <11f5c598-3461-7b2a-63fd-1e0e130d78de@redhat.com>

Hello,

You may need to increase the debug level to 9 and look in the 
sssd_<ipadomain>.log for failures after the failed login attempt - i 
would look in between log messages 'Got request for bobt...' and 
'Backend returned' messages

https://fedorahosted.org/sssd/wiki/Troubleshooting

You can also send the debug logs here for review.

Make sure logins and lookups are working on the IPA server first before 
troubleshooting the IPA client.

Kind regards,

Justin Stephenson

On 08/09/2016 07:32 PM, Guy Knights wrote:
> I've set up a freeipa server on a centos 7 machine and have 
> successfully configured a 2-way trust between it and our active 
> directory domain controller. I've also installed ipa-client on an 
> ubuntu 14.04 machine and have run ipa-client-install, which has 
> apparently successfully joined the FreeIPA domain.
>
> So far, I can successfully do the following:
>
> 1. Log into the FreeIPA machine with an AD user account.
> 2. Log into the Ubuntu machine with a FreeIPA account.
> 3. Run 'getent passwd <freeipa username>' on the Ubuntu machine and 
> have it return the associated FreeIPA user account details (eg. 
> "jackt:*:1131000005:1131000005:Jack 
> Test:/home/ipa.bbg.net/jackt:/bin/bash 
> <http://ipa.bbg.net/jackt:/bin/bash>")
> 4. Run 'getent passwd <ad username>' on the Ubuntu machine and have it 
> return the associated AD user account details (eg. 
> "bobt at ad.bbg.net:*:1946801107:1946801107::/home/ad.bbg.net/bobt:/bin/bash 
> <http://ad.bbg.net/bobt:/bin/bash>")
>
> What I can't do is log into the Ubuntu machine with the AD user. I'm 
> using the following SSH command from the command line on my mac:
>
> ssh -o User=bobt at ad.bbg.net <mailto:bobt at ad.bbg.net> vm1.bbg.com 
> <http://vm1.bbg.com>
>
> It asks me for the password, I enter it and it says permissions 
> denied, please try again. I set the debug level in SSSD on the ubuntu 
> client to 5 and this is what shows up in the log during the login attempt:
>
> (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_get_account_info] (0x0100): Got request 
> for [4097][1][name=bobt]
> (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 3,95,Account info lookup failed
> (Tue Aug  9 16:25:57 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_get_account_info] (0x0100): Got request 
> for [3][1][name=bobt]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 3,95,Account info lookup failed
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_pam_handler] (0x0100): Got request with 
> the following data
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): command: 
> PAM_AUTHENTICATE
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): domain: ad.bbg.net 
> <http://ad.bbg.net>
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): user: 
> bobt at ad.bbg.net <mailto:bobt at ad.bbg.net>
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): service: sshd
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): tty: ssh
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): ruser:
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): rhost: 192.168.100.157
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): authtok type: 1
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): newauthtok type: 0
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): priv: 1
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): cli_pid: 16230
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [krb5_auth_send] (0x0100): No ccache file for 
> user [bobt at ad.bbg.net <mailto:bobt at ad.bbg.net>] found.
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [fo_resolve_service_send] (0x0100): Trying to 
> resolve service 'IPA'
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_resolve_server_process] (0x0200): Found 
> address for server dc.ipa.bbg.net <http://dc.ipa.bbg.net>: 
> [192.168.100.14] TTL 3600
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_pam_handler_callback] (0x0100): Backend 
> returned: (0, 4, <NULL>) [Success]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_pam_handler_callback] (0x0100): Sending 
> result [4][ad.bbg.net <http://ad.bbg.net>]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [be_pam_handler_callback] (0x0100): Sent 
> result [4][ad.bbg.net <http://ad.bbg.net>]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net 
> <http://ipa.bbg.net>]]] [child_sig_handler] (0x0100): child [16313] 
> finished successfully.
>
> Can anyone explain why it's saying account info lookup failed when it 
> can get the account info fine via getent?
>
> Thanks,
> Guy
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/6425b1cc/attachment.htm>

From pspacek at redhat.com  Wed Aug 10 07:02:29 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 10 Aug 2016 09:02:29 +0200
Subject: [Freeipa-users] FreeIPA Session Management (WebUI, Kerberos,
 ...?)
In-Reply-To: <CAM9FSFyMHkLqPKhmcz-mXONKy_rWOMW_L5Z63ivfef-dwK8=7A@mail.gmail.com>
References: <CAM9FSFyMHkLqPKhmcz-mXONKy_rWOMW_L5Z63ivfef-dwK8=7A@mail.gmail.com>
Message-ID: <e6b5b192-5acf-dacc-8765-994e623499a8@redhat.com>

On 9.8.2016 21:37, Joe Thielen wrote:
> First off, let me say THANK YOU to all of you who've helped make FreeIPA
> what it is.  I think it's a fantastic project and it's amazing what it has
> achieved.
> 
> Second off, I'm still quite new to FreeIPA, especially the internals.  This
> includes Kerberos.  I'm also very very limited at Python (I come from a PHP
> background - please don't hold it against me).  I have toyed around with
> LDAP a little bit before looking at FreeIPA.
> 
> After re-reading this e-mail I think it'd be important to note here at the
> top that my focus is on web-based apps and non-kerberized clients.  The web
> app server would be an IPA client.  I don't foresee a lot of terminal-based
> stuff going on, aside from potential admin CLI tasks (for the web-based
> app).
> 
> I apologize in advance for the length of this e-mail.  I have searched, a
> lot, to try and answer my own questions.  That's actually how I found
> FreeIPA in the first place.  I've looked at the site/wiki, the mailing list
> archive, and the Internet in general.  But I've been unable to find a
> solution, or suggestions, which achieves exactly what I'm looking for.  It
> may be that I'm just using the wrong terminology and/or getting lost in the
> buzzwords.
> 
> What I'm trying to figure out is if there is a way to centrally manage
> sessions, in addition to everything else FreeIPA currently does.  I'm not
> necessarily just talking about WebUI sessions, I'd like external web apps
> to be able to make use of it too.  And, I'd like to be able to manage them
> via the WebUI.
> 
> For example, let's say "joe" logs in to the WebUI (OR another web app tied
> to FreeIPA).  Now, on another computer, "admin" logs into the WebUI.  Can
> admin have a way to see that "joe" logged in, and, if need be, kill Joe's
> session?
> 
> I'd like for it to maintain history.  For each login/session, I'd like to
> see who logged in, when, from where, what their last access was, when they
> logged out (or if their session timed out), and the logout reason (manual
> logout, session timeout, or admin intervention).
> 
> But like I said, I'm not just looking for WebUI sessions.
> 
> Let's say I create a web app.  I put it on a machine which is an IPA
> client.  Thanks to the wealth of documentation and options, I have a
> variety of methods to achieve authentication.  FreeIPA makes this great,
> and for that I'm thankful.  However, in most of the documentation, it just
> says "create the session" cookie, and the rest is left as an exercise to
> the reader.  I'm familiar with web apps and have implemented session
> management before.  What I'd love to see is FreeIPA to be able to handle
> not just the auth but also the session management.
> 
> Why?  Because I'd not like to have to re-invent the wheel.  And I'm trying
> to see if there is already some method to do this that I'm just
> fundamentally missing.  Or at least if there are enough pieces that I could
> put together to make it happen.
> 
> For "fun", I've tried to set up auth using different methods.  I've
> successfully set it up using intercept_form_submit_module and
> lookup_identity_module.  That's pretty neat, works great for auth.  But, as
> far as I can tell, this method doesn't create a session or login trail in
> the memcached DB.  In fact, I can't really find any trail aside from the
> Kerberos logging messages in /var/log/krbkdc.log.
> 
> I've also used Tobias Sette's php-freeipa from GitHub.  That works great
> too... for auth.  And since that uses the JSON API, it looks like it does
> create a record in the memcached DB.  So I suppose this could be one way
> in, maybe by a FreeIPA plugin?
> 
> I guess I'm running in circles because then again I think... "what about
> pure Kerberos" clients...  or those using intercept_form_submit_module?
> I'm not familiar with PAM.  But from what I can tell, I assume there is a
> way to add a "pluggable" module for it too.  But on the server?  i.e., if a
> Kerberos session is established, is there a way, via PAM (or something
> else?) to log that session to the FreeIPA server?   I think this is kinda
> what Kerberos is trying to get away from, but for the use cases I'm
> thinking of, it'd be a big feature.  In my searching I've seen things like
> nss_mysql which look interesting, but of course wouldn't mesh with the
> FreeIPA WebUI memcached method.
> 
> Speaking of which, I know that memcached is not by any means a permanent
> session log, and I understand it's not intended to be.  So would this go
> into the LDAP tree?  Would this clog it up too much?  I'm looking to store
> a year of  info... or more depending on the scenario.
> 
> I've briefly looked at the Apache Shiro project.  I'm not a Java guy, but
> from I'm reading it kind of has the right idea.  It even notes that the
> session management portions can be accessed from other apps (on other
> machines) and not necessarily from Java.  But due to the whole thing being
> a mostly-Java product, I get lost far too easily.  If this were already in
> FreeIPA I think that's kind of what I'm looking for.
> 
> A single source of session information on the server.  Along with the
> ability to view/search it via the FreeIPA WebUI (which I assume would mean
> it'd come from the JSON API).
> 
> For someone creating a new app from scratch, this would not only cover the
> user/IdM and auth items, but also session management, and allow for more
> administrative control (kill a session administratively).  I think this
> would really decrease the barrier to entry and give app authors a "known
> good" path to follow.  Especially smaller, domain- or niche-specific
> projects.
> 
> I've looked at the FreeIPA session recording page (
> http://www.freeipa.org/page/Session_Recording).  That looks neat.  However,
> if I'm reading it right, it's just for terminal sessions.  It mentions
> being able to record login info, but being a newbie I can't quite follow
> exactly how it's achieving this goal (is that part all a function of tlog?).
> 
> Anyway, again, I apologize for this very long e-mail.  Am I totally barking
> up the wrong tree?  Is this something FreeIPA can do and I just haven't
> figured out how?  Or would it require far too much customization and/or be
> too far outside of the core functionality?  Any hints, suggestions, or even
> criticism would be appreciated.

Hello,

I'm not a web-app guy but I would recommend you to look at SAML protocol and
project Keycloak (which can be integrated with FreeIPA).

AFAIK SAML gives you single-sign-on + ability to forcibly log-out users (kill
their sessions). Still, it does not give you one central session (while still
allowing the central management).

Hopefully others will be able to elaborate on this.

-- 
Petr^2 Spacek



From flo at redhat.com  Wed Aug 10 08:22:28 2016
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Wed, 10 Aug 2016 10:22:28 +0200
Subject: [Freeipa-users] updating certificates
In-Reply-To: <61e11459-f429-2d93-c0f4-d489911b0ecf@use.startmail.com>
References: <961a039c237577e3b3a460ab3a33e6d5.startmail@www.startmail.com>
	<57728EB8.2050805@redhat.com>
	<61e11459-f429-2d93-c0f4-d489911b0ecf@use.startmail.com>
Message-ID: <98acba84-d06a-64dd-4521-57cbcfc21ade@redhat.com>

Hi Josh,

depending on your IPA version, you may consider using 
ipa-server-certinstall and ipa-certupdate.

ipa-server-certinstall can be used to install a new certificate for 
Apache/LDAP servers, and ipa-certupdate to update the NSS DBs with the 
CA certificates found in the LDAP server.

Flo.

On 08/09/2016 05:48 PM, Josh wrote:
> Rob,
>
> One must also update /etc/ipa/nssdb the same way, otherwise ipa cli tool
> gets SEC_ERROR_UNTRUSTED_ISSUER !
>
> It would be nice to have an IPA tool  to update all certificates in all
> required places.
>
> Also, why would I need to add CA that already in system ca-trust to the
> private IPA nssdb?
>
> Josh.
>
>
> On 06/28/2016 10:50 AM, Rob Crittenden wrote:
>> jcnt at use.startmail.com wrote:
>>> Greetings,
>>>
>>> About a year ago I installed my freeipa server with certificates from
>>> startssl using command line options --dirsrv-cert-file --http-cert-file
>>> etc.
>>> The certificate is about to expire, what is the proper way to update it
>>> in all places?
>>
>> It depends on whether you kept the original CSR or not. If you kept
>> the original CSR and are just renewing the certificate(s) then when
>> you get the new one, use certutil to add the updated cert to the
>> appropriate NSS database like:
>>
>> # certutil -A -n Server-Cert -d /etc/httpd/alias -t u,u,u -a -i
>> /path/to/new.crt
>>
>> If you need to generate a new CSR then you can use
>> ipa-server-certinstall to install the updated key and crt files.
>>
>> In either case probably worth backing up /etc/httpd/alias/*.db and
>> /etc/dirsrv/slapd-INSTANCE/*.db.
>>
>> rob
>>
>



From jpazdziora at redhat.com  Wed Aug 10 09:27:17 2016
From: jpazdziora at redhat.com (Jan Pazdziora)
Date: Wed, 10 Aug 2016 11:27:17 +0200
Subject: [Freeipa-users] FreeIPA Session Management (WebUI, Kerberos,
 ...?)
In-Reply-To: <CAM9FSFyMHkLqPKhmcz-mXONKy_rWOMW_L5Z63ivfef-dwK8=7A@mail.gmail.com>
References: <CAM9FSFyMHkLqPKhmcz-mXONKy_rWOMW_L5Z63ivfef-dwK8=7A@mail.gmail.com>
Message-ID: <20160810092717.GA14662@redhat.com>

On Tue, Aug 09, 2016 at 03:37:35PM -0400, Joe Thielen wrote:
> 
> For example, let's say "joe" logs in to the WebUI (OR another web app tied
> to FreeIPA).  Now, on another computer, "admin" logs into the WebUI.  Can
> admin have a way to see that "joe" logged in, and, if need be, kill Joe's
> session?

Typical Web applications handle sessions via HTTP cookies. You might
have additional cookies added by other layers, like mod_auth_mellon
for SAML, but one your typical PHP application sees the user
(externally) authenticated, it will create its own session as well,
signed, and that's what it will use. The only party which has access
to that session is user's browser, plus of course it is recorded in
the application database.

You will likely not find a generic mechanism which would allow you to
log out random application-level session (cookie-based) because after
all, it is not FreeIPA that created the session -- it's the
application. And even if FreeIPA was creating the sessions,
applications would be creating their own and those would still stay
around and be valid.

Your best bet might be to make the application-level session lifetime
reasonably short, to force reauthentication at regular intervals. If
some form of single sign-on authentication happens where the user is
not asked for their creentials again, you will get check with the
central authority (which can then block authentication attempt for
user that was made disabled) without user's workflow being disrupted
too much.

By the way -- you say "Joe's session". I assume you will only do that
when at the same time Joe should not be able to reauthenticate again
to that service, right?

> I guess I'm running in circles because then again I think... "what about
> pure Kerberos" clients...

Pure Kerberos clients are another fun -- the whole Kerberos
authentication is built around the time-based service tickets. If the
client already has a service ticket for the service, it does not need
to consult KDC, and neither is the central authority consulted by the
Web applications -- they trust the service tickets that they are able
to decrypt.

> or those using intercept_form_submit_module?
> I'm not familiar with PAM.

Well, PAM access phase might actually be a good way to be able to
"plug in" authorization check to Web accesses. That way even if
authentication (proof of identity) is done via method that does not
contact central server (Kerberos), the authorization can happen
against central authority. You can check

	https://www.adelton.com/apache/mod_authnz_pam/

for example of adding PAM-based authorization to GSS-API
authentication. And mod_intercept_form_submit does the same, for
username+password authentication.

But as noted above, this will just affect the Apache-based
authentication / authorization and will prevent the application session
from being created. It will not play any role in application-level
session where the cookie is hold by the browser and evaluated by the
application directly.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat



From joe at joethielen.com  Wed Aug 10 12:20:31 2016
From: joe at joethielen.com (Joe Thielen)
Date: Wed, 10 Aug 2016 08:20:31 -0400
Subject: [Freeipa-users] FreeIPA Session Management (WebUI, Kerberos,
	...?)
In-Reply-To: <20160810092717.GA14662@redhat.com>
References: <CAM9FSFyMHkLqPKhmcz-mXONKy_rWOMW_L5Z63ivfef-dwK8=7A@mail.gmail.com>
	<20160810092717.GA14662@redhat.com>
Message-ID: <CAM9FSFzpEASmHRADEd8D9gQPS_9MJA5kK0-wENbudtMMmZLDQQ@mail.gmail.com>

On Wed, Aug 10, 2016 at 5:27 AM, Jan Pazdziora <jpazdziora at redhat.com>
wrote:

> On Tue, Aug 09, 2016 at 03:37:35PM -0400, Joe Thielen wrote:
> >
> > For example, let's say "joe" logs in to the WebUI (OR another web app
> tied
> > to FreeIPA).  Now, on another computer, "admin" logs into the WebUI.  Can
> > admin have a way to see that "joe" logged in, and, if need be, kill Joe's
> > session?
>
> Typical Web applications handle sessions via HTTP cookies. You might
> have additional cookies added by other layers, like mod_auth_mellon
> for SAML, but one your typical PHP application sees the user
> (externally) authenticated, it will create its own session as well,
> signed, and that's what it will use. The only party which has access
> to that session is user's browser, plus of course it is recorded in
> the application database.
>
> You will likely not find a generic mechanism which would allow you to
> log out random application-level session (cookie-based) because after
> all, it is not FreeIPA that created the session -- it's the
> application. And even if FreeIPA was creating the sessions,
> applications would be creating their own and those would still stay
> around and be valid.
>
> Your best bet might be to make the application-level session lifetime
> reasonably short, to force reauthentication at regular intervals. If
> some form of single sign-on authentication happens where the user is
> not asked for their creentials again, you will get check with the
> central authority (which can then block authentication attempt for
> user that was made disabled) without user's workflow being disrupted
> too much.
>
> By the way -- you say "Joe's session". I assume you will only do that
> when at the same time Joe should not be able to reauthenticate again
> to that service, right?
>
> > I guess I'm running in circles because then again I think... "what about
> > pure Kerberos" clients...
>
> Pure Kerberos clients are another fun -- the whole Kerberos
> authentication is built around the time-based service tickets. If the
> client already has a service ticket for the service, it does not need
> to consult KDC, and neither is the central authority consulted by the
> Web applications -- they trust the service tickets that they are able
> to decrypt.
>
> > or those using intercept_form_submit_module?
> > I'm not familiar with PAM.
>
> Well, PAM access phase might actually be a good way to be able to
> "plug in" authorization check to Web accesses. That way even if
> authentication (proof of identity) is done via method that does not
> contact central server (Kerberos), the authorization can happen
> against central authority. You can check
>
>         https://www.adelton.com/apache/mod_authnz_pam/
>
> for example of adding PAM-based authorization to GSS-API
> authentication. And mod_intercept_form_submit does the same, for
> username+password authentication.
>
> But as noted above, this will just affect the Apache-based
> authentication / authorization and will prevent the application session
> from being created. It will not play any role in application-level
> session where the cookie is hold by the browser and evaluated by the
> application directly.
>
> --
> Jan Pazdziora
> Senior Principal Software Engineer, Identity Management Engineering, Red
> Hat
>

Jan, thanks for the insights.  I realize that once the auth takes place and
the cookie is set that an external entity (a centralized session manager)
can't do much about the cookie.  My expectation is the web app
(server-side, not client-side) will have to "phone home" to the centralized
session manager on each request to ensure the session is still valid.  If
the web app gets a signal that the session is no longer valid, and it must
not be renewed, then it would end it's own session and no longer allow the
user to continue.  And yes, you are correct in regards to "Joe's session",
he would not be allowed to re-authenticate.

This will certainly increase overhead, but I'm looking at it from a
security perspective more than anything else.

Having a short session span makes sense, forcing frequent automatic
re-authentication.  This would help in situations when using a 3rd party
web app which doesn't meet the expectation that it'd be phoning home on
each request.

Now that I'm thinking about this more, I wonder if it'd be easier to turn
this around the other way.  Instead of the web app phoning home on each
request to check and see if the session is still valid (lot's of overhead
to check for something that may very rarely happen), and maybe have a way
for the centralized session manager to instead talk to the web app server
and initiate the killing of the session that way.  So this could actually
be made as a custom plugin for 3rd party apps too... a way to remotely kill
sessions.   An example of this would be a FreeIPA WebUI session.  If the
memcached record for the session were deleted by a 3rd party, that would
cause their session to end, right?  A little brutal, but effective.  Of
course it'd also have to mark the user as disabled otherwise they could
just re-auth.

This would all depend on getting the login info from the auth phase to the
centralized session manager in the first place... i.e., the fact that a
session was established and exists.   But you already gave me some hints
for that, possibly via PAM.

Thanks for responding and letting me look at this from different angles.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/4a4a42c3/attachment.htm>

From joe at joethielen.com  Wed Aug 10 12:38:19 2016
From: joe at joethielen.com (Joe Thielen)
Date: Wed, 10 Aug 2016 08:38:19 -0400
Subject: [Freeipa-users] FreeIPA Session Management (WebUI, Kerberos,
	...?)
Message-ID: <CAM9FSFyk7Vf0WFoGuf601t9Qs8SGCN3jxprNsn0suXcQdkviWw@mail.gmail.com>

> Date: Wed, 10 Aug 2016 09:02:29 +0200
> From: Petr Spacek <pspacek at redhat.com>
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] FreeIPA Session Management (WebUI,
>         Kerberos, ...?)
> Message-ID: <e6b5b192-5acf-dacc-8765-994e623499a8 at redhat.com>
> Content-Type: text/plain; charset=windows-1252
>
> On 9.8.2016 21:37, Joe Thielen wrote:
> > First off, let me say THANK YOU to all of you who've helped make FreeIPA
> > what it is.  I think it's a fantastic project and it's amazing what it
> has
> > achieved.
> >
> > Second off, I'm still quite new to FreeIPA, especially the internals.
> This
> > includes Kerberos.  I'm also very very limited at Python (I come from a
> PHP
> > background - please don't hold it against me).  I have toyed around with
> > LDAP a little bit before looking at FreeIPA.
> >
> > After re-reading this e-mail I think it'd be important to note here at
> the
> > top that my focus is on web-based apps and non-kerberized clients.  The
> web
> > app server would be an IPA client.  I don't foresee a lot of
> terminal-based
> > stuff going on, aside from potential admin CLI tasks (for the web-based
> > app).
> >
> > I apologize in advance for the length of this e-mail.  I have searched, a
> > lot, to try and answer my own questions.  That's actually how I found
> > FreeIPA in the first place.  I've looked at the site/wiki, the mailing
> list
> > archive, and the Internet in general.  But I've been unable to find a
> > solution, or suggestions, which achieves exactly what I'm looking for.
> It
> > may be that I'm just using the wrong terminology and/or getting lost in
> the
> > buzzwords.
> >
> > What I'm trying to figure out is if there is a way to centrally manage
> > sessions, in addition to everything else FreeIPA currently does.  I'm not
> > necessarily just talking about WebUI sessions, I'd like external web apps
> > to be able to make use of it too.  And, I'd like to be able to manage
> them
> > via the WebUI.
> >
> > For example, let's say "joe" logs in to the WebUI (OR another web app
> tied
> > to FreeIPA).  Now, on another computer, "admin" logs into the WebUI.  Can
> > admin have a way to see that "joe" logged in, and, if need be, kill Joe's
> > session?
> >
> > I'd like for it to maintain history.  For each login/session, I'd like to
> > see who logged in, when, from where, what their last access was, when
> they
> > logged out (or if their session timed out), and the logout reason (manual
> > logout, session timeout, or admin intervention).
> >
> > But like I said, I'm not just looking for WebUI sessions.
> >
> > Let's say I create a web app.  I put it on a machine which is an IPA
> > client.  Thanks to the wealth of documentation and options, I have a
> > variety of methods to achieve authentication.  FreeIPA makes this great,
> > and for that I'm thankful.  However, in most of the documentation, it
> just
> > says "create the session" cookie, and the rest is left as an exercise to
> > the reader.  I'm familiar with web apps and have implemented session
> > management before.  What I'd love to see is FreeIPA to be able to handle
> > not just the auth but also the session management.
> >
> > Why?  Because I'd not like to have to re-invent the wheel.  And I'm
> trying
> > to see if there is already some method to do this that I'm just
> > fundamentally missing.  Or at least if there are enough pieces that I
> could
> > put together to make it happen.
> >
> > For "fun", I've tried to set up auth using different methods.  I've
> > successfully set it up using intercept_form_submit_module and
> > lookup_identity_module.  That's pretty neat, works great for auth.  But,
> as
> > far as I can tell, this method doesn't create a session or login trail in
> > the memcached DB.  In fact, I can't really find any trail aside from the
> > Kerberos logging messages in /var/log/krbkdc.log.
> >
> > I've also used Tobias Sette's php-freeipa from GitHub.  That works great
> > too... for auth.  And since that uses the JSON API, it looks like it does
> > create a record in the memcached DB.  So I suppose this could be one way
> > in, maybe by a FreeIPA plugin?
> >
> > I guess I'm running in circles because then again I think... "what about
> > pure Kerberos" clients...  or those using intercept_form_submit_module?
> > I'm not familiar with PAM.  But from what I can tell, I assume there is a
> > way to add a "pluggable" module for it too.  But on the server?  i.e.,
> if a
> > Kerberos session is established, is there a way, via PAM (or something
> > else?) to log that session to the FreeIPA server?   I think this is kinda
> > what Kerberos is trying to get away from, but for the use cases I'm
> > thinking of, it'd be a big feature.  In my searching I've seen things
> like
> > nss_mysql which look interesting, but of course wouldn't mesh with the
> > FreeIPA WebUI memcached method.
> >
> > Speaking of which, I know that memcached is not by any means a permanent
> > session log, and I understand it's not intended to be.  So would this go
> > into the LDAP tree?  Would this clog it up too much?  I'm looking to
> store
> > a year of  info... or more depending on the scenario.
> >
> > I've briefly looked at the Apache Shiro project.  I'm not a Java guy, but
> > from I'm reading it kind of has the right idea.  It even notes that the
> > session management portions can be accessed from other apps (on other
> > machines) and not necessarily from Java.  But due to the whole thing
> being
> > a mostly-Java product, I get lost far too easily.  If this were already
> in
> > FreeIPA I think that's kind of what I'm looking for.
> >
> > A single source of session information on the server.  Along with the
> > ability to view/search it via the FreeIPA WebUI (which I assume would
> mean
> > it'd come from the JSON API).
> >
> > For someone creating a new app from scratch, this would not only cover
> the
> > user/IdM and auth items, but also session management, and allow for more
> > administrative control (kill a session administratively).  I think this
> > would really decrease the barrier to entry and give app authors a "known
> > good" path to follow.  Especially smaller, domain- or niche-specific
> > projects.
> >
> > I've looked at the FreeIPA session recording page (
> > http://www.freeipa.org/page/Session_Recording).  That looks neat.
> However,
> > if I'm reading it right, it's just for terminal sessions.  It mentions
> > being able to record login info, but being a newbie I can't quite follow
> > exactly how it's achieving this goal (is that part all a function of
> tlog?).
> >
> > Anyway, again, I apologize for this very long e-mail.  Am I totally
> barking
> > up the wrong tree?  Is this something FreeIPA can do and I just haven't
> > figured out how?  Or would it require far too much customization and/or
> be
> > too far outside of the core functionality?  Any hints, suggestions, or
> even
> > criticism would be appreciated.
>
> Hello,
>
> I'm not a web-app guy but I would recommend you to look at SAML protocol
> and
> project Keycloak (which can be integrated with FreeIPA).
>
> AFAIK SAML gives you single-sign-on + ability to forcibly log-out users
> (kill
> their sessions). Still, it does not give you one central session (while
> still
> allowing the central management).
>
> Hopefully others will be able to elaborate on this.
>
> --
> Petr^2 Spacek
>
>
Hi Petr.  Thanks for your reply.  I did look at SAML before I found
FreeIPA.  I was able to get it up and running (simpleSAMLphp - both server
and client), but I didn't find that it did what I wanted it to do.

Hey project Keycloak looks neat, I will look further into that!

Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/9e2ab8f2/attachment.htm>

From larry.rosen at JDRSolutions.com  Tue Aug  9 21:04:38 2016
From: larry.rosen at JDRSolutions.com (Larry Rosen)
Date: Tue, 9 Aug 2016 21:04:38 +0000
Subject: [Freeipa-users] Why is user status different on each master replica?
Message-ID: <79B7CEE400C91A4C9FD8BF082D82260721E971@JDRPDC.JDRSolutions.local>

This user was locked out due to Max Failure policy = 5
If they're supposed to be replicas, why the different status?

[root at il10 ~]# ipa user-status  lramey
-----------------------
Account disabled: False
-----------------------
  Server: ipa-idm-01.ipajdr.local
  Failed logins: 0
  Last successful authentication: 20160808191857Z
  Last failed authentication: 20160808191848Z
  Time now: 2016-08-09T19:57:20Z

  Server: ipa-idm-02.ipajdr.local
  Failed logins: 5
  Last successful authentication: 20160809151406Z
  Last failed authentication: 20160809194741Z
  Time now: 2016-08-09T19:57:21Z
----------------------------
Number of entries returned 2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160809/91facaac/attachment.htm>

From mbasti at redhat.com  Wed Aug 10 15:19:19 2016
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 10 Aug 2016 17:19:19 +0200
Subject: [Freeipa-users] Why is user status different on each master
 replica?
In-Reply-To: <79B7CEE400C91A4C9FD8BF082D82260721E971@JDRPDC.JDRSolutions.local>
References: <79B7CEE400C91A4C9FD8BF082D82260721E971@JDRPDC.JDRSolutions.local>
Message-ID: <b821c268-5b09-a5e8-89a3-febdbaf3e5b6@redhat.com>



On 09.08.2016 23:04, Larry Rosen wrote:
>
> This user was locked out due to Max Failure policy = 5
>
> If they?re supposed to be replicas, why the different status?
>
> [root at il10 ~]# ipa user-status  lramey
>
> -----------------------
>
> Account disabled: False
>
> -----------------------
>
>   Server: ipa-idm-01.ipajdr.local
>
>   Failed logins: 0
>
>   Last successful authentication: 20160808191857Z
>
>   Last failed authentication: 20160808191848Z
>
>   Time now: 2016-08-09T19:57:20Z
>
>   Server: ipa-idm-02.ipajdr.local
>
>   Failed logins: 5
>
>   Last successful authentication: 20160809151406Z
>
>   Last failed authentication: 20160809194741Z
>
>   Time now: 2016-08-09T19:57:21Z
>
> ----------------------------
>
> Number of entries returned 2
>
>
>
Hi,

This is not replicated, because it may cause replication storms. So this 
status is local on each replica

Martin^2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/14133cbe/attachment.htm>

From jgoddard at emerlyn.com  Wed Aug 10 17:44:09 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Wed, 10 Aug 2016 13:44:09 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
Message-ID: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>

I've got a freeipa domain and many centos 7.2 clients. I also have a sudo
rule that allows member of the developer group sudo rights on virtual
servers in the "development" group. This works great on the centos servers.
However, I recently set up 3 ubuntu boxes, and added them to the IPA domain
and then to the "development" group. My sudo rules fail. I've enabled
debugging and I see in the /var/log/sssd/sssd_sudo.log that the clients
connects to the server, identifies group memberships, and finally prints
"returning 1 rules for [user at domain.com]. We only have the single rule so I
can't figure out why it's not working. Can someone point me in the correct
direction?

Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/9c2467ff/attachment.htm>

From schogan at us.ibm.com  Wed Aug 10 18:04:24 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Wed, 10 Aug 2016 11:04:24 -0700
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
Message-ID: <OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>


   Not sure it is the same as 14.X but I had to add the sudo in the list of
services to sssd.conf as it was not put in by default.  I am by no means an
expert on it but my own personal experience with 14.x



Sean Hogan







From:	Jeff Goddard <jgoddard at emerlyn.com>
To:	freeipa-users at redhat.com
Date:	08/10/2016 10:52 AM
Subject:	[Freeipa-users] sudo rules question on ubuntu 16.0.1
Sent by:	freeipa-users-bounces at redhat.com



I've got a freeipa domain and many centos 7.2 clients. I also have a sudo
rule that allows member of the developer group sudo rights on virtual
servers in the "development" group. This works great on the centos servers.
However, I recently set up 3 ubuntu boxes, and added them to the IPA domain
and then to the "development" group. My sudo rules fail. I've enabled
debugging and I see in the /var/log/sssd/sssd_sudo.log that the clients
connects to the server, identifies group memberships, and finally prints
"returning 1 rules for [user at domain.com]. We only have the single rule so I
can't figure out why it's not working. Can someone point me in the correct
direction?

Thanks,

Jeff

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/adb78016/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/adb78016/attachment.gif>

From jgoddard at emerlyn.com  Wed Aug 10 18:11:14 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Wed, 10 Aug 2016 14:11:14 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
Message-ID: <CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>

Sean,

Thanks for the reply. I don't think that's my problem but I'm posting a
redacted copy of the sssd.conf file for review below.


[domain/domain.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = domain.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = docker-dev-01.domain.com
chpass_provider = ipa
ipa_server = _srv_, server.domain.com
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level=7
[sssd]
services = nss, sudo, pam, ssh
debug_level=7
domains = domain.com
[nss]
homedir_substring = /home

[pam]

[sudo]
debug_level=7
[autofs]

[ssh]

[pac]

[ifp]

Jeff

On Wed, Aug 10, 2016 at 2:04 PM, Sean Hogan <schogan at us.ibm.com> wrote:

> Not sure it is the same as 14.X but I had to add the sudo in the list of
> services to sssd.conf as it was not put in by default. I am by no means an
> expert on it but my own personal experience with 14.x
>
>
>
> Sean Hogan
>
>
>
>
>
> [image: Inactive hide details for Jeff Goddard ---08/10/2016 10:52:31
> AM---I've got a freeipa domain and many centos 7.2 clients. I als]Jeff
> Goddard ---08/10/2016 10:52:31 AM---I've got a freeipa domain and many
> centos 7.2 clients. I also have a sudo rule that allows member of
>
> From: Jeff Goddard <jgoddard at emerlyn.com>
> To: freeipa-users at redhat.com
> Date: 08/10/2016 10:52 AM
> Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
> Sent by: freeipa-users-bounces at redhat.com
> ------------------------------
>
>
>
> I've got a freeipa domain and many centos 7.2 clients. I also have a sudo
> rule that allows member of the developer group sudo rights on virtual
> servers in the "development" group. This works great on the centos servers.
> However, I recently set up 3 ubuntu boxes, and added them to the IPA domain
> and then to the "development" group. My sudo rules fail. I've enabled
> debugging and I see in the /var/log/sssd/sssd_sudo.log that the clients
> connects to the server, identifies group memberships, and finally prints
> "returning 1 rules for [*user at domain.com* <user at domain.com>]. We only
> have the single rule so I can't figure out why it's not working. Can
> someone point me in the correct direction?
>
> Thanks,
>
> Jeff
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/7065282e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/7065282e/attachment.gif>

From rcritten at redhat.com  Wed Aug 10 18:13:12 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 10 Aug 2016 14:13:12 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
Message-ID: <57AB6EB8.7000609@redhat.com>

Jeff Goddard wrote:
> Sean,
>
> Thanks for the reply. I don't think that's my problem but I'm posting a
> redacted copy of the sssd.conf file for review below.

I'd start here: https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO

rob



From mike.losapio at gmail.com  Wed Aug 10 20:52:47 2016
From: mike.losapio at gmail.com (Mike LoSapio)
Date: Wed, 10 Aug 2016 16:52:47 -0400
Subject: [Freeipa-users] Declarative configuration options?
In-Reply-To: <6874c08a-2937-450c-e850-c3c469ea20a6@redhat.com>
References: <CAA4LE3bYVWFG-Kg=6KMZpjTmH-p=Hxx08s57KYDADd7aVdK3HQ@mail.gmail.com>
	<6874c08a-2937-450c-e850-c3c469ea20a6@redhat.com>
Message-ID: <CAA4LE3Z6OnMtzrzrxUm7F-h=9jrj8GVUavSYY+a2AfcM3zNmNg@mail.gmail.com>

Something declarative which can be version controlled and considered a
"source of truth" and driven from configuration management (chef,
puppet, ansible - whatever your flavor)

A scheme to reconcile account properties, group memberships,
permissions, etc... I could see how this would be a slippery slope
because of the depth of groupings/permissions/etc... but a
version-controlled declarative user config gives a nice record for
auditors (When did mike get an account, who granted access to him,
when did he get access, what other access has he had over the last
year... etc..)

~~ Pseudo declaraion
ipa_user: mike
  uid: mlosapio
  first_name: mike
  last_name: losapio





On Wed, Aug 3, 2016 at 1:56 PM, Martin Basti <mbasti at redhat.com> wrote:
>
>
> On 01.08.2016 22:50, Mike LoSapio wrote:
>>
>> Hi there,
>>
>> Is there anyone out there with a good system for storing users,
>> groups, hosts, etc.. in some sort of version controlled repo w/ flat
>> files that could plug into "two-man" workflows for user-account
>> creation and privilege/group membership changes, etc.
>>
>> There's some github projects out there to help installing FreeIPA
>> server and a few to get clients up and running, but nothing (that I
>> could find) for the on-going management of FreeIPA resources.
>>
>>
>>
>> So in puppet world (just as an example) - I'd be looking for something
>> like a puppet-defined-type freeipa_user with all the attributes
>> required and more-importantly all the code-glue that puts it all
>> together...
>>
>>
>> Figured I'd ask if there if there's anything already out there before
>> I re-invent the wheel.
>>
>>
>> TIA,
>> --Mike
>>
> Hello,
>
> sorry but I don't understand what you exactly need, can you be more
> specific? Do you need a script that provision users?
>
> Martin
>
>



From guy at bluebatgames.com  Wed Aug 10 21:19:23 2016
From: guy at bluebatgames.com (Guy Knights)
Date: Wed, 10 Aug 2016 14:19:23 -0700
Subject: [Freeipa-users] ipa-client login as AD user in trusted domain
In-Reply-To: <11f5c598-3461-7b2a-63fd-1e0e130d78de@redhat.com>
References: <CAFtmDk-NDmz4=RGweZz=eqapu0wYBZug9Y=MYep-D-Bdi9B1fA@mail.gmail.com>
	<11f5c598-3461-7b2a-63fd-1e0e130d78de@redhat.com>
Message-ID: <CAFtmDk90fpAf5i=Q+u_WKGV76UvkDFUPMPBZvLAohKauBtQmkw@mail.gmail.com>

Ok, I increased the debug level as you recommended and it's given me a lot
of useful info. Before I go any further trying to troubleshoot that mass of
info on this mailing list though, I would like to double check something I
came across. In the debug output I noticed this line:

"No ccache file for user [bobt at ad.bbg.net] found."

I then searched this error and found this thread in which the OP seems to
have basically the same setup as me:

https://lists.fedorahosted.org/pipermail/sssd-users/2013-January/000379.html

I started playing with kinit on the ubuntu machine that I'm trying to log
into, and got this error:

"kinit: Cannot find KDC for realm "AD.BBG.NET" while getting initial
credentials"

After reading through some of the replies on the above thread, I saw a post
that basically says that while the initial user info lookup is via FreeIPA,
to actually authenticate a user the ipa client machine must connect
directly to the AD controller. If this is true, it basically means the
setup I was planning to use (FreeIPA in the cloud replicating/proxying
local AD user accounts) is not going to work as I'd hoped. Could you
confirm if this behaviour is in fact correct?
Thanks,
Guy

On 9 August 2016 at 18:47, Justin Stephenson <jstephen at redhat.com> wrote:

> Hello,
>
> You may need to increase the debug level to 9 and look in the
> sssd_<ipadomain>.log for failures after the failed login attempt - i would
> look in between log messages 'Got request for bobt...' and 'Backend
> returned' messages
>
>     https://fedorahosted.org/sssd/wiki/Troubleshooting
>
> You can also send the debug logs here for review.
>
> Make sure logins and lookups are working on the IPA server first before
> troubleshooting the IPA client.
>
> Kind regards,
>
> Justin Stephenson
> On 08/09/2016 07:32 PM, Guy Knights wrote:
>
> I've set up a freeipa server on a centos 7 machine and have successfully
> configured a 2-way trust between it and our active directory domain
> controller. I've also installed ipa-client on an ubuntu 14.04 machine and
> have run ipa-client-install, which has apparently successfully joined the
> FreeIPA domain.
>
> So far, I can successfully do the following:
>
> 1. Log into the FreeIPA machine with an AD user account.
> 2. Log into the Ubuntu machine with a FreeIPA account.
> 3. Run 'getent passwd <freeipa username>' on the Ubuntu machine and have
> it return the associated FreeIPA user account details (eg.
> "jackt:*:1131000005:1131000005:Jack Test:/home/ipa.bbg.net/jackt:/bin/bash
> ")
> 4. Run 'getent passwd <ad username>' on the Ubuntu machine and have it
> return the associated AD user account details (eg. "
> bobt at ad.bbg.net:*:1946801107:1946801107::/home/ad.bbg.net/bobt:/bin/bash")
>
> What I can't do is log into the Ubuntu machine with the AD user. I'm using
> the following SSH command from the command line on my mac:
>
> ssh -o User=bobt at ad.bbg.net vm1.bbg.com
>
> It asks me for the password, I enter it and it says permissions denied,
> please try again. I set the debug level in SSSD on the ubuntu client to 5
> and this is what shows up in the log during the login attempt:
>
> (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net]]] [be_get_account_info]
> (0x0100): Got request for [4097][1][name=bobt]
> (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 3,95,Account info lookup failed
> (Tue Aug  9 16:25:57 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 0,0,Success
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [be_get_account_info]
> (0x0100): Got request for [3][1][name=bobt]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
> (0x0100): Request processed. Returned 3,95,Account info lookup failed
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [be_pam_handler]
> (0x0100): Got request with the following data
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): command: PAM_AUTHENTICATE
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): domain: ad.bbg.net
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): user: bobt at ad.bbg.net
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): service: sshd
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): tty: ssh
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): ruser:
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): rhost: 192.168.100.157
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): authtok type: 1
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): priv: 1
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
> (0x0100): cli_pid: 16230
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [krb5_auth_send]
> (0x0100): No ccache file for user [bobt at ad.bbg.net] found.
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
> [be_resolve_server_process] (0x0200): Found address for server
> dc.ipa.bbg.net: [192.168.100.14] TTL 3600
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>)
> [Success]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
> [be_pam_handler_callback] (0x0100): Sending result [4][ad.bbg.net]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
> [be_pam_handler_callback] (0x0100): Sent result [4][ad.bbg.net]
> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [child_sig_handler]
> (0x0100): child [16313] finished successfully.
>
> Can anyone explain why it's saying account info lookup failed when it can
> get the account info fine via getent?
>
> Thanks,
> Guy
>
>
>
>


-- 

*Guy Knights*
Senior Systems Engineer
BlueBat Games Inc.
Ph: 778-379-5120
Email: guy at bluebatgames.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/f4ea3e4a/attachment.htm>

From jstephen at redhat.com  Wed Aug 10 21:46:14 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Wed, 10 Aug 2016 17:46:14 -0400
Subject: [Freeipa-users] ipa-client login as AD user in trusted domain
In-Reply-To: <CAFtmDk90fpAf5i=Q+u_WKGV76UvkDFUPMPBZvLAohKauBtQmkw@mail.gmail.com>
References: <CAFtmDk-NDmz4=RGweZz=eqapu0wYBZug9Y=MYep-D-Bdi9B1fA@mail.gmail.com>
	<11f5c598-3461-7b2a-63fd-1e0e130d78de@redhat.com>
	<CAFtmDk90fpAf5i=Q+u_WKGV76UvkDFUPMPBZvLAohKauBtQmkw@mail.gmail.com>
Message-ID: <66dfc4b8-4826-a3f7-15c1-8d232cd2b95d@redhat.com>

On 08/10/2016 05:19 PM, Guy Knights wrote:
> Ok, I increased the debug level as you recommended and it's given me a 
> lot of useful info. Before I go any further trying to troubleshoot 
> that mass of info on this mailing list though, I would like to double 
> check something I came across. In the debug output I noticed this line:
>
> "No ccache file for user [bobt at ad.bbg.net <mailto:bobt at ad.bbg.net>] 
> found."
>
I would not dwell much on this error message, I see the same error from 
the krb5_auth_prepare_ccache_name function when I successfully logged in 
as an AD user on my IPA client(I suspect the ccache gets created shortly 
after). Higher debug logs means there will be a lot of log messages that 
look like errors but may not be.
>
> I then searched this error and found this thread in which the OP seems 
> to have basically the same setup as me:
>
> https://lists.fedorahosted.org/pipermail/sssd-users/2013-January/000379.html
>
> I started playing with kinit on the ubuntu machine that I'm trying to 
> log into, and got this error:
>
> "kinit: Cannot find KDC for realm "AD.BBG.NET <http://AD.BBG.NET>" 
> while getting initial credentials"
>
> After reading through some of the replies on the above thread, I saw a 
> post that basically says that while the initial user info lookup is 
> via FreeIPA, to actually authenticate a user the ipa client machine 
> must connect directly to the AD controller. If this is true, it 
> basically means the setup I was planning to use (FreeIPA in the cloud 
> replicating/proxying local AD user accounts) is not going to work as 
> I'd hoped. Could you confirm if this behaviour is in fact correct?
>
Yes, the IPA client at some points needs to communicate directly with AD 
for kerberos communication - you should see this in 
/var/log/sssd/krb5_child.log

This is explained better than I could here:


        The anatomy of a trusted identity lookup

    https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/


Kind regards,
Justin Stephenson
> Thanks,
> Guy
>
> On 9 August 2016 at 18:47, Justin Stephenson <jstephen at redhat.com 
> <mailto:jstephen at redhat.com>> wrote:
>
>     Hello,
>
>     You may need to increase the debug level to 9 and look in the
>     sssd_<ipadomain>.log for failures after the failed login attempt -
>     i would look in between log messages 'Got request for bobt...' and
>     'Backend returned' messages
>
>     https://fedorahosted.org/sssd/wiki/Troubleshooting
>     <https://fedorahosted.org/sssd/wiki/Troubleshooting>
>
>     You can also send the debug logs here for review.
>
>     Make sure logins and lookups are working on the IPA server first
>     before troubleshooting the IPA client.
>
>     Kind regards,
>
>     Justin Stephenson
>
>     On 08/09/2016 07:32 PM, Guy Knights wrote:
>>     I've set up a freeipa server on a centos 7 machine and have
>>     successfully configured a 2-way trust between it and our active
>>     directory domain controller. I've also installed ipa-client on an
>>     ubuntu 14.04 machine and have run ipa-client-install, which has
>>     apparently successfully joined the FreeIPA domain.
>>
>>     So far, I can successfully do the following:
>>
>>     1. Log into the FreeIPA machine with an AD user account.
>>     2. Log into the Ubuntu machine with a FreeIPA account.
>>     3. Run 'getent passwd <freeipa username>' on the Ubuntu machine
>>     and have it return the associated FreeIPA user account details
>>     (eg. "jackt:*:1131000005:1131000005:Jack
>>     Test:/home/ipa.bbg.net/jackt:/bin/bash
>>     <http://ipa.bbg.net/jackt:/bin/bash>")
>>     4. Run 'getent passwd <ad username>' on the Ubuntu machine and
>>     have it return the associated AD user account details (eg.
>>     "bobt at ad.bbg.net:*:1946801107:1946801107::/home/
>>     <mailto:bobt at ad.bbg.net:*:1946801107:1946801107::/home/>ad.bbg.net/bobt:/bin/bash
>>     <http://ad.bbg.net/bobt:/bin/bash>")
>>
>>     What I can't do is log into the Ubuntu machine with the AD user.
>>     I'm using the following SSH command from the command line on my mac:
>>
>>     ssh -o User=bobt at ad.bbg.net <mailto:bobt at ad.bbg.net> vm1.bbg.com
>>     <http://vm1.bbg.com>
>>
>>     It asks me for the password, I enter it and it says permissions
>>     denied, please try again. I set the debug level in SSSD on the
>>     ubuntu client to 5 and this is what shows up in the log during
>>     the login attempt:
>>
>>     (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_get_account_info] (0x0100): Got
>>     request for [4097][1][name=bobt]
>>     (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [acctinfo_callback] (0x0100): Request
>>     processed. Returned 3,95,Account info lookup failed
>>     (Tue Aug  9 16:25:57 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [acctinfo_callback] (0x0100): Request
>>     processed. Returned 0,0,Success
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_get_account_info] (0x0100): Got
>>     request for [3][1][name=bobt]
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [acctinfo_callback] (0x0100): Request
>>     processed. Returned 3,95,Account info lookup failed
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_pam_handler] (0x0100): Got request
>>     with the following data
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): command:
>>     PAM_AUTHENTICATE
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): domain:
>>     ad.bbg.net <http://ad.bbg.net>
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): user:
>>     bobt at ad.bbg.net <mailto:bobt at ad.bbg.net>
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): service: sshd
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): tty: ssh
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): ruser:
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): rhost:
>>     192.168.100.157
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): authtok type: 1
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): newauthtok type: 0
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): priv: 1
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [pam_print_data] (0x0100): cli_pid: 16230
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [krb5_auth_send] (0x0100): No ccache file
>>     for user [bobt at ad.bbg.net <mailto:bobt at ad.bbg.net>] found.
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [fo_resolve_service_send] (0x0100):
>>     Trying to resolve service 'IPA'
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_resolve_server_process] (0x0200):
>>     Found address for server dc.ipa.bbg.net <http://dc.ipa.bbg.net>:
>>     [192.168.100.14] TTL 3600
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_pam_handler_callback] (0x0100):
>>     Backend returned: (0, 4, <NULL>) [Success]
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_pam_handler_callback] (0x0100):
>>     Sending result [4][ad.bbg.net <http://ad.bbg.net>]
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [be_pam_handler_callback] (0x0100): Sent
>>     result [4][ad.bbg.net <http://ad.bbg.net>]
>>     (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net
>>     <http://ipa.bbg.net>]]] [child_sig_handler] (0x0100): child
>>     [16313] finished successfully.
>>
>>     Can anyone explain why it's saying account info lookup failed
>>     when it can get the account info fine via getent?
>>
>>     Thanks,
>>     Guy
>>
>>
>
>
>
>
> -- 
>
>     *
>     *Guy Knights*
>     *
>     Senior Systems Engineer
>     BlueBat Games Inc.
>     Ph: 778-379-5120
>     Email: guy at bluebatgames.com <mailto:guy at bluebatgames.com>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/56c4b3cd/attachment.htm>

From guy at bluebatgames.com  Wed Aug 10 22:00:28 2016
From: guy at bluebatgames.com (Guy Knights)
Date: Wed, 10 Aug 2016 15:00:28 -0700
Subject: [Freeipa-users] ipa-client login as AD user in trusted domain
In-Reply-To: <66dfc4b8-4826-a3f7-15c1-8d232cd2b95d@redhat.com>
References: <CAFtmDk-NDmz4=RGweZz=eqapu0wYBZug9Y=MYep-D-Bdi9B1fA@mail.gmail.com>
	<11f5c598-3461-7b2a-63fd-1e0e130d78de@redhat.com>
	<CAFtmDk90fpAf5i=Q+u_WKGV76UvkDFUPMPBZvLAohKauBtQmkw@mail.gmail.com>
	<66dfc4b8-4826-a3f7-15c1-8d232cd2b95d@redhat.com>
Message-ID: <CAFtmDk8U69YNR1uPQefmqwJAzaPSSJ58LvHQhfd8Rz030sMr_w@mail.gmail.com>

Hmm, ok. In that case, I guess I need to rethink my setup. Thanks again for
all your help!

Kind regards,
Guy

On 10 August 2016 at 14:46, Justin Stephenson <jstephen at redhat.com> wrote:

> On 08/10/2016 05:19 PM, Guy Knights wrote:
>
> Ok, I increased the debug level as you recommended and it's given me a lot
> of useful info. Before I go any further trying to troubleshoot that mass of
> info on this mailing list though, I would like to double check something I
> came across. In the debug output I noticed this line:
>
> "No ccache file for user [bobt at ad.bbg.net] found."
>
> I would not dwell much on this error message, I see the same error from
> the krb5_auth_prepare_ccache_name function when I successfully logged in as
> an AD user on my IPA client(I suspect the ccache gets created shortly
> after). Higher debug logs means there will be a lot of log messages that
> look like errors but may not be.
>
> I then searched this error and found this thread in which the OP seems to
> have basically the same setup as me:
>
> https://lists.fedorahosted.org/pipermail/sssd-users/2013-
> January/000379.html
>
> I started playing with kinit on the ubuntu machine that I'm trying to log
> into, and got this error:
>
> "kinit: Cannot find KDC for realm "AD.BBG.NET" while getting initial
> credentials"
>
> After reading through some of the replies on the above thread, I saw a
> post that basically says that while the initial user info lookup is via
> FreeIPA, to actually authenticate a user the ipa client machine must
> connect directly to the AD controller. If this is true, it basically means
> the setup I was planning to use (FreeIPA in the cloud replicating/proxying
> local AD user accounts) is not going to work as I'd hoped. Could you
> confirm if this behaviour is in fact correct?
>
> Yes, the IPA client at some points needs to communicate directly with AD
> for kerberos communication - you should see this in
> /var/log/sssd/krb5_child.log
>
> This is explained better than I could here:
>
> The anatomy of a trusted identity lookup
>
> https://jhrozek.wordpress.com/2015/08/19/performance-tuning-
> sssd-for-large-ipa-ad-trust-deployments/
>
>
> Kind regards,
> Justin Stephenson
>
> Thanks,
> Guy
>
> On 9 August 2016 at 18:47, Justin Stephenson <jstephen at redhat.com> wrote:
>
>> Hello,
>>
>> You may need to increase the debug level to 9 and look in the
>> sssd_<ipadomain>.log for failures after the failed login attempt - i would
>> look in between log messages 'Got request for bobt...' and 'Backend
>> returned' messages
>>
>>     https://fedorahosted.org/sssd/wiki/Troubleshooting
>>
>> You can also send the debug logs here for review.
>>
>> Make sure logins and lookups are working on the IPA server first before
>> troubleshooting the IPA client.
>>
>> Kind regards,
>>
>> Justin Stephenson
>> On 08/09/2016 07:32 PM, Guy Knights wrote:
>>
>> I've set up a freeipa server on a centos 7 machine and have successfully
>> configured a 2-way trust between it and our active directory domain
>> controller. I've also installed ipa-client on an ubuntu 14.04 machine and
>> have run ipa-client-install, which has apparently successfully joined the
>> FreeIPA domain.
>>
>> So far, I can successfully do the following:
>>
>> 1. Log into the FreeIPA machine with an AD user account.
>> 2. Log into the Ubuntu machine with a FreeIPA account.
>> 3. Run 'getent passwd <freeipa username>' on the Ubuntu machine and have
>> it return the associated FreeIPA user account details (eg.
>> "jackt:*:1131000005:1131000005:Jack Test:/home/ipa.bbg.net/jackt:/
>> bin/bash")
>> 4. Run 'getent passwd <ad username>' on the Ubuntu machine and have it
>> return the associated AD user account details (eg. "
>> bobt at ad.bbg.net:*:1946801107:1946801107::/home/ad.bbg.net/bobt:/bin/bash
>> ")
>>
>> What I can't do is log into the Ubuntu machine with the AD user. I'm
>> using the following SSH command from the command line on my mac:
>>
>> ssh -o User=bobt at ad.bbg.net vm1.bbg.com
>>
>> It asks me for the password, I enter it and it says permissions denied,
>> please try again. I set the debug level in SSSD on the ubuntu client to 5
>> and this is what shows up in the log during the login attempt:
>>
>> (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net]]] [be_get_account_info]
>> (0x0100): Got request for [4097][1][name=bobt]
>> (Tue Aug  9 16:25:56 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
>> (0x0100): Request processed. Returned 3,95,Account info lookup failed
>> (Tue Aug  9 16:25:57 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
>> (0x0100): Request processed. Returned 0,0,Success
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [be_get_account_info]
>> (0x0100): Got request for [3][1][name=bobt]
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [acctinfo_callback]
>> (0x0100): Request processed. Returned 3,95,Account info lookup failed
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [be_pam_handler]
>> (0x0100): Got request with the following data
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): command: PAM_AUTHENTICATE
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): domain: ad.bbg.net
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): user: bobt at ad.bbg.net
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): service: sshd
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): tty: ssh
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): ruser:
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): rhost: 192.168.100.157
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): authtok type: 1
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): newauthtok type: 0
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): priv: 1
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [pam_print_data]
>> (0x0100): cli_pid: 16230
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [krb5_auth_send]
>> (0x0100): No ccache file for user [bobt at ad.bbg.net] found.
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
>> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
>> [be_resolve_server_process] (0x0200): Found address for server
>> dc.ipa.bbg.net: [192.168.100.14] TTL 3600
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>)
>> [Success]
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
>> [be_pam_handler_callback] (0x0100): Sending result [4][ad.bbg.net]
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]]
>> [be_pam_handler_callback] (0x0100): Sent result [4][ad.bbg.net]
>> (Tue Aug  9 16:27:54 2016) [sssd[be[ipa.bbg.net]]] [child_sig_handler]
>> (0x0100): child [16313] finished successfully.
>>
>> Can anyone explain why it's saying account info lookup failed when it can
>> get the account info fine via getent?
>>
>> Thanks,
>> Guy
>>
>>
>>
>>
>
>
> --
>
> * Guy Knights *
> Senior Systems Engineer
> BlueBat Games Inc.
> Ph: 778-379-5120
> Email: guy at bluebatgames.com
>
>
>


-- 

*Guy Knights*
Senior Systems Engineer
BlueBat Games Inc.
Ph: 778-379-5120
Email: guy at bluebatgames.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160810/5b9f5f89/attachment.htm>

From whitehat237 at gmail.com  Thu Aug 11 04:02:35 2016
From: whitehat237 at gmail.com (White Hat)
Date: Wed, 10 Aug 2016 23:02:35 -0500
Subject: [Freeipa-users] ipa-replica-install fails with python import error
	for module ssl_match_hostname
Message-ID: <CADrfRkTJbF0_fUp=5shvY36NXt89_EoNg6xShkH_5BH3yqOtHg@mail.gmail.com>

When attempting to run ipa-replica-install I get a python error, No
module named ssl_match_hostname


This is on a CentOS 7.2 x86_64 testing box.

All available updates including kernel installed, and system rebooted
same day. Same error before and after patching and reboot.

Let me know if you want to see the yum history log info.

- Operating system version
[root at lcars site-packages]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

[root at lcars site-packages]# uname -a
Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

- Here are the installed packages.  All were installed using yum.
[root at lcars site-packages]# yum list installed | awk '/backports|ipa-/'
ipa-admintools.x86_64                  4.2.0-15.0.1.el7.centos.18      @updates
ipa-client.x86_64                      4.2.0-15.0.1.el7.centos.18      @updates
ipa-python.x86_64                      4.2.0-15.0.1.el7.centos.18      @updates
ipa-server.x86_64                      4.2.0-15.0.1.el7.centos.18      @updates
ipa-server-dns.x86_64                  4.2.0-15.0.1.el7.centos.18      @updates
python-backports.noarch                1.0-6.el7                       @anaconda
python-backports.x86_64                1.0-8.el7                       installed
python-backports-ssl_match_hostname.noarch

I have the following repositories enabled:
base/7/x86_64
epel/x86_64
extras/7/x86_64
updates/7/x86_64

- Other threads on this issue suggest using pip to install
backports.ssl_match_hostname.  I still get the same error after doing
that.

[root at lcars site-packages]# pip install backports.ssl_match_hostname
Requirement already satisfied (use --upgrade to upgrade):
backports.ssl_match_hostname in /usr/lib/python2.7/site-packages

[root at lcars site-packages]# pip install --upgrade backports.ssl_match_hostname
Requirement already up-to-date: backports.ssl_match_hostname in
/usr/lib/python2.7/site-packages

- Here's the actual attempt
[root at lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
--forwarder=4.2.2.1
/root/replica-info-lcars.internal.madisonrentals.biz.gpg
WARNING: conflicting time&date synchronization service 'chronyd' will
be disabled in favor of ntpd

Directory Manager (existing master) password:

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    No module
named ssl_match_hostname

Even when running the suggested ipa-server-install --uninstall, I
still receive the error about the missing module.

Here's what I have in /usr/lib/python2.7/site-packages

[root at lcars site-packages]# pwd
/usr/lib/python2.7/site-packages
[root at lcars site-packages]# ls | awk '/backports.ssl/'
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info

- And here are the contents of each directory.
[root at lcars site-packages]# cd
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/

[root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
dependency_links.txt  PKG-INFO  SOURCES.txt  top_level.txt

[root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
[root at lcars site-packages]# ls
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
dependency_links.txt  installed-files.txt  PKG-INFO  SOURCES.txt  top_level.txt

Another thread suggested that this can be caused by a missing
__init__.py file, however, creating this file in both directories
doesn't help.

A commit by Heimes may shed some light on this.
The commit is in regards to otptoken and states that:

"The otptoken plugin is the only module in FreeIPA that uses Python's ssl
module instead of NSS. The patch replaces ssl with NSSConnection. It
uses the default NSS database to lookup trust anchors. NSSConnection
uses NSS for hostname matching. The package
python-backports-ssl_match_hostname is no longer required."

The master IPA server is up and running with no issues.

An ipa connection between replica server and master reports that the
connection is working.

What else could I be missing?

Thanks,
Chris.



From techpkiuser at gmail.com  Thu Aug 11 04:21:06 2016
From: techpkiuser at gmail.com (Kamal Perera)
Date: Thu, 11 Aug 2016 09:51:06 +0530
Subject: [Freeipa-users] FreeIPA vs DogTag CA
Message-ID: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>

Dear all,

Seeking your kind advices.

If the requirement is for having a scalable corporate CA only, is it
possible to get this requirement fulfilled with DogTag only, or install
FreeIPA and use the CA functionality only.

What are the functional differences and support limitations?

Thanks
Kaamel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/a0ccce1e/attachment.htm>

From deepak_dimri at hotmail.com  Thu Aug 11 06:40:54 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Thu, 11 Aug 2016 02:40:54 -0400
Subject: [Freeipa-users] key+OTP to SSH into publicly exposed redHat
	instances
Message-ID: <SNT152-W780236BD739EAB19CCEF83F51E0@phx.gbl>

Hi All,
I want to protect my publicly exposed AWS EC2 instances with SSH key and OTP. I have my freeIPA v4 all up and running. I am able to SSH in to my IPA clients with my private key however i want to include OTP into this login process. I have enabled OTP for one test user in my FreeIPA and i am able to login with password+OTP using browser admin URL BUT how do i challenge the same user for OTP when trying to SSH login into RedHat?
I have tried adding this in my freeIPA server /etc/ssh/sshd_config but no luck - do not get challenged for OTP when using SSH.








ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
PasswordAuthentication no
Thanks in Advance,Deepak 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/95565777/attachment.htm>

From abokovoy at redhat.com  Thu Aug 11 06:45:13 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 11 Aug 2016 09:45:13 +0300
Subject: [Freeipa-users] key+OTP to SSH into publicly exposed redHat
 instances
In-Reply-To: <SNT152-W780236BD739EAB19CCEF83F51E0@phx.gbl>
References: <SNT152-W780236BD739EAB19CCEF83F51E0@phx.gbl>
Message-ID: <20160811064513.ydf47ca5l4pp7eby@redhat.com>

On Thu, 11 Aug 2016, Deepak Dimri wrote:
>Hi All,
>I want to protect my publicly exposed AWS EC2 instances with SSH key
>and OTP. I have my freeIPA v4 all up and running. I am able to SSH in
>to my IPA clients with my private key however i want to include OTP
>into this login process. I have enabled OTP for one test user in my
>FreeIPA and i am able to login with password+OTP using browser admin
>URL BUT how do i challenge the same user for OTP when trying to SSH
>login into RedHat?  I have tried adding this in my freeIPA server
>/etc/ssh/sshd_config but no luck - do not get challenged for OTP when
>using SSH.
man sshd_config -> AuthenticationMethods.

-- 
/ Alexander Bokovoy



From th at casalogic.dk  Thu Aug 11 08:18:30 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 11 Aug 2016 10:18:30 +0200 (CEST)
Subject: [Freeipa-users] headless ipa client join using kerberos ticket
Message-ID: <1479276219.424669.1470903510027.JavaMail.zimbra@casalogic.dk>

I can see this have been discussed a lot here, but I still can't seem to find the correct answer, so bare with me if i'm asking a question already answered. 

I'm trying to create a user that can be used for (headless) joining out RHEL clients to IPA 

Here is what have been done: 
/etc/krb5.conf and /etc/ipa/ca.crt copied to the client. 

a user created on IPA: 

# ipa user-show joinipa 
User login: joinipa 
First name: Host 
Last name: Adder 
Home directory: /home/joinipa 
Login shell: /bin/sh 
Email address: joinipa at linux.dr.dk 
UID: 10006 
GID: 10006 
Account disabled: False 
Password: False 
Member of groups: ipausers 
Roles: joinipa 
Kerberos keys available: True 

has role joinipa 

# ipa role-show "joinipa" 
Role name: joinipa 
Member users: joinipa 
Privileges: Host Enrollment 

Host Enrollemnt provilege also has the 'System: Add Hosts' permission: 

# ipa privilege-show "Host Enrollment" 
Privilege name: Host Enrollment 
Description: Host Enrollment 
Permissions: System: Add Hosts, System: Add krbPrincipalName to a Host, System: Enroll a Host, System: Manage Host Certificates, 
System: Manage Host Enrollment Password, System: Manage Host Keytab 
Granting privilege to roles: joinipa 

Get the keytab from IPA server (run on IPA server): 
# ipa-getkeytab -s `hostname` -p joinipa at LINUX.DR.DK -k /tmp/joinipa.keytab 

Keytab copied to IPA client: 

kinit keytab: 
# kinit joinipa at LINUX.DR.DK -kt joinipa.keytab 

# klist 
Ticket cache: KEYRING:persistent:0:0 
Default principal: joinipa at LINUX.DR.DK 

Valid starting Expires Service principal 
08/11/2016 10:12:33 08/12/2016 10:12:33 krbtgt/LINUX.DR.DK at LINUX.DR.DK 

Try to join IPA server: 
# ipa-join --server ipa01tst.linux.dr.dk 
Failed to parse result: Insufficient access rights 

Retrying with pre-4.0 keytab retrieval method... 
Keytab successfully retrieved and stored in: /etc/krb5.keytab 
Certificate subject base is: O=LINUX.DR.DK 

Host gets created on IPA server, but what makes it fail? 

If I try to join again I also get told its already joined: 

# ipa-join --server ipa01tst.linux.dr.dk 
Host is already joined. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/98e82e84/attachment.htm>

From pspacek at redhat.com  Thu Aug 11 08:18:53 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Thu, 11 Aug 2016 10:18:53 +0200
Subject: [Freeipa-users] Why is user status different on each master
 replica?
In-Reply-To: <b821c268-5b09-a5e8-89a3-febdbaf3e5b6@redhat.com>
References: <79B7CEE400C91A4C9FD8BF082D82260721E971@JDRPDC.JDRSolutions.local>
	<b821c268-5b09-a5e8-89a3-febdbaf3e5b6@redhat.com>
Message-ID: <52892b4d-478d-6ef3-538c-fb899c63bbba@redhat.com>

On 10.8.2016 17:19, Martin Basti wrote:
> 
> 
> On 09.08.2016 23:04, Larry Rosen wrote:
>>
>> This user was locked out due to Max Failure policy = 5
>>
>> If they?re supposed to be replicas, why the different status?
>>
>> [root at il10 ~]# ipa user-status  lramey
>>
>> -----------------------
>>
>> Account disabled: False
>>
>> -----------------------
>>
>>   Server: ipa-idm-01.ipajdr.local
>>
>>   Failed logins: 0
>>
>>   Last successful authentication: 20160808191857Z
>>
>>   Last failed authentication: 20160808191848Z
>>
>>   Time now: 2016-08-09T19:57:20Z
>>
>>   Server: ipa-idm-02.ipajdr.local
>>
>>   Failed logins: 5
>>
>>   Last successful authentication: 20160809151406Z
>>
>>   Last failed authentication: 20160809194741Z
>>
>>   Time now: 2016-08-09T19:57:21Z
>>
>> ----------------------------
>>
>> Number of entries returned 2
>>
>>
>>
> Hi,
> 
> This is not replicated, because it may cause replication storms. So this
> status is local on each replica

Let me add that you can configure LDAP server to replicate this information:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Replication.html#Fractional_Replication

Of course, you will have to accept the performance penalty and higher risk of
replication conflicts.

-- 
Petr^2 Spacek



From bahanw042014 at gmail.com  Thu Aug 11 09:10:21 2016
From: bahanw042014 at gmail.com (bahan w)
Date: Thu, 11 Aug 2016 11:10:21 +0200
Subject: [Freeipa-users] A question related to ipa webui
Message-ID: <CAMJtubL8St7bJw52O0b+4Q_EUAJtaPYkDH1ey4OKVRpASAuZsw@mail.gmail.com>

Hello !

I'm using ipa 3.0.0.47.

I have an architecture where the IPA server is located on a secure zone,
not accessible from anyone.

The IPA server has 2 network interfaces :
- IP1
- IP2

In the secure zone, the IP1 network is used for the communication between
the servers.
The IP2 is used for administrators to connect to the servers inside the
secure zone.

The only way to connect to the IPA server for external users is a proxy
which allows us to connect to the IP2.

I installed the ipa-server using the IP1 network interface.
When I try to connect through proxy to the IPA webui, I use the IP2 network
interface.

My problem is the following :
I type the following URL :
https://<IP2>

It redirects me to the following URL :
https://<IP1>/ipa/ui

When I try https://<IP2>/ipa/ui, it redirects me to https://<IP1>/ipa/ui.

And unfortunately, this IP1 is not reachable from outside of the secure
zone.

When I check from the server, I can see the service is listening on all
network interfaces.
###
# lsof -i :443
COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd    2427 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2428 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2429 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2430 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2431 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2432 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2433 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd    2434 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
httpd   30861   root    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
###

Is there something I am missing in the IPA configuration for the WebUI
please ?

Best regards.

Bahan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/73eebfb4/attachment.htm>

From jpazdziora at redhat.com  Thu Aug 11 09:30:16 2016
From: jpazdziora at redhat.com (Jan Pazdziora)
Date: Thu, 11 Aug 2016 11:30:16 +0200
Subject: [Freeipa-users] A question related to ipa webui
In-Reply-To: <CAMJtubL8St7bJw52O0b+4Q_EUAJtaPYkDH1ey4OKVRpASAuZsw@mail.gmail.com>
References: <CAMJtubL8St7bJw52O0b+4Q_EUAJtaPYkDH1ey4OKVRpASAuZsw@mail.gmail.com>
Message-ID: <20160811093016.GC1586@redhat.com>

On Thu, Aug 11, 2016 at 11:10:21AM +0200, bahan w wrote:
> 
> I'm using ipa 3.0.0.47.
> 
> I have an architecture where the IPA server is located on a secure zone,
> not accessible from anyone.
> 
> The IPA server has 2 network interfaces :
> - IP1
> - IP2
> 
> In the secure zone, the IP1 network is used for the communication between
> the servers.
> The IP2 is used for administrators to connect to the servers inside the
> secure zone.
> 
> The only way to connect to the IPA server for external users is a proxy
> which allows us to connect to the IP2.
> 
> I installed the ipa-server using the IP1 network interface.
> When I try to connect through proxy to the IPA webui, I use the IP2 network
> interface.
> 
> My problem is the following :
> I type the following URL :
> https://<IP2>
> 
> It redirects me to the following URL :
> https://<IP1>/ipa/ui
> 
> When I try https://<IP2>/ipa/ui, it redirects me to https://<IP1>/ipa/ui.

[...]

> httpd    2433 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
> httpd    2434 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
> httpd   30861   root    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
> ###
> 
> Is there something I am missing in the IPA configuration for the WebUI
> please ?

Perhaps

	https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name

could give some hints.

It was tested on FreeIPA 4.* -- on 3.0, you might need to tweak it
a bit but the theory and goal should be the same.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat



From harenberg at physik.uni-wuppertal.de  Thu Aug 11 11:50:06 2016
From: harenberg at physik.uni-wuppertal.de (Torsten Harenberg)
Date: Thu, 11 Aug 2016 13:50:06 +0200
Subject: [Freeipa-users] unable to delete a replica server
Message-ID: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>

Hi,

we have three ipa servers

- ipa
- ipa2
- ipacentos7

We wanted to re-install ipa2 from scratch as this server gave us strange
issues in the past (for example, you have to do a "ipactl stop && ipactl
start" after boot to have everything running - a step which is not
needed on the other two).

However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
an error at the end (it scrolled out of the terminal, but ended with
"unexpected error: Not allowed on non-leaf entry").

It seems to be impossible to get rid of this replica now:

[root at ipa ~]#  ipa-replica-manage -v -f -c  del
ipa2.pleiades.uni-wuppertal.de
Directory Manager password:

Cleaning a master is irreversible.
This should not normally be require, so use cautiously.
Continue to clean master? [no]: yes
unexpected error: Not allowed on non-leaf entry
[root at ipa ~]# ipa-replica-manage list
Directory Manager password:

ipacentos7.pleiades.uni-wuppertal.de: master
ipa.pleiades.uni-wuppertal.de: master
ipa2.pleiades.uni-wuppertal.de: master
[root at ipa ~]#

[root at ipa ~]#  ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
Directory Manager password:

Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
'ipa2.pleiades.uni-wuppertal.de'
[root at ipa ~]# ipa-replica-manage list
Directory Manager password:

ipacentos7.pleiades.uni-wuppertal.de: master
ipa.pleiades.uni-wuppertal.de: master
ipa2.pleiades.uni-wuppertal.de: master
[root at ipa ~]#

Any ideas how to proceed from here?

Thanks a lot

  Torsten


-- 
Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de
Bergische Universitaet
Fakult?t 4 - Physik       Tel.: +49 (0)202 439-3521
Gaussstr. 20              Fax : +49 (0)202 439-2811
42097 Wuppertal



From harenberg at physik.uni-wuppertal.de  Thu Aug 11 12:02:04 2016
From: harenberg at physik.uni-wuppertal.de (Torsten Harenberg)
Date: Thu, 11 Aug 2016 14:02:04 +0200
Subject: [Freeipa-users] unable to delete a replica server
In-Reply-To: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
References: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
Message-ID: <a8d43706-6b3a-ab8e-324b-9d2cc2aef901@physik.uni-wuppertal.de>

Some more information about that:

[root at ipa ~]# ipa-replica-manage list-ruv
Directory Manager password:

unable to decode: {replica 3} 5620bd3b000500030000 5620bd3b000500030000
ipacentos7.pleiades.uni-wuppertal.de:389: 9
ipa.pleiades.uni-wuppertal.de:389: 4
[root at ipa ~]# ipa-replica-manage list-clean-ruv
Directory Manager password:

No CLEANALLRUV tasks running

No abort CLEANALLRUV tasks running
[root at ipa ~]# ipa-replica-manage clean-ruv 3
Directory Manager password:

unable to decode: {replica 3} 5620bd3b000500030000 5620bd3b000500030000
Replica ID 3 not found
[root at ipa ~]#

Best regards

  Torsten

-- 
Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de
Bergische Universitaet
Fakult?t 4 - Physik       Tel.: +49 (0)202 439-3521
Gaussstr. 20              Fax : +49 (0)202 439-2811
42097 Wuppertal



From mbasti at redhat.com  Thu Aug 11 12:18:39 2016
From: mbasti at redhat.com (Martin Basti)
Date: Thu, 11 Aug 2016 14:18:39 +0200
Subject: [Freeipa-users] Declarative configuration options?
In-Reply-To: <CAA4LE3Z6OnMtzrzrxUm7F-h=9jrj8GVUavSYY+a2AfcM3zNmNg@mail.gmail.com>
References: <CAA4LE3bYVWFG-Kg=6KMZpjTmH-p=Hxx08s57KYDADd7aVdK3HQ@mail.gmail.com>
	<6874c08a-2937-450c-e850-c3c469ea20a6@redhat.com>
	<CAA4LE3Z6OnMtzrzrxUm7F-h=9jrj8GVUavSYY+a2AfcM3zNmNg@mail.gmail.com>
Message-ID: <61994d03-d5d6-7551-00aa-838398481640@redhat.com>



On 10.08.2016 22:52, Mike LoSapio wrote:
> Something declarative which can be version controlled and considered a
> "source of truth" and driven from configuration management (chef,
> puppet, ansible - whatever your flavor)
>
> A scheme to reconcile account properties, group memberships,
> permissions, etc... I could see how this would be a slippery slope
> because of the depth of groupings/permissions/etc... but a
> version-controlled declarative user config gives a nice record for
> auditors (When did mike get an account, who granted access to him,
> when did he get access, what other access has he had over the last
> year... etc..)
>
> ~~ Pseudo declaraion
> ipa_user: mike
>    uid: mlosapio
>    first_name: mike
>    last_name: losapio
>
No, we don't have this declaractive way to import data.

You can create a script using python IPA API to process JSON/YAML file 
for example.
Or this RFE maybe is what you need 
https://fedorahosted.org/freeipa/ticket/5821, but it didn't get priority.

Martin
>
>
>
> On Wed, Aug 3, 2016 at 1:56 PM, Martin Basti <mbasti at redhat.com> wrote:
>>
>> On 01.08.2016 22:50, Mike LoSapio wrote:
>>> Hi there,
>>>
>>> Is there anyone out there with a good system for storing users,
>>> groups, hosts, etc.. in some sort of version controlled repo w/ flat
>>> files that could plug into "two-man" workflows for user-account
>>> creation and privilege/group membership changes, etc.
>>>
>>> There's some github projects out there to help installing FreeIPA
>>> server and a few to get clients up and running, but nothing (that I
>>> could find) for the on-going management of FreeIPA resources.
>>>
>>>
>>>
>>> So in puppet world (just as an example) - I'd be looking for something
>>> like a puppet-defined-type freeipa_user with all the attributes
>>> required and more-importantly all the code-glue that puts it all
>>> together...
>>>
>>>
>>> Figured I'd ask if there if there's anything already out there before
>>> I re-invent the wheel.
>>>
>>>
>>> TIA,
>>> --Mike
>>>
>> Hello,
>>
>> sorry but I don't understand what you exactly need, can you be more
>> specific? Do you need a script that provision users?
>>
>> Martin
>>
>>



From marc.boorshtein at tremolosecurity.com  Thu Aug 11 12:58:58 2016
From: marc.boorshtein at tremolosecurity.com (Marc Boorshtein)
Date: Thu, 11 Aug 2016 08:58:58 -0400
Subject: [Freeipa-users] Declarative configuration options?
In-Reply-To: <CAA4LE3Z6OnMtzrzrxUm7F-h=9jrj8GVUavSYY+a2AfcM3zNmNg@mail.gmail.com>
References: <CAA4LE3bYVWFG-Kg=6KMZpjTmH-p=Hxx08s57KYDADd7aVdK3HQ@mail.gmail.com>
	<6874c08a-2937-450c-e850-c3c469ea20a6@redhat.com>
	<CAA4LE3Z6OnMtzrzrxUm7F-h=9jrj8GVUavSYY+a2AfcM3zNmNg@mail.gmail.com>
Message-ID: <CAH2S7UBz3fGz2M_pHAxG0VqrnBgmRN2SUsAZxOQ7zEx61So6Aw@mail.gmail.com>

> Something declarative which can be version controlled and considered a
> "source of truth" and driven from configuration management (chef,
> puppet, ansible - whatever your flavor)
>

This is generally not done with a configuration management system
because it tends to be more dynamic.  Usually you'll use an identity
management system that maintains your "authoritative source" that can
be audited against.  Depending on your needs it can have workflows for
user approvals, etc.  There are several open source identity
management solutions including OpenUnison (our -Tremolo Security- own
project - http://openunison.io) or ForgeRock's OpenIDM or OpenIAM.



> A scheme to reconcile account properties, group memberships,
> permissions, etc... I could see how this would be a slippery slope
> because of the depth of groupings/permissions/etc... but a
> version-controlled declarative user config gives a nice record for
> auditors (When did mike get an account, who granted access to him,
> when did he get access, what other access has he had over the last
> year... etc..)
>

This is the use case for an identity management system.  Something
that will let you identify who created an account, who approved it,
etc.



From th at casalogic.dk  Thu Aug 11 13:11:10 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 11 Aug 2016 15:11:10 +0200 (CEST)
Subject: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
Message-ID: <1353600688.431314.1470921070237.JavaMail.zimbra@casalogic.dk>

Hi, we are curretly workig on a larger IPA test project and I have a problems which have been buggin me for some time now: 


On the client we are have set "full_name_format = %1$s" to have users presented without the AD domain part. 
However, this seems to make SSSD not lookup a users group membership? 

sssd.conf from server: 

[domain/linux.dr.dk] 

cache_credentials = True 
# krb5_store_password_if_offline = True 
ipa_domain = linux.dr.dk 
id_provider = ipa 
auth_provider = ipa 
access_provider = ipa 
ipa_hostname = ipa01tst.linux.dr.dk 
chpass_provider = ipa 
ipa_server = ipa01tst.linux.dr.dk 
ipa_server_mode = True 
ldap_tls_cacert = /etc/ipa/ca.crt 

# Bugfix untill RHEL 7.3 arrives 
# http://www.redhat.com/archives/freeipa-users/2016-May/msg00209.html 
ldap_user_principal = nosuchattr 

ignore_group_members = True 
ldap_purge_cache_timeout = 0 
subdomain_inherit = ldap_user_principal, ignore_group_members, ldap_purge_cache_timeout 

debug_level=3 

# Added to list users faster eg id jly at net.dr.dk 
ldap_use_tokengroups = True 
ldap_id_mapping = True 

[sssd] 
services = nss, sudo, pam, ssh 
config_file_version = 2 
domains = linux.dr.dk 
default_domain_suffix = NET.DR.DK 

[nss] 
memcache_timeout = 600 
homedir_substring = /home 

[pam] 
[sudo] 
[autofs] 
[ssh] 
[pac] 
[ifp] 



sssd.conf from client: 

[domain/linux.dr.dk] 

cache_credentials = True 
krb5_store_password_if_offline = True 
ipa_domain = linux.dr.dk 
id_provider = ipa 
auth_provider = ipa 
access_provider = ipa 
ipa_hostname = rhel01udv.linux.dr.dk 
chpass_provider = ipa 
ipa_server = ipa01tst.linux.dr.dk 
ldap_tls_cacert = /etc/ipa/ca.crt 

debug_level=5 

[sssd] 
services = nss, sudo, pam, ssh 
config_file_version = 2 
domains = linux.dr.dk 
default_domain_suffix = NET.DR.DK 
# full_name_format = %1$s 

[nss] 
homedir_substring = /home 

[pam] 
[sudo] 
[autofs] 
[ssh] 
[pac] 
[ifp] 


With " full_name_format " commented out on client I get the full list of groups for a user: 

# sss_cache -E && rm -f /var/lib/sss/db/* && systemctl restart sssd 
# getent passwd drextrha at net.dr.dk 
drextrha at net.dr.dk:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha: 

# id drextrha at net.dr.dk 
gives full groups list 


If I enable the " full_name_format " parameter I get: 

Clear cache. 
# sss_cache -E && rm -f /var/lib/sss/db/* && systemctl restart sssd 

#getent passwd drextrha at net.dr.dk 
drextrha:*:1349938498:1349938498:DREXTRHA:/home/net.dr.dk/drextrha: 

but: 
id drextrha at net.dr.dk 
uid=1349938498(drextrha) gid=1349938498(drextrha) groups=1349938498(drextrha),10012(ad_admins) 

only gives my primary group and a single IPA group 

Everything runnig RHEL 7.2, sssd 1.13.0-40.el7_2.12 

Am I doing something wrong? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/0effff4b/attachment.htm>

From jhrozek at redhat.com  Thu Aug 11 13:56:46 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 11 Aug 2016 15:56:46 +0200
Subject: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
In-Reply-To: <1353600688.431314.1470921070237.JavaMail.zimbra@casalogic.dk>
References: <1353600688.431314.1470921070237.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160811135646.GX19405@hendrix>

On Thu, Aug 11, 2016 at 03:11:10PM +0200, Troels Hansen wrote:
> Hi, we are curretly workig on a larger IPA test project and I have a problems which have been buggin me for some time now: 

Which version?

> 
> 
> On the client we are have set "full_name_format = %1$s" to have users presented without the AD domain part. 
> However, this seems to make SSSD not lookup a users group membership? 

This only works with sssd-1.14+



From jgoddard at emerlyn.com  Thu Aug 11 14:40:23 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 11 Aug 2016 10:40:23 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <57AB6EB8.7000609@redhat.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
Message-ID: <CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>

I've looked though these but not found anything helpful. It appears as
though my previous statement about the 1 group being found was misleading
as the sssd.$mydomain.com.log file reports that no sudo rules are found.
Does this mean that the LDAP tree being searched is different on ubuntu vs
centos?

Jeff

On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
>
>> Sean,
>>
>> Thanks for the reply. I don't think that's my problem but I'm posting a
>> redacted copy of the sssd.conf file for review below.
>>
>
> I'd start here: https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/59a638e0/attachment.htm>

From rcritten at redhat.com  Thu Aug 11 15:51:01 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 11 Aug 2016 11:51:01 -0400
Subject: [Freeipa-users] ipa-replica-install fails with python import
 error for module ssl_match_hostname
In-Reply-To: <CADrfRkTJbF0_fUp=5shvY36NXt89_EoNg6xShkH_5BH3yqOtHg@mail.gmail.com>
References: <CADrfRkTJbF0_fUp=5shvY36NXt89_EoNg6xShkH_5BH3yqOtHg@mail.gmail.com>
Message-ID: <57AC9EE5.9010909@redhat.com>

White Hat wrote:
> When attempting to run ipa-replica-install I get a python error, No
> module named ssl_match_hostname
>
>
> This is on a CentOS 7.2 x86_64 testing box.
>
> All available updates including kernel installed, and system rebooted
> same day. Same error before and after patching and reboot.
>
> Let me know if you want to see the yum history log info.
>
> - Operating system version
> [root at lcars site-packages]# cat /etc/redhat-release
> CentOS Linux release 7.2.1511 (Core)
>
> [root at lcars site-packages]# uname -a
> Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
> SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
>
> - Here are the installed packages.  All were installed using yum.
> [root at lcars site-packages]# yum list installed | awk '/backports|ipa-/'
> ipa-admintools.x86_64                  4.2.0-15.0.1.el7.centos.18      @updates
> ipa-client.x86_64                      4.2.0-15.0.1.el7.centos.18      @updates
> ipa-python.x86_64                      4.2.0-15.0.1.el7.centos.18      @updates
> ipa-server.x86_64                      4.2.0-15.0.1.el7.centos.18      @updates
> ipa-server-dns.x86_64                  4.2.0-15.0.1.el7.centos.18      @updates
> python-backports.noarch                1.0-6.el7                       @anaconda
> python-backports.x86_64                1.0-8.el7                       installed
> python-backports-ssl_match_hostname.noarch
>
> I have the following repositories enabled:
> base/7/x86_64
> epel/x86_64
> extras/7/x86_64
> updates/7/x86_64
>
> - Other threads on this issue suggest using pip to install
> backports.ssl_match_hostname.  I still get the same error after doing
> that.
>
> [root at lcars site-packages]# pip install backports.ssl_match_hostname
> Requirement already satisfied (use --upgrade to upgrade):
> backports.ssl_match_hostname in /usr/lib/python2.7/site-packages
>
> [root at lcars site-packages]# pip install --upgrade backports.ssl_match_hostname
> Requirement already up-to-date: backports.ssl_match_hostname in
> /usr/lib/python2.7/site-packages
>
> - Here's the actual attempt
> [root at lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
> --forwarder=4.2.2.1
> /root/replica-info-lcars.internal.madisonrentals.biz.gpg
> WARNING: conflicting time&date synchronization service 'chronyd' will
> be disabled in favor of ntpd
>
> Directory Manager (existing master) password:
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    No module
> named ssl_match_hostname
>
> Even when running the suggested ipa-server-install --uninstall, I
> still receive the error about the missing module.
>
> Here's what I have in /usr/lib/python2.7/site-packages
>
> [root at lcars site-packages]# pwd
> /usr/lib/python2.7/site-packages
> [root at lcars site-packages]# ls | awk '/backports.ssl/'
> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
>
> - And here are the contents of each directory.
> [root at lcars site-packages]# cd
> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/
>
> [root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
> dependency_links.txt  PKG-INFO  SOURCES.txt  top_level.txt
>
> [root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
> [root at lcars site-packages]# ls
> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
> dependency_links.txt  installed-files.txt  PKG-INFO  SOURCES.txt  top_level.txt
>
> Another thread suggested that this can be caused by a missing
> __init__.py file, however, creating this file in both directories
> doesn't help.
>
> A commit by Heimes may shed some light on this.
> The commit is in regards to otptoken and states that:
>
> "The otptoken plugin is the only module in FreeIPA that uses Python's ssl
> module instead of NSS. The patch replaces ssl with NSSConnection. It
> uses the default NSS database to lookup trust anchors. NSSConnection
> uses NSS for hostname matching. The package
> python-backports-ssl_match_hostname is no longer required."
>
> The master IPA server is up and running with no issues.
>
> An ipa connection between replica server and master reports that the
> connection is working.
>
> What else could I be missing?

Is there a more complete traceback in /var/log/ipareplica-install? I'm 
curious where the import is originating? If not instrumenting 
ipa-replica-install with pdb would be a way to find it.

rob



From rcritten at redhat.com  Thu Aug 11 15:54:25 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 11 Aug 2016 11:54:25 -0400
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
Message-ID: <57AC9FB1.1090605@redhat.com>

Kamal Perera wrote:
> Dear all,
>
> Seeking your kind advices.
>
> If the requirement is for having a scalable corporate CA only, is it
> possible to get this requirement fulfilled with DogTag only, or install
> FreeIPA and use the CA functionality only.

IPA limits dogtag to only those features it is interested in. This has 
been expanding recently but you still lose some functionality.

IMHO if all you want is a CA then managing IPA is overkill.

> What are the functional differences and support limitations?

Functionally it depends on what version of IPA you're talking about. 
Older versions only exposed server certificates. Newer versions support 
user certifications, custom profiles and more. It is still just a subset 
of what dogtag supports.

Support from whom? The dogtag community is happy to help (they've always 
helped us).

rob



From rcritten at redhat.com  Thu Aug 11 15:56:01 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 11 Aug 2016 11:56:01 -0400
Subject: [Freeipa-users] A question related to ipa webui
In-Reply-To: <20160811093016.GC1586@redhat.com>
References: <CAMJtubL8St7bJw52O0b+4Q_EUAJtaPYkDH1ey4OKVRpASAuZsw@mail.gmail.com>
	<20160811093016.GC1586@redhat.com>
Message-ID: <57ACA011.5080600@redhat.com>

Jan Pazdziora wrote:
> On Thu, Aug 11, 2016 at 11:10:21AM +0200, bahan w wrote:
>>
>> I'm using ipa 3.0.0.47.
>>
>> I have an architecture where the IPA server is located on a secure zone,
>> not accessible from anyone.
>>
>> The IPA server has 2 network interfaces :
>> - IP1
>> - IP2
>>
>> In the secure zone, the IP1 network is used for the communication between
>> the servers.
>> The IP2 is used for administrators to connect to the servers inside the
>> secure zone.
>>
>> The only way to connect to the IPA server for external users is a proxy
>> which allows us to connect to the IP2.
>>
>> I installed the ipa-server using the IP1 network interface.
>> When I try to connect through proxy to the IPA webui, I use the IP2 network
>> interface.
>>
>> My problem is the following :
>> I type the following URL :
>> https://<IP2>
>>
>> It redirects me to the following URL :
>> https://<IP1>/ipa/ui
>>
>> When I try https://<IP2>/ipa/ui, it redirects me to https://<IP1>/ipa/ui.
>
> [...]
>
>> httpd    2433 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
>> httpd    2434 apache    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
>> httpd   30861   root    4u  IPv4 xxxxxx      0t0  TCP *:https (LISTEN)
>> ###
>>
>> Is there something I am missing in the IPA configuration for the WebUI
>> please ?
>
> Perhaps
>
> 	https://www.adelton.com/freeipa/freeipa-behind-proxy-with-different-name
>
> could give some hints.
>
> It was tested on FreeIPA 4.* -- on 3.0, you might need to tweak it
> a bit but the theory and goal should be the same.
>

It is the mod_rewrite rules in /etc/httpd/conf.d/ipa-rewrite.conf doing 
the redirects. As Jan points out there are going to be hostname issues, 
etc that his blog should help with.

rob



From rcritten at redhat.com  Thu Aug 11 15:58:56 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 11 Aug 2016 11:58:56 -0400
Subject: [Freeipa-users] unable to delete a replica server
In-Reply-To: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
References: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
Message-ID: <57ACA0C0.8080702@redhat.com>

Torsten Harenberg wrote:
> Hi,
>
> we have three ipa servers
>
> - ipa
> - ipa2
> - ipacentos7
>
> We wanted to re-install ipa2 from scratch as this server gave us strange
> issues in the past (for example, you have to do a "ipactl stop && ipactl
> start" after boot to have everything running - a step which is not
> needed on the other two).
>
> However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
> an error at the end (it scrolled out of the terminal, but ended with
> "unexpected error: Not allowed on non-leaf entry").
>
> It seems to be impossible to get rid of this replica now:
>
> [root at ipa ~]#  ipa-replica-manage -v -f -c  del
> ipa2.pleiades.uni-wuppertal.de
> Directory Manager password:
>
> Cleaning a master is irreversible.
> This should not normally be require, so use cautiously.
> Continue to clean master? [no]: yes
> unexpected error: Not allowed on non-leaf entry
> [root at ipa ~]# ipa-replica-manage list
> Directory Manager password:
>
> ipacentos7.pleiades.uni-wuppertal.de: master
> ipa.pleiades.uni-wuppertal.de: master
> ipa2.pleiades.uni-wuppertal.de: master
> [root at ipa ~]#
>
> [root at ipa ~]#  ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
> Directory Manager password:
>
> Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
> 'ipa2.pleiades.uni-wuppertal.de'
> [root at ipa ~]# ipa-replica-manage list
> Directory Manager password:
>
> ipacentos7.pleiades.uni-wuppertal.de: master
> ipa.pleiades.uni-wuppertal.de: master
> ipa2.pleiades.uni-wuppertal.de: master
> [root at ipa ~]#
>
> Any ideas how to proceed from here?

Seems like an error that LDAP is throwing. There might be details in 
/var/log/dirsrv/slapd-REALM/{access|errors}

It sounds like when IPA tried to delete some entry it failed because 
that entry has children. The logs should help pinpoint which entry it is 
failing on.

rob



From rcritten at redhat.com  Thu Aug 11 18:15:59 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 11 Aug 2016 14:15:59 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
Message-ID: <57ACC0DF.6070308@redhat.com>

Jeff Goddard wrote:
> I've looked though these but not found anything helpful. It appears as
> though my previous statement about the 1 group being found was
> misleading as the sssd.$mydomain.com.log file reports that no sudo rules
> are found. Does this mean that the LDAP tree being searched is different
> on ubuntu vs centos?

I find that extremely unlikely.

You may want to outline more what you've already checked.

For example, is sss in sudoers in /etc/nsswitch.conf?

You can check the 389-ds access log to see what, if any queries are 
being made. I'd clean the sssd cache in advance.

rob

>
> Jeff
>
> On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Jeff Goddard wrote:
>
>         Sean,
>
>         Thanks for the reply. I don't think that's my problem but I'm
>         posting a
>         redacted copy of the sssd.conf file for review below.
>
>
>     I'd start here:
>     https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>     <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>
>     rob
>
>
>
>
>



From jgoddard at emerlyn.com  Thu Aug 11 18:24:47 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 11 Aug 2016 14:24:47 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <57ACC0DF.6070308@redhat.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
Message-ID: <CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>

Here is relevant configuration files:

*nsswitch.conf:*

passwd:         compat sss
group:          compat sss
shadow:         compat sss
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files sss
ethers:         db files
rpc:            db files

netgroup:       nis sss
sudoers: sss files

*sssd.conf:*

[domain/internal.emerlyn.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = internal.emerlyn.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = docker-dev-01.internal.emerlyn.com
chpass_provider = ipa
ipa_server = _srv_, id-management-1.internal.emerlyn.com
ldap_tls_cacert = /etc/ipa/ca.crt
sudo_provider=ipa
ldap_uri=ldap://id-management-1.internal.emerlyn.com
ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
debug_level=7

[sssd]
services = nss, pam, sudo, ssh
debug_level=7
domains = internal.emerlyn.com

[nss]
homedir_substring = /home

[pam]

[sudo]
debug_level=7
[autofs]

[ssh]
debug_level=7
[pac]

[ifp]



*Log output - /var/log/sssd/sssd_sudo.log:*(Thu Aug 11 12:21:43 2016)
[sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting default options for [jgoddard] from [<ALL>]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving default options for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
*(*Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting rules for [jgoddard] from [<ALL>]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving rules for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
rules with higher-wins logic
(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
Client connected!
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting default options for [jgoddard] from [<ALL>]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving default options for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting rules for [jgoddard] from [<ALL>]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving rules for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
rules with higher-wins logic
(Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]


On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
>
>> I've looked though these but not found anything helpful. It appears as
>> though my previous statement about the 1 group being found was
>> misleading as the sssd.$mydomain.com.log file reports that no sudo rules
>> are found. Does this mean that the LDAP tree being searched is different
>> on ubuntu vs centos?
>>
>
> I find that extremely unlikely.
>
> You may want to outline more what you've already checked.
>
> For example, is sss in sudoers in /etc/nsswitch.conf?
>
> You can check the 389-ds access log to see what, if any queries are being
> made. I'd clean the sssd cache in advance.
>
> rob
>
>
>> Jeff
>>
>> On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>     Jeff Goddard wrote:
>>
>>         Sean,
>>
>>         Thanks for the reply. I don't think that's my problem but I'm
>>         posting a
>>         redacted copy of the sssd.conf file for review below.
>>
>>
>>     I'd start here:
>>     https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>     <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>>
>>     rob
>>
>>
>>
>>
>>
>>
>


-- 
Jeff Goddard
Director of Information Technology
Emerlyn Technology

Email: jgoddard at emerlyn.com
Telephone: (603) 447-8571
Toll free: (888) 363-7596 ext. 108
Fax: (603) 356-3346
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/50a4b748/attachment.htm>

From rcritten at redhat.com  Thu Aug 11 18:26:52 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 11 Aug 2016 14:26:52 -0400
Subject: [Freeipa-users] headless ipa client join using kerberos ticket
In-Reply-To: <1479276219.424669.1470903510027.JavaMail.zimbra@casalogic.dk>
References: <1479276219.424669.1470903510027.JavaMail.zimbra@casalogic.dk>
Message-ID: <57ACC36C.2070205@redhat.com>

Troels Hansen wrote:
> I can see this have been discussed a lot here, but I still can't seem to
> find the correct answer, so bare with me if i'm asking a question
> already answered.
>
> I'm trying to create a user that can be used for (headless) joining out
> RHEL clients to IPA
>
> Here is what have been done:
> /etc/krb5.conf and /etc/ipa/ca.crt copied to the client.
>
> a user created on IPA:
>
> # ipa user-show joinipa
> User login: joinipa
> First name: Host
> Last name: Adder
> Home directory: /home/joinipa
> Login shell: /bin/sh
> Email address: joinipa at linux.dr.dk
> UID: 10006
> GID: 10006
> Account disabled: False
> Password: False
> Member of groups: ipausers
> Roles: joinipa
> Kerberos keys available: True
>
> has role joinipa
>
> # ipa role-show "joinipa"
> Role name: joinipa
> Member users: joinipa
> Privileges: Host Enrollment
>
> Host Enrollemnt provilege also has the 'System: Add Hosts' permission:
>
> # ipa privilege-show "Host Enrollment"
> Privilege name: Host Enrollment
> Description: Host Enrollment
> Permissions: System: Add Hosts, System: Add krbPrincipalName to a Host,
> System: Enroll a Host, System: Manage Host Certificates,
> System: Manage Host Enrollment Password, System: Manage Host Keytab
> Granting privilege to roles: joinipa
>
> Get the keytab from IPA server (run on IPA server):
> # ipa-getkeytab -s  `hostname` -p joinipa at LINUX.DR.DK -k /tmp/joinipa.keytab
>
> Keytab copied to IPA client:
>
> kinit keytab:
> # kinit joinipa at LINUX.DR.DK -kt joinipa.keytab
>
> # klist
> Ticket cache: KEYRING:persistent:0:0
> Default principal: joinipa at LINUX.DR.DK
>
> Valid starting Expires Service principal
> 08/11/2016 10:12:33 08/12/2016 10:12:33 krbtgt/LINUX.DR.DK at LINUX.DR.DK
>
> Try to join IPA server:
> # ipa-join --server ipa01tst.linux.dr.dk
> Failed to parse result: Insufficient access rights
>
> Retrying with pre-4.0 keytab retrieval method...
> Keytab successfully retrieved and stored in: /etc/krb5.keytab
> Certificate subject base is: O=LINUX.DR.DK
>
> Host gets created on IPA server, but what makes it fail?
>
> If I try to join again I also get told its already joined:
>
> # ipa-join --server ipa01tst.linux.dr.dk
> Host is already joined.

Hard to say since you don't include what version of IPA this is, but I 
think you're misinterpreting this. The join is successful (check the rval).

I think it failed trying to read the existing keytab (and it doesn't 
matter that there isn't one yet) in LDAP. This fails so it then creates 
one using another method. That permission is separate (but probably not 
too important in this use case).

rob



From jstephen at redhat.com  Thu Aug 11 18:40:09 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Thu, 11 Aug 2016 14:40:09 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
Message-ID: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>

Hello,

Could you increase the debug level to 9, restart sssd  + clear the cache 
and reproduce the problem then provide the sssd_<domain>.log as well as 
the sssd_sudo.log ?

Also you may want to rule out HBAC issues with the below command:

      # ipa hbactest --user 'jgoddard' --host $(hostname) --service sudo

Kind regards,

Justin Stephenson

On 08/11/2016 02:24 PM, Jeff Goddard wrote:
> Here is relevant configuration files:
>
> *nsswitch.conf:*
>
> passwd:         compat sss
> group:          compat sss
> shadow:         compat sss
> gshadow:        files
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files sss
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis sss
> sudoers: sss files
>
> *sssd.conf:*
>
> [domain/internal.emerlyn.com <http://internal.emerlyn.com>]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = internal.emerlyn.com <http://internal.emerlyn.com>
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> chpass_provider = ipa
> ipa_server = _srv_, id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> ldap_tls_cacert = /etc/ipa/ca.crt
> sudo_provider=ipa
> ldap_uri=ldap://id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
> debug_level=7
>
> [sssd]
> services = nss, pam, sudo, ssh
> debug_level=7
> domains = internal.emerlyn.com <http://internal.emerlyn.com>
>
> [nss]
> homedir_substring = /home
>
> [pam]
>
> [sudo]
> debug_level=7
> [autofs]
>
> [ssh]
> debug_level=7
> [pac]
>
> [ifp]
>
> *Log output - /var/log/sssd/sssd_sudo.log:
>
> *(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [accept_fd_handler] (0x0400): 
> Client connected!
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] 
> (0x0200): Received client version [1].
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] 
> (0x0200): Offered version [1].
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done] 
> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200): 
> Requesting info about [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): 
> Returning info for user [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): 
> Retrieving default options for [jgoddard] from [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(name=defaults)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for 
> [<default options>@internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard*
> (*Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done] 
> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200): 
> Requesting info about [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): 
> Returning info for user [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): 
> Retrieving rules for [jgoddard] from [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): 
> Sorting rules with higher-wins logic
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for 
> [jgoddard at internal.emerlyn.com <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv] (0x0200): Client 
> disconnected!
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler] (0x0400): 
> Client connected!
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] 
> (0x0200): Received client version [1].
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] 
> (0x0200): Offered version [1].
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done] 
> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200): 
> Requesting info about [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): 
> Returning info for user [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): 
> Retrieving default options for [jgoddard] from [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(name=defaults)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for 
> [<default options>@internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done] 
> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200): 
> Requesting info about [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): 
> Returning info for user [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): 
> Retrieving rules for [jgoddard] from [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): 
> Sorting rules with higher-wins logic
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for 
> [jgoddard at internal.emerlyn.com <mailto:jgoddard at internal.emerlyn.com>]*
>
> *
>
> On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden <rcritten at redhat.com 
> <mailto:rcritten at redhat.com>> wrote:
>
>     Jeff Goddard wrote:
>
>         I've looked though these but not found anything helpful. It
>         appears as
>         though my previous statement about the 1 group being found was
>         misleading as the sssd.$mydomain.com.log file reports that no
>         sudo rules
>         are found. Does this mean that the LDAP tree being searched is
>         different
>         on ubuntu vs centos?
>
>
>     I find that extremely unlikely.
>
>     You may want to outline more what you've already checked.
>
>     For example, is sss in sudoers in /etc/nsswitch.conf?
>
>     You can check the 389-ds access log to see what, if any queries
>     are being made. I'd clean the sssd cache in advance.
>
>     rob
>
>
>         Jeff
>
>         On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden
>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
>             Jeff Goddard wrote:
>
>                 Sean,
>
>                 Thanks for the reply. I don't think that's my problem
>         but I'm
>                 posting a
>                 redacted copy of the sssd.conf file for review below.
>
>
>             I'd start here:
>         https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>         <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>            
>         <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>         <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>>
>
>             rob
>
>
>
>
>
>
>
>
>
> -- 
> Jeff Goddard
> Director of Information Technology
> Emerlyn Technology
>
> Email: jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>
> Telephone: (603) 447-8571
> Toll free: (888) 363-7596 ext. 108
> Fax: (603) 356-3346
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/35355bed/attachment.htm>

From jgoddard at emerlyn.com  Thu Aug 11 19:26:47 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 11 Aug 2016 15:26:47 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
Message-ID: <CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>

Thanks you for the response. Here are the requested outputs. I did manually
delete the cache via the command

rm -rf /var/lib/sss/db/*

prior to issues the sudo -l command as the jgoddard user


[jgoddard at id-management-1 root]$ ipa hbactest --user 'jgoddard' --host
docker-dev-01.internal.emerlyn.com --service sudo
--------------------
Access granted: True
--------------------
  Matched rules: allow_all


*/var/log/sssd/sssd_sudo.log:*(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b44dc0

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b47310

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b44dc0 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b47310 "ltdb_timeout"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b44dc0 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b57730

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4ade0

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b57730 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4ade0 "ltdb_timeout"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b57730 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51c90

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4ade0

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51c90 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4ade0 "ltdb_timeout"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51c90 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51990

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b44dc0

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51990 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b44dc0 "ltdb_timeout"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51990 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51990

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b44dc0

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51990 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b44dc0 "ltdb_timeout"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51990 "ltdb_callback"

(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
rules with higher-wins logic
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
(Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000):
Terminated client [0x1b51d80][18]
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
root at docker-dev-01:/home/jgoddard# cat /var/log/sssd/sssd_sudo.log|grep
15:05
(Thu Aug 11 15:05:02 2016) [sssd[sudo]] [sss_responder_ctx_destructor]
(0x0400): Responder is being shut down
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [server_setup] (0x0400): CONFDB:
/var/lib/sss/db/config.ldb
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal]
(0x0400): No enumeration for [internal.emerlyn.com]!
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal]
(0x1000): pwd_expiration_warning is -1
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] (0x0400):
Adding connection 0x1b42660
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000):
0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.sssd.service with path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path] (0x0400):
Registering object path /org/freedesktop/sssd/service with D-Bus connection
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Introspectable with
path /org/freedesktop/sssd/service
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [monitor_common_send_id] (0x0100):
Sending ID: (sudo,1)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
0x1b3d330
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_names_init_from_args]
(0x0100): Using re
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_fqnames_init] (0x0100): Using
fq format [%1$s@%2$s].
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] (0x0400):
Adding connection 0x1b46310
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000):
0x1b471b0/0x1b45e80 (14), -/W (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45ed0 (14), R/- (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path] (0x0400):
Registering object path /org/freedesktop/sssd/dataprovider with D-Bus
connection
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
(0x0400): Registering interface org.freedesktop.DBus.Introspectable with
path /org/freedesktop/sssd/dataprovider
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_common_send_id] (0x0100):
Sending ID to DP: (1,SUDO)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
0x1b47b30
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45ed0 (14), R/- (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45e80 (14), -/W (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sysdb_domain_init_internal]
(0x0200): DB File for internal.emerlyn.com:
/var/lib/sss/db/cache_internal.emerlyn.com.ldb
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4a1f0
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4a2b0
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4a1f0 "ltdb_callback"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4a2b0 "ltdb_timeout"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4a1f0 "ltdb_callback"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x0400): asq: Unable to
register control with rootdse!
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4a230
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4a2f0
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4a230 "ltdb_callback"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4a2f0 "ltdb_timeout"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4a230 "ltdb_callback"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4a300
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4a3c0
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4a300 "ltdb_callback"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4a3c0 "ltdb_timeout"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4a300 "ltdb_callback"
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_process_init] (0x0400):
Responder Initialization complete
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'root' matched without domain, user is root
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400):
Adding [NCE/USER/internal.emerlyn.com/root] to negative cache permanently
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'root' matched without domain, user is root
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400):
Adding [NCE/GROUP/internal.emerlyn.com/root] to negative cache permanently
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sudo_process_init] (0x0400): SUDO
Initialization complete
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x40df50:domains at internal.emerlyn.com]
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_get_domains_msg] (0x0400):
Sending get domains request for [internal.emerlyn.com][]
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
0x1b4bcb0
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45ed0 (14), R/- (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45e80 (14), -/W (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x40df50:domains at internal.emerlyn.com]
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b46310
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b46310
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b46310
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45ed0 (14), R/- (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45e80 (14), -/W (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45ed0 (14), R/- (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45e80 (14), -/W (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45ed0 (14), R/- (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b471b0/0x1b45e80 (14), -/W (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
0x1b47b30
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b46310
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_id_callback] (0x0100): Got id
ack and version (1) from DP
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
0x1b3d330
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:16 2016) [sssd[sudo]] [id_callback] (0x0100): Got id ack
and version (1) from Monitor
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
0x1b4bcb0
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b46310
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_get_reply] (0x1000): Got
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4ade0
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b47e60
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4ade0 "ltdb_callback"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b47e60 "ltdb_timeout"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4ade0 "ltdb_callback"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4a300
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b51d80
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4a300 "ltdb_callback"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b51d80 "ltdb_timeout"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4a300 "ltdb_callback"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b49350
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b456f0
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b49350 "ltdb_callback"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b456f0 "ltdb_timeout"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b49350 "ltdb_callback"
(Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x40df50:domains at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[5477].
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
Client connected!
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
protocol version [1]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting default options for [jgoddard] from [<ALL>]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4bb60
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4bc20
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4bb60 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4bc20 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4bb60 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving default options for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4bb60
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4bc20
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4bb60 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4bc20 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4bb60 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b456f0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4f420
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b456f0 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4f420 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b456f0 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b59070
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b47f20
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b59070 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b47f20 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b59070 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b456f0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b47310
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b456f0 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b47310 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b456f0 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
protocol version [1]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting rules for [jgoddard] from [<ALL>]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b4a580
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4a640
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b4a580 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4a640 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b4a580 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving rules for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51c90
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4ade0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51c90 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4ade0 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51c90 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b44dc0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b47310
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b44dc0 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b47310 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b44dc0 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b57730
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4ade0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b57730 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4ade0 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b57730 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51c90
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b4ade0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51c90 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b4ade0 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51c90 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51990
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b44dc0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51990 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b44dc0 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51990 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b51990
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x1b44dc0
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x1b51990 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x1b44dc0 "ltdb_timeout"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x1b51990 "ltdb_callback"
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
rules with higher-wins logic
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x1b51d80][18]
(Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
(Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000):
Terminated client [0x1b51d80][18]
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x1b42660
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































*/var/log/sssd/sssd_$domain:(Thu Aug 11 15:05:02 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_remove_watch] (0x2000): 0x93cf00/0x93b9b0(Thu Aug 11 15:05:02 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_remove_watch] (0x2000): 0x93cf00/0x920410(Thu Aug 11 15:05:02 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[remove_krb5_info_files] (0x0200): Could not remove
[/var/lib/sss/pubconf/kpasswdinfo.INTERNAL.EMERLYN.COM
<http://kpasswdinfo.INTERNAL.EMERLYN.COM>], [2][No such file or
directory](Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400):
Terminating periodic task [SUDO Smart Refresh](Thu Aug 11 15:05:02 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_destructor] (0x0400): Terminating periodic task [SUDO Full
Refresh](Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000): Trace:
sh[0x943830], connected[1], ops[(nil)], ldap[0x936580], destructor_lock[0],
release_memory[0](Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [remove_connection_callback] (0x4000):
Successfully removed connection callback.(Thu Aug 11 15:05:02 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_remove_watch] (0x2000): 0x922860/0x9237a0(Thu Aug 11 15:05:02 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[remove_socket_symlink] (0x4000): The symlink points to
[/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5155](Thu Aug 11
15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [remove_socket_symlink] (0x4000): The path
including our pid is
[/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5155](Thu Aug 11
15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [remove_socket_symlink] (0x4000): Removed
the symlink(Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): Removed
SUDO client(Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): Removed
SSH client(Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): Removed
PAM client(Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): Removed
NSS client(Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): Removed
PAC client(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [server_setup] (0x0400): CONFDB:
/var/lib/sss/db/config.ldb(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option lookup_family_order has value
ipv4_first(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
dns_resolver_timeout has value 6(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option dns_resolver_op_timeout has value 6(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
dns_discovery_domain has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_res_get_opts] (0x0100): Lookup order: ipv4_first(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[recreate_ares_channel] (0x0100): Initializing new c-ares channel(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_context_init] (0x0400): Created new
fail over context, retry timeout is 30(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[confdb_get_domain_internal] (0x0400): No enumeration for
[internal.emerlyn.com <http://internal.emerlyn.com>]!(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_domain_init_internal] (0x0200): DB
File for internal.emerlyn.com <http://internal.emerlyn.com>:
/var/lib/sss/db/cache_internal.emerlyn.com.ldb(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b83020(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b830e0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b83020 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b830e0 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b83020 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x0400): asq: Unable to register control with rootdse!(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b82220(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b822e0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b82220 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b822e0 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b82220 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b822e0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b6d8c0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b822e0 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b6d8c0 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b822e0 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_init_connection] (0x0400): Adding connection 0x1b6eac0(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
0x1b84310/0x1b6c3a0 (15), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3f0 (15), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.sssd.service with path
/org/freedesktop/sssd/service(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/service with D-Bus connection(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/service(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/service(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[monitor_common_send_id] (0x0100): Sending ID: (%BE_internal.emerlyn.com
<http://BE_internal.emerlyn.com>,1)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_add_timeout] (0x2000): 0x1b6c560(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3f0 (15), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1b84310/0x1b6c3a0 (15), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sss_names_init_from_args] (0x0100): Using re
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sss_fqnames_init] (0x0100): Using fq
format [%1$s@%2$s].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [create_socket_symlink] (0x1000):
Symlinking the dbus path
/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466 to a link
/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
<http://sbus-dp_internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_new_server] (0x0400): D-BUS Server listening on
unix:path=/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466,guid=0bf360c8f774f978ad53dd4157accc6c(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
0x1b85860/0x1b867a0 (16), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[load_backend_module] (0x1000): Loading backend [ipa] with path
[/usr/lib/x86_64-linux-gnu/sssd/libsss_ipa.so].(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_domain has value internal.emerlyn.com
<http://internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_server has value _srv_,
id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_backup_server has no value (Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_hostname has value docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_hbac_search_base has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_host_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_selinux_search_base has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_subdomains_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_master_domain_search_base has no
value (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_realm has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_hbac_refresh has value 5(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_selinux_refresh has value 5(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_hbac_support_srchost is FALSE(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_automount_location has value default(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_ranges_search_base has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_enable_dns_sites is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ipa_server_mode is FALSE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ipa_views_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_confd_path has value
/var/lib/sss/pubconf/krb5.include.d(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_new_service] (0x0400): Creating new service 'IPA'(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_add_srv_server] (0x0400): Adding new SRV server to service 'IPA' using
'tcp'.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added
service lookup for service IPA(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_add_server_to_list] (0x0400): Inserted primary server
'id-management-1.internal.emerlyn.com:0
<http://id-management-1.internal.emerlyn.com:0>' to service 'IPA'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added Server
id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_uri has value
ldap://id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_backup_uri has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_default_bind_dn has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_default_authtok_type has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_default_authtok has no binary
value.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_search_timeout has value 6(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_network_timeout has value 6(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_opt_timeout has value 6(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_tls_reqcert has value hard(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_user_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_user_search_scope has value sub(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_user_search_filter has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_user_extra_attrs has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_group_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_group_search_scope has value sub(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_group_search_filter has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_service_search_base has no value
(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_sudo_search_base has value
ou=sudoers,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sudo_full_refresh_interval has value
21600(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_sudo_smart_refresh_interval has value 900(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sudo_use_host_filter is TRUE(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_sudo_hostnames has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sudo_ip has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_sudo_include_netgroups is TRUE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sudo_include_regexp is TRUE(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_autofs_search_base has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_autofs_map_master_name has value
auto.master(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_schema has value ipa_v1(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_offline_timeout has value 60(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_force_upper_case_realm is TRUE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_enumeration_refresh_timeout has
value 300(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_purge_cache_timeout has value 0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_tls_cacert has value
/etc/ipa/ca.crt(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_tls_cacertdir has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_tls_cert has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_tls_key has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_tls_cipher_suite has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_id_use_start_tls is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_id_mapping is FALSE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_sasl_mech has value GSSAPI(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sasl_authid has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_sasl_realm has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sasl_minssf has value 56(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_krb5_keytab has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_krb5_init_creds is TRUE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_server has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_backup_server has no value (Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_realm has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_canonicalize is TRUE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_use_kdcinfo is TRUE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_pwd_policy has value none(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_referrals is TRUE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option account_cache_expiration has value 0(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_dns_service_name has value ldap(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_krb5_ticket_lifetime has value
86400(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_access_filter has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_netgroup_search_base has no value
(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_group_nesting_level has value 2(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_deref has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_account_expire_policy has value ipa(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_access_order has no value (Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_chpass_uri has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_chpass_backup_uri has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_chpass_dns_service_name has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_chpass_update_last_change is
FALSE(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_enumeration_search_timeout has value 60(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option
ldap_auth_disable_tls_never_use_in_production is FALSE(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_page_size has value 1000(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_deref_threshold has value 10(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_sasl_canonicalize is FALSE(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_connection_expire_timeout has value 900(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_disable_paging is FALSE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_idmap_range_min has value 200000(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_idmap_range_max has value
2000200000(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_idmap_range_size has value 200000(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_idmap_autorid_compat is FALSE(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_idmap_default_domain has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_idmap_default_domain_sid has no
value (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_idmap_helper_table_size has value 10(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_groups_use_matching_rule_in_chain is
FALSE(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_initgroups_use_matching_rule_in_chain is FALSE(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_use_tokengroups is TRUE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_rfc2307_fallback_to_local_users is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_disable_range_retrieval is FALSE(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_min_id has value 0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option ldap_max_id has value 0(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
ldap_pwdlockout_dn has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option wildcard_limit has value 1000(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
ldap_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[DEFAULT][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_set_sasl_options] (0x0100): Will
look for docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
<docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in default
keytab(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [select_principal_from_keytab] (0x0200):
trying to select the most appropriate principal from keytab(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
Trying to find principal
docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
<docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in keytab.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x0400): No
principal matching docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
<docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> found in
keytab.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
Trying to find principal DOCKER-DEV-01$@INTERNAL.EMERLYN.COM
<http://INTERNAL.EMERLYN.COM> in keytab.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[find_principal_in_keytab] (0x0400): No principal matching
DOCKER-DEV-01$@INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> found in
keytab.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
Trying to find principal
host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
<docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in keytab.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [match_principal] (0x1000): Principal
matched to the sample
(host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
<docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>).(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [select_principal_from_keytab] (0x0200):
Selected primary: host/docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[select_principal_from_keytab] (0x0200): Selected realm:
INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to
host/docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to
INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_get_id_options] (0x0400): Option ldap_user_search_base set to
cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[USER][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[GROUP][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
ldap_netgroup_search_base set to
cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[NETGROUP][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
ipa_host_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[IPA_HOST][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
ipa_hbac_search_base set to cn=hbac,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[IPA_HBAC][cn=hbac,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
ipa_selinux_search_base set to cn=selinux,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[IPA_SELINUX][cn=selinux,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[SERVICE][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
ipa_subdomains_search_base set to
cn=trusts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[IPA_SUBDOMAINS][cn=trusts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
ipa_master_domain_search_base set to
cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
ipa_ranges_search_base set to
cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[IPA_RANGES][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
ipa_views_search_base set to
cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[IPA_VIEWS][cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_entry_usn has value entryUSN(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_rootdse_last_usn has value lastUSN(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_object_class has value posixAccount(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_name has value uid(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_pwd has value userPassword(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_uid_number has value
uidNumber(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_gid_number has value gidNumber(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_home_directory has value homeDirectory(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_principal has value krbPrincipalName(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_fullname has value cn(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_member_of has value memberOf(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_uuid has value ipaUniqueID(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_objectsid has value ipaNTSecurityIdentifier(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_primary_group has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_modify_timestamp has value modifyTimestamp(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_entry_usn has no value (Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_shadow_last_change has value shadowLastChange(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_shadow_min has value
shadowMin(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_shadow_max has value shadowMax(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_shadow_warning has value
shadowWarning(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_shadow_inactive has value shadowInactive(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_shadow_expire has value
shadowExpire(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_shadow_flag has value shadowFlag(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_krb_last_pwd_change has value
krbLastPwdChange(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_krb_password_expiration has value krbPasswordExpiration(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_pwd_attribute has value pwdAttribute(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_authorized_service has value
authorizedService(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_ad_account_expires has value accountExpires(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_ad_user_account_control has value
userAccountControl(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_ns_account_lock has value nsAccountLock(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_authorized_host has value
host(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_nds_login_disabled has value loginDisabled(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_nds_login_expiration_time has
value loginExpirationTime(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_nds_login_allowed_time_map has
value loginAllowedTimeMap(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has value
ipaSshPubKey(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_auth_type has value ipaUserAuthType(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_certificate has value
userCertificate;binary(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_object_class has value
ipaUserGroup(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_object_class_alt has value posixGroup(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_name has value cn(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_pwd has value userPassword(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_gid_number has value
gidNumber(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_member has value member(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_uuid has value ipaUniqueID(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_objectsid has value ipaNTSecurityIdentifier(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_modify_timestamp has value
modifyTimestamp(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_entry_usn has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_type has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_external_member has value ipaExternalMember(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_netgroup_object_class has value
ipaNisNetgroup(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_netgroup_name has value cn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_netgroup_member has value member(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_netgroup_member_of has value memberOf(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_netgroup_member_user has value
memberUser(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_netgroup_member_host has value memberHost(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_netgroup_member_ext_host has value
externalHost(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_netgroup_domain has value nisDomainName(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_netgroup_uuid has value ipaUniqueID(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_host_object_class has value ipaHost(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_host_name has value cn(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_host_fqdn has value fqdn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_host_serverhostname has value
serverHostname(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_host_member_of has value memberOf(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_host_ssh_public_key has value
ipaSshPubKey(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_host_uuid has value ipaUniqueID(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_hostgroup_objectclass has value
ipaHostgroup(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_hostgroup_name has value cn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_hostgroup_memberof has value
memberOf(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_hostgroup_uuid has value ipaUniqueID(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_service_object_class has value
ipService(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_service_name has value cn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_service_port has value
ipServicePort(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_service_proto has value ipServiceProtocol(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_object_class has value ipaselinuxusermap(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_name has value cn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_user has value
memberUser(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_member_host has value memberHost(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_selinux_usermap_see_also has value
seeAlso(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_selinux_user has value ipaSELinuxUser(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_enabled has value ipaEnabledFlag(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_selinux_usermap_user_category has value
userCategory(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_host_category has value hostCategory(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_selinux_usermap_uuid has value ipaUniqueID(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_view_class has value nsContainer(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_view_name has value cn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_overide_object_class has value
ipaOverrideAnchor(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_anchor_uuid has value ipaAnchorUUID(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ipa_user_override_object_class has value
ipaUserOverride(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ipa_group_override_object_class has value ipaGroupOverride(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_name has value uid(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_uid_number has value
uidNumber(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_gid_number has value gidNumber(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_home_directory has value homeDirectory(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_group_name has value cn(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_group_gid_number has value
gidNumber(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_user_ssh_public_key has value ipaSshPubKey(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option dyndns_update is FALSE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
dyndns_refresh_interval has value 0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option dyndns_iface has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
dyndns_ttl has value 1200(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option dyndns_update_ptr is FALSE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
dyndns_force_tcp is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option dyndns_auth has value gss-tsig(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
dyndns_server has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b93620(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b97080(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b93620 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b97080 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b93620 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_setup_tasks] (0x0400): Setting up cleanup task for
internal.emerlyn.com <http://internal.emerlyn.com>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b8fce0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b96770(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b8fce0 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b96770 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b8fce0 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sssm_ipa_id_init] (0x0020): Cannot find view name in the cache. Will do
online lookup later.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to
DNS(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin] (0x0400):
SRV lookup plugin is now DNS(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x2000): ID backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
[ipa] already loaded.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_domain has value
internal.emerlyn.com <http://internal.emerlyn.com>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_,
id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_hostname has value docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value
cn=hbac,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_host_search_base has value
cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value
cn=selinux,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value
cn=trusts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has
value cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option krb5_realm has value
INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_selinux_refresh has value 5(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_automount_location has value default(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value
cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_server_mode is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value
cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option krb5_confd_path has value
/var/lib/sss/pubconf/krb5.include.d(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_server has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_backup_server has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_realm has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_ccachedir has value /tmp(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_ccname_template has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_auth_timeout has value 6(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_keytab has value
/etc/krb5.keytab(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_validate is TRUE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_kpasswd has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_backup_kpasswd has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_store_password_if_offline is
TRUE(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_renewable_lifetime has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_lifetime has no value (Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_renew_interval has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_use_fast has value try(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_fast_principal has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_canonicalize is TRUE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_use_enterprise_principal is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_get_options] (0x0400): Option krb5_use_kdcinfo is TRUE(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
krb5_map_user has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy
option(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0400): Option
krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): Option
krb5_fast_principal set to
host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
<docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): Option
krb5_use_kdcinfo set to true(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[check_and_export_lifetime] (0x0200): No lifetime configured.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [check_and_export_lifetime] (0x0200): No
lifetime configured.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[check_and_export_options] (0x0100): No KDC explicitly configured, using
defaults.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [check_and_export_options] (0x0100): No
kpasswd server explicitly configured, using the KDC or defaults.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [parse_krb5_map_user] (0x0200): Warning:
krb5_map_user is empty!(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x2000): AUTH backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
[ipa] already loaded.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_domain has value
internal.emerlyn.com <http://internal.emerlyn.com>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_,
id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_hostname has value docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value
cn=hbac,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_host_search_base has value
cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value
cn=selinux,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value
cn=trusts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has
value cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option krb5_realm has value
INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_selinux_refresh has value 5(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_automount_location has value default(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value
cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
ipa_server_mode is FALSE(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value
cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[dp_copy_options_ex] (0x0400): Option krb5_confd_path has value
/var/lib/sss/pubconf/krb5.include.d(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x2000): ACCESS backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
[ipa] already loaded.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x2000): CHPASS backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
[ipa] already loaded.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sssm_ipa_sudo_init] (0x2000): Initializing IPA sudo handler(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x2000): Initializing IPA
sudo back end(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x0400): Using LDAP
schema for sudo(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sudo_init] (0x2000): Initializing
sudo LDAP back end(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
Search base added:
[SUDO][ou=sudoers,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_object_class has value sudoRole(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_sudorule_name has value cn(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_command has value sudoCommand(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_sudorule_host has value sudoHost(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_user has value sudoUser(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_sudorule_option has value
sudoOption(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_runas has value sudoRunAs(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_sudorule_runasuser has value
sudoRunAsUser(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_runasgroup has value sudoRunAsGroup(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_sudorule_notbefore has value
sudoNotBefore(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_notafter has value sudoNotAfter(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_sudorule_order has value sudoOrder(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_sudorule_entry_usn has no value (Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1ba05e0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9c740(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1ba05e0 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9c740 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1ba05e0 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_create] (0x0400): Periodic task [SUDO Full Refresh] was
created(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400): Task [SUDO
Full Refresh]: scheduling task 0 seconds from now [1470942316](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400): Periodic task
[SUDO Smart Refresh] was created(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_schedule] (0x0400): Task [SUDO Smart Refresh]: scheduling task
900 seconds from now [1470943216](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x2000): SUDO backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
name found in confdb, using [ipa].(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[load_backend_module] (0x1000): Backend [ipa] already loaded.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sssm_ipa_autofs_init] (0x2000):
Initializing IPA autofs handler(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_autofs_init] (0x2000): Initializing autofs LDAP back end(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_autofs_options] (0x1000): Option
ldap_autofs_search_base set to
cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[common_parse_search_base] (0x0100): Search base added:
[AUTOFS][cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com][SUBTREE][](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_autofs_map_object_class has value automountMap(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_autofs_map_name has value
automountMapName(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_autofs_entry_object_class has value automount(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_map] (0x0400): Option ldap_autofs_entry_key has value
automountKey(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
ldap_autofs_entry_value has value automountInformation(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x2000): autofs backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
name found in confdb, using [ipa].(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[load_backend_module] (0x1000): Backend [ipa] already loaded.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_process_init] (0x4000): selinux
backend target successfully loaded from provider [ipa].(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[load_backend_module] (0x0200): no module name found in confdb, using
[ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
[ipa] already loaded.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_process_init] (0x4000): HOST backend target successfully loaded from
provider [ipa].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
name found in confdb, using [ipa].(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[load_backend_module] (0x1000): Backend [ipa] already loaded.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_config_status] (0x4000): IPA
subdomain provider is configured implicit.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_subdom_reinit] (0x2000): Re-initializing domain internal.emerlyn.com
<http://internal.emerlyn.com>(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sss_write_krb5_localauth_snippet] (0x0200): File for localauth plugin
configuration is [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b9e080(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1ba02b0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9e080 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1ba02b0 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9e080 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1ba02b0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1ba0370(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1ba02b0 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1ba0370 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1ba02b0 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1ba15f0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9fae0(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1ba15f0 "ltdb_callback"(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9fae0 "ltdb_timeout"(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1ba15f0 "ltdb_callback"(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sss_write_domain_mappings] (0x0200): Mapping file for domain
[internal.emerlyn.com <http://internal.emerlyn.com>] is
[/var/lib/sss/pubconf/krb5.include.d/domain_realm_internal_emerlyn_com](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_process_init] (0x4000): Get-Subdomains
backend target successfully loaded from provider [ipa].(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[become_user] (0x0200): Trying to become user [0][0].(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[become_user] (0x0200): Already user [0].(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [main]
(0x0400): Backend provider (internal.emerlyn.com
<http://internal.emerlyn.com>) started!(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1b6eac0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1b6eac0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_execute] (0x0400): Task [SUDO Full Refresh]: executing task,
timeout 21600 seconds(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo
rules(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000):
beginning to connect(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
port 0 for server '(no name)' is 'neutral'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The status of
SRV lookup is neutral(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
'ldap'. Will use DNS discovery domain 'internal.emerlyn.com
<http://internal.emerlyn.com>'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolv_getsrv_send] (0x0100): Trying to resolve SRV record of
'_ldap._tcp.internal.emerlyn.com <http://tcp.internal.emerlyn.com>'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [schedule_request_timeout] (0x2000):
Scheduling a timeout of 6 seconds(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1b84310/0x1b6c3f0 (15), R/- (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1b84310/0x1b6c3f0 (15), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1b84310/0x1b6c3f0 (15), R/- (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1b84310/0x1b6c3f0 (15), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000):
0x1b6c560(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1b6eac0(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [id_callback] (0x0100): Got id ack and
version (1) from Monitor(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_getsrv_done] (0x1000): Using TTL
[86400](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
Deleting request watch(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_discover_srv_done] (0x0400): Got answer. Processing...(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400): Got 3
servers(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
primary server 'idmfs-01.internal.emerlyn.com:389
<http://idmfs-01.internal.emerlyn.com:389>' to service 'IPA'(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
primary server 'id-management-1.internal.emerlyn.com:389
<http://id-management-1.internal.emerlyn.com:389>' to service 'IPA'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
primary server 'id-management-2.internal.emerlyn.com:389
<http://id-management-2.internal.emerlyn.com:389>' to service 'IPA'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [set_srv_data_status] (0x0100): Marking
SRV lookup of service 'IPA' as 'resolved'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_server_status] (0x1000): Status of server
'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' is
'name not resolved'(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000):
[idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>] does
not look like an IP address(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolv_gethostbyname_step] (0x2000): Querying files(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' in
files(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
Marking server 'idmfs-01.internal.emerlyn.com
<http://idmfs-01.internal.emerlyn.com>' as 'resolving name'(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
Querying files(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'idmfs-01.internal.emerlyn.com
<http://idmfs-01.internal.emerlyn.com>' in files(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query] (0x0100):
Trying to resolve A record of 'idmfs-01.internal.emerlyn.com
<http://idmfs-01.internal.emerlyn.com>' in DNS(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] (0x1000):
Parsing an A reply(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
Deleting request watch(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[set_server_common_status] (0x0100): Marking server
'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' as
'name resolved'(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_resolve_server_process] (0x0200): Found address for server
idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>:
[10.72.100.56] TTL 1200(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://idmfs-01.internal.emerlyn.com
<http://idmfs-01.internal.emerlyn.com>'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sss_ldap_init_send] (0x4000): Using file descriptor [19] for LDAP
connection.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): Setting 6
seconds timeout for connecting(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_async_sys_connect_done] (0x0020): connect failed [113][No route to
host].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sss_ldap_init_sys_connect_done] (0x0020):
sdap_async_sys_connect request failed: [113]: No route to host.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sss_ldap_init_state_destructor] (0x0400):
closing socket [19](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sys_connect_done] (0x0020):
sdap_async_connect_call request failed: [113]: No route to host.(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000): Trace:
sh[0x1b9e670], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0],
release_memory[0](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): Setting
status: PORT_NOT_WORKING. Called from:
../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done:
1567(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'idmfs-01.internal.emerlyn.com
<http://idmfs-01.internal.emerlyn.com>' as 'not working'(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'idmfs-01.internal.emerlyn.com
<http://idmfs-01.internal.emerlyn.com>' as 'not working'(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
to resolve service 'IPA'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_server_status] (0x1000): Status of server
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'name not resolved'(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
port 389 for server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'neutral'(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'name not resolved'(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000):
[id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>] does not look like an IP
address(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
Querying files(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' in files(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[set_server_common_status] (0x0100): Marking server
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'resolving name'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
Querying files(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' in files(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
Querying DNS(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query] (0x0100):
Trying to resolve A record of 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' in DNS(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000):
Scheduling DNS timeout watcher(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] (0x1000):
Parsing an A reply(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
Deleting request watch(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[set_server_common_status] (0x0100): Marking server
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'name resolved'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200):
Found address for server id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
Constructed uri 'ldap://id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sss_ldap_init_send] (0x4000): Using file descriptor [19] for LDAP
connection.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): Setting 6
seconds timeout for connecting(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
[ldap://id-management-1.internal.emerlyn.com:389/??base
<http://id-management-1.internal.emerlyn.com:389/??base>] with fd [19].(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_rootdse_send] (0x4000): Getting
rootdse(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=*)][].(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [altServer](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[namingContexts](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedControl](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedExtension](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedFeatures](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [supportedLDAPVersion](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[supportedSASLMechanisms](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[domainControllerFunctionality](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[defaultNamingContext](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN](Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [highestCommittedUSN](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 1
timeout 6(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1ba44e0], ldap[0x1b977d0](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [vendorName](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [vendorVersion](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [dataversion](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [netscapemdsuffix](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [changeLog](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [firstchangenumber](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [lastchangenumber](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [namingContexts](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [supportedControl](Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [supportedExtension](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[supportedLDAPVersion](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[supportedSASLMechanisms](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[defaultNamingContext](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [lastUSN](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation 1
finished(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_rootdse_done] (0x2000): Got
rootdse(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_rootdse_done] (0x2000): Skipping
auto-detection of match rule(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_server_opts_from_rootdse] (0x4000): USN value: 5396286 (int:
5396286)(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_kinit_send] (0x0400): Attempting
kinit (default, host/docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>, INTERNAL.EMERLYN.COM
<http://INTERNAL.EMERLYN.COM>, 86400)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service IPA(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
to resolve service 'IPA'(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_server_status] (0x1000): Status of server
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'name resolved'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'name resolved'(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_resolve_server_process] (0x0200): Found address for server
id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
resolved, attempting to get TGT...(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[create_tgt_req_send_buffer] (0x0400): buffer size: 83(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid
[5472](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [5472](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt
child(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[write_pipe_handler] (0x0400): All data has been sent!(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Entering.(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Adding connection
0x1bbb650.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
connection 0x1bbb650(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_add_watch] (0x2000): 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bbc1c0/0x1bb2120 (21), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Got a connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
ID timeout [0x1bbc470](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bbb650(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb2120 (21), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bbc1c0/0x1bb0e00 (21), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Entering.(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Adding connection
0x1bbfca0.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
connection 0x1bbfca0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_add_watch] (0x2000): 0x1bc0bc0/0x1bbd620 (23), -/W (disabled)(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc0bc0/0x1bbd670 (23), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Got a connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
ID timeout [0x1bc0ea0](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb2120 (21), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc0bc0/0x1bbd620 (23), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc0bc0/0x1bbd620 (23), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Entering.(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Adding connection
0x1bc2540.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
connection 0x1bc2540(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_add_watch] (0x2000): 0x1bc3920/0x1bc2040 (24), -/W (disabled)(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc3920/0x1bc2090 (24), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Got a connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
ID timeout [0x1bc3c00](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc2540(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Entering.(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Adding connection
0x1bc49b0.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
connection 0x1bc49b0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_add_watch] (0x2000): 0x1bc5a70/0x1bc3a20 (25), -/W (disabled)(Thu Aug
11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc5a70/0x1bc3a70 (25), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_server_init_new_connection] (0x0200): Got a connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
ID timeout [0x1bc5d50](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a70 (25), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc5a70/0x1bc3a20 (25), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a70 (25), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc5a70/0x1bc3a20 (25), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc0bc0/0x1bbd620 (23), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc0bc0/0x1bbd620 (23), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2090 (24), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc3920/0x1bc2040 (24), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2090 (24), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc3920/0x1bc2040 (24), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.RegisterService on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
ID timeout [0x1bc0ea0](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[client_registration] (0x0100): Added Frontend client [PAM](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bbfca0(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
subdomains [](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Queue is
empty, running request immediately.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_queue_request] (0x4000): Adding request to queue.(Thu Aug 11 15:05:16
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): waiting for connection to complete(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bbfca0(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc3920/0x1bc2090 (24), R/- (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2040 (24), -/W (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc3920/0x1bc2090 (24), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2040 (24), -/W (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bbc1c0/0x1bb2120 (21), R/- (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bbc1c0/0x1bb2120 (21), R/- (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bbb650(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
ID timeout [0x1bbc470](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[client_registration] (0x0100): Added Frontend client [SUDO](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bbb650(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
subdomains [](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
request to queue.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc2540(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
ID timeout [0x1bc3c00](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[client_registration] (0x0100): Added Frontend client [SSH](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc2540(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
subdomains [](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
request to queue.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_server_init_new_connection]
(0x0200): Entering.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_server_init_new_connection]
(0x0200): Adding connection 0x1bcaa90.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_init_connection] (0x0400): Adding connection 0x1bcaa90(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
0x1bcba00/0x1bca5c0 (26), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_server_init_new_connection]
(0x0200): Got a connection(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_client_init] (0x0100): Set-up Backend ID timeout [0x1bcbce0](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.sssd.dataprovider with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_conn_register_path] (0x0400): Registering object path
/org/freedesktop/sssd/dataprovider with D-Bus connection(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
Registering interface org.freedesktop.DBus.Properties with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_opath_hash_add_iface] (0x0400): Registering interface
org.freedesktop.DBus.Introspectable with path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bcaa90(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bcba00/0x1bca5c0 (26), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bcba00/0x1bca5c0 (26), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (disabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bcba00/0x1bca5c0 (26), -/W (enabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled)(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bcba00/0x1bca5c0 (26), -/W (disabled)(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bcaa90(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.RegisterService on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
ID timeout [0x1bcbce0](Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[client_registration] (0x0100): Added Frontend client [PAC](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bcaa90(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
subdomains [](Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
request to queue.(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting for
child [5472].(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child [5472]
finished successfully.(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[read_pipe_handler] (0x0400): EOF received, client finished(Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_tgt_recv] (0x0400): Child
responded: 0 [FILE:/var/lib/sss/db/ccache_INTERNAL.EMERLYN.COM
<http://ccache_INTERNAL.EMERLYN.COM>], expired on [1471028716](Thu Aug 11
15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x0100): expire
timeout is 900(Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x1000): the
connection will expire at 1470943216(Thu Aug 11 15:05:16 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user:
host/docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
from: ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv:
2052(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): Marking
port 389 of server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'working'(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
Marking server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'working'(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'working'(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): notify
connected to op #1(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sudo_refresh_connect_done] (0x0400):
SUDO LDAP connection successful(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[check_ipv4_addr] (0x0200): Loopback IPv4 address 127.0.0.1(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] (0x2000):
Found IP address: 10.72.100.66 in network 10.72.100.0/24
<http://10.72.100.0/24>(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 172.17.0.1 in
network 172.17.0.0/16 <http://172.17.0.0/16>(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[check_ipv6_addr] (0x0200): Loopback IPv6 address ::1(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
fe80::250:56ff:fe9a:495f in network fe80::/64(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
fe80::42:43ff:fe27:e955 in network fe80::/64(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
fe80::ac23:29ff:fe04:bb1a in network fe80::/64(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
fe80::c494:9dff:feed:a7d8 in network fe80::/64(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_hostnames_send] (0x2000): Found fqdn:
docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_get_hostnames_send] (0x2000): Found hostname: docker-dev-01(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): notify
connected to op #2(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaBaseID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaSecondaryBaseRID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaIDRangeSize](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTTrustedDomainSID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 5(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 5 timeout 6(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_done] (0x4000): caching successful connection after 2
notifies(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_run_unconditional_online_cb] (0x0400):
Running unconditional online callbacks.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_run_online_cb] (0x0080): Going online. Running callbacks.(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_send] (0x0400):
About to fetch sudo rules(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_search_bases_next_base] (0x0400): Issuing LDAP lookup with base
[ou=sudoers,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>)(sudoHost=docker-dev-01)(sudoHost=10.72.100.66)(sudoHost=10.72.100.0/24)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=fe80::250:56ff:fe9a:495f)(sudoHost=fe80::/64)(sudoHost=fe80::42:43ff:fe27:e955)(sudoHost=fe80::/64)(sudoHost=fe80::ac23:29ff:fe04:bb1a)(sudoHost=fe80::/64)(sudoHost=fe80::c494:9dff:feed:a7d8)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=sudoers,dc=internal,dc=emerlyn,dc=com
<http://10.72.100.0/24)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=fe80::250:56ff:fe9a:495f)(sudoHost=fe80::/64)(sudoHost=fe80::42:43ff:fe27:e955)(sudoHost=fe80::/64)(sudoHost=fe80::ac23:29ff:fe04:bb1a)(sudoHost=fe80::/64)(sudoHost=fe80::c494:9dff:feed:a7d8)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=sudoers,dc=internal,dc=emerlyn,dc=com>].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sudoCommand](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoHost](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sudoUser](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOption](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sudoRunAs](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoRunAsUser](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sudoRunAsGroup](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotBefore](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sudoNotAfter](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOrder](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 6
timeout 6(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc5a70/0x1bc3a70 (25), R/- (disabled)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a20 (25), -/W (enabled)(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
0x1bc5a70/0x1bc3a70 (25), R/- (enabled)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a20 (25), -/W (disabled)(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc49b0(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
ID timeout [0x1bc5d50](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[client_registration] (0x0100): Added Frontend client [NSS](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc49b0(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
subdomains [](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
request to queue.(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc49b0(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=All,ou=sudoers,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [objectClass](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [sudoCommand](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [sudoHost](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [sudoUser](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [sudoRunAsUser](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [sudoRunAsGroup](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3a0], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 6 finished(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_search_bases_done] (0x0400): Receiving data from base
[ou=sudoers,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_load_sudoers_done] (0x0040): Received 1 sudo rules(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
operation connection(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_refresh_done] (0x0400): Received 1 rules(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb2300(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb23c0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2300 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb23c0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2300 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_sudo_store_rule] (0x0400): Adding sudo rule All(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb11b0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd63c0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb11b0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd63c0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb11b0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1be3710(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1be37d0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1be3710 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1be37d0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1be3710 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_refresh_done] (0x0400): Sudoers is successfuly stored in
cache(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sudo_set_usn] (0x0200): SUDO higher
USN value: [2582737](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb31e0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb32a0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb31e0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb32a0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb31e0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb15d0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1690(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb15d0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1690 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb15d0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo
rules(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_ptask_done] (0x0400): Task [SUDO Full
Refresh]: finished successfully(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task
21600 seconds from last execution time [1470963916](Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bb0d50], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_subdom_reset_timeouts_cb] (0x4000):
Resetting last_refreshed and disabled_until.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaBaseID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaSecondaryBaseRID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaIDRangeSize](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTTrustedDomainSID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 7(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 7 timeout 6(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaBaseRID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaSecondaryBaseRID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaRangeType](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 5 finished(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b9eae0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9eba0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9eae0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9eba0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9eae0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_update_ranges] (0x0400): Adding range
[INTERNAL.EMERLYN.COM_id_range].(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1be29e0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1be2aa0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1be29e0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1be2aa0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1be29e0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b9eae0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9eba0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9eae0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9eba0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9eae0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b9ea20(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9eae0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9ea20 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9eae0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9ea20 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTSecurityIdentifier](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 8
timeout 6(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done]
(0x4000): Checking master record..(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1baf7a0], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseID](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaBaseRID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaSecondaryBaseRID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaRangeType](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1baf7a0], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 7 finished(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1ba02b0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1ba0370(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1ba02b0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1ba0370 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1ba02b0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1ba0370(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1ba0430(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1ba0370 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1ba0430 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1ba0370 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb2ad0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb2b90(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2ad0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb2b90 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2ad0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTSecurityIdentifier](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 9
timeout 6(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done]
(0x4000): Checking master record..(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN: [cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaNTSecurityIdentifier](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 8 finished(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb0f70(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1030(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0f70 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1030 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0f70 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb0f70(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1030(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0f70 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1030 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0f70 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd6910(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1040(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6910 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1040 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6910 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTTrustedDomainSID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustDirection](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
10(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 10
timeout 6(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1baf7a0], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName](Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaNTSecurityIdentifier](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1baf7a0], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 9 finished(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTTrustedDomainSID](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTTrustDirection](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
11(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 11
timeout 6(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd3e40], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 10 finished(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_deref_search_with_filter_send] (0x2000): Server supports OpenLDAP
deref(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
Dereferencing entry [cn=accounts,dc=internal,dc=emerlyn,dc=com] using
OpenLDAP deref(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 12(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 12 timeout 6(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd6710], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
11 finished(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_deref_search_with_filter_send]
(0x2000): Server supports OpenLDAP deref(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_search_send] (0x0400): Dereferencing entry
[cn=accounts,dc=internal,dc=emerlyn,dc=com] using OpenLDAP deref(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass](Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 13(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 13 timeout 6(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): All deref results from a single
control parsed(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
Total count [0](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
12 finished(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No view
found, using default.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_get_view_name_done] (0x0400): Found view name [default].(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): Found
IPA default view name, replacing with sysdb default.(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_get_view_name_done] (0x4000): read_at_init [false] current view
[(null)].(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd6870(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd6930(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6870 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd6930 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6870 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd95b0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd9670(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd95b0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd9670 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd95b0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd04e0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd05a0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd04e0 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd05a0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd04e0 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1ba0500(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd95e0(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1ba0500 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd95e0 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1ba0500 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1d60(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1e20(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1d60 "ltdb_callback"(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1e20 "ltdb_timeout"(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1d60 "ltdb_callback"(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
request filed successfully.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
request filed successfully.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
request filed successfully.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
request filed successfully.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Request
queue is empty.(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400): Back end is
online(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task [SUDO
Smart Refresh]: already enabled(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_online_cb] (0x0400): Back end is online(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_ptask_enable] (0x0080): Task [SUDO Full Refresh]: already enabled(Thu
Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): All deref results from a single
control parsed(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0](Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
Total count [0](Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
13 finished(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No view
found, using default.(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_get_view_name_done] (0x0400): Found view name [default].(Thu Aug 11
15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): Found
IPA default view name, replacing with sysdb default.(Thu Aug 11 15:05:18
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_get_view_name_done] (0x4000): read_at_init [true] current view
[default].(Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[(nil)], ldap[0x1b977d0](Thu Aug 11 15:05:18 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_sudo_online_cb] (0x0400): We are
back online. SUDO host information will be renewed on next refresh.(Thu Aug
11 15:05:18 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [delayed_online_authentication_callback]
(0x0200): Backend is online, starting delayed online authentication.(Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc49b0(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x1001][FAST BE_REQ_USER][1][idnumber=320000001](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb04f0(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3d80(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb04f0 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3d80 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb04f0 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_idmap_check_posix_child] (0x4000): Idmap of domain
[S-1-5-21-711561063-4190233445-1602496204] already known, nothing to
do.(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000):
reusing cached connection(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_search_user_next_base] (0x0400): Searching for users with base
[cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uidNumber=320000001)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userPassword](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber](Thu Aug
11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [homeDirectory](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [krbPrincipalName](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTSecurityIdentifier](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[shadowLastChange](Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shadowMin](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax](Thu Aug
11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shadowWarning](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[shadowInactive](Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shadowExpire](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [krbLastPwdChange](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [authorizedService](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[accountExpires](Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [host](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginExpirationTime](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUserAuthType](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userCertificate;binary](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
14(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 14
timeout 6(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [uid](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [uidNumber](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [gidNumber](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [gecos](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory](Thu Aug
11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [loginShell](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [cn](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [krbPasswordExpiration](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [nsAccountLock](Thu Aug
11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 14 finished(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_search_user_process] (0x0400): Search for users, returned 1
results.(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_search_user_process] (0x4000):
Retrieved total 1 users(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x0400): Save user(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jgoddard(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Processing user
jgoddard(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000): Adding
originalDN
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
attributes of [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x0400): Adding original memberOf attributes to
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding original mod-Timestamp [20160811190153Z] to attributes of
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding user
principal [jgoddard at INTERNAL.EMERLYN.COM <jgoddard at INTERNAL.EMERLYN.COM>]
to attributes of [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowMin is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowWarning is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowExpire is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard].(Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding krbPasswordExpiration [20170718194453Z] to attributes of
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
pwdAttribute is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
adAccountExpires is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available
for [jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding nsAccountLock [FALSE] to attributes of [jgoddard].(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
authorizedHost is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginExpirationTime is not available for [jgoddard].(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not
available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding sshPublicKey
[c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
to attributes of [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): authType is not available for
[jgoddard].(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
userCertificate is not available for [jgoddard].(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x0400): Storing info for user jgoddard(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfbbe0(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfbca0(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfbbe0 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfbca0 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfbbe0 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_by_name] (0x0400): No such entry(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfb6d0(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfaa10(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfb6d0 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfaa10 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfb6d0 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_user_by_uid] (0x0400): No such entry(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfebf0(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfecb0(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfebf0 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfecb0 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfebf0 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c09ca0(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c09d60(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c09ca0 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c09d60 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c09ca0 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0af50(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bff180(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0af50 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bff180 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0af50 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_users] (0x4000): User 0 processed!(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_users_done] (0x4000): Saving 1 Users - Done(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_done] (0x4000): releasing operation connection(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb27b0(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3d80(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb27b0 "ltdb_callback"(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3d80 "ltdb_timeout"(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb27b0 "ltdb_callback"(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
(0x4000): Searching for overrides in view [Default Trust View] with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].(Thu
Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:24 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 15(Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 15 timeout 6(Thu Aug 11 15:05:24
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11 15:05:24 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
15 finished(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
override found with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb2060(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb2d60(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2060 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb2d60 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2060 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bc8780(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bc8780 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1ea0 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bc8780 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000001](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
Searching for groups with base
[cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(gidNumber=320000001)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaExternalMember](Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 16(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 16 timeout 6(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bbc470], ldap[0x1b977d0](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [gidNumber](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bbc470], ldap[0x1b977d0](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 16 finished(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_groups_process] (0x0400): Search for groups, returned 1
results.(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
server supports deref method OpenLDAP(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [groups](Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
About to process group
[cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 0 users
found in the hash table(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_recv] (0x0400): 1 groups found in the hash table(Thu Aug
11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str] (0x1000): No
[objectSIDString] attribute. [0][Success](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_group] (0x4000): objectSID: not available for group
[(null)].(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object jgoddard(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_group] (0x0400): Processing group jgoddard(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_group] (0x2000): This is a posix group(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
[cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
attributes of [jgoddard].(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
[20150116164416Z] to attributes of [jgoddard].(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): The group has 0 members(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Group has 0 members(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing info
for group jgoddard(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb0eb0(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0f70(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0f70 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_by_name] (0x0400): No such entry(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_store_group] (0x1000): Group jgoddard does not exist.(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bae460(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9f970(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bae460 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9f970 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bae460 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_group_by_gid] (0x0400): No such entry(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd05a0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd0660(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd05a0 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd0660 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd05a0 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bca2c0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd6740(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bca2c0 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c011d0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c01290(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd6740 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bca2c0 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c011d0 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c01290 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c011d0 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 processed!(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
[0][Success](Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Failed to get
group sid(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object jgoddard(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_grpmem] (0x0400): Processing group jgoddard(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_grpmem] (0x0400): No members for group [jgoddard](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd1280(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bae5c0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1280 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bae5c0 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1280 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b9f970(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bae5c0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9f970 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bae5c0 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9f970 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 members processed!(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_done] (0x2000): No external members, done(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_done] (0x4000): releasing operation connection(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1baf710(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1baf710 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1ea0 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1baf710 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
(0x4000): Searching for overrides in view [Default Trust View] with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))][cn=Default
Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 17(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 17 timeout 6(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd3b80], ldap[0x1b977d0](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
17 finished(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
override found with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1baf650(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1baf710(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1baf650 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1baf710 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1baf650 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb2290(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2290 "ltdb_callback"(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1ea0 "ltdb_timeout"(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2290 "ltdb_callback"(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000000](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
Searching for groups with base
[cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:25
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(gidNumber=320000000)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword](Thu
Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaExternalMember](Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 18(Thu Aug 11 15:05:25 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 18 timeout 6(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1b6eac0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): Not a
sysbus message, quit(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bbc470], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [gidNumber](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [member](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaNTSecurityIdentifier](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bbc470], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 18 finished(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_groups_process] (0x0400): Search for groups, returned 1
results.(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
server supports deref method OpenLDAP(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [groups](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
About to process group
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd6770(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd6830(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6770 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd6830 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6770 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bca3e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd67b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bca3e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd67b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bca3e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bca3e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd66b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bca3e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd66b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bca3e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd63c0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd6480(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd63c0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd6480 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd63c0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd6480(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd66c0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6480 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd66c0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6480 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
cache, skipping(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb0eb0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0f70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0f70 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb12c0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7ae0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb12c0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7ae0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb12c0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb1210(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7ae0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb1210 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7ae0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb1210 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd04e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf14a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd04e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf14a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd04e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
Looking up 4/5 members of group
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
Members of group
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will be
processed individually(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting
[uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
hash table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 4 users
found in the hash table(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_recv] (0x0400): 1 groups found in the hash table(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object jfifield(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): Search users with filter:
(&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb1160(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1220(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb1160 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1220 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb1160 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object admin(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b9f1e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd0a30(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9f1e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd0a30 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9f1e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object chunsicker(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b9fa30(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bcd910(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9fa30 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bcd910 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9fa30 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object test(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bcd910(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bae4d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bcd910 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bae4d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bcd910 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object admins(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
group admins(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a
posix group(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding original DN
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
attributes of [admins].(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
[20160408185328Z] to attributes of [admins].(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): The group has 5 members(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Group has 5 members(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [admin](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[chunsicker](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [jfifield](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[test](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing info
for group admins(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd15f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd16b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd15f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd16b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd15f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_by_name] (0x0400): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_store_group] (0x1000): Group admins does not exist.(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd07f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd15f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd07f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd15f0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd07f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_group_by_gid] (0x0400): No such entry(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfd0a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd160(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd0a0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd160 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd0a0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfc820(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc8e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfc820 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c060a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c06160(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc8e0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfc820 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c060a0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c06160 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c060a0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 processed!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object admins(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
group admins(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c07c50(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc820(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c07c50 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc820 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c07c50 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf94a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc820(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf94a0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc820 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf94a0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_sids_of_members] (0x0400): No such entry(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
or directory].(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
users to group [admins](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_find_entry_by_origDN] (0x4000): Searching cache for
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfc820(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf94a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfc820 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf94a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfc820 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_fill_memberships] (0x1000):     member #2
(uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
[name=jgoddard,cn=users,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfcd30(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd07f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfcd30 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd07f0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfcd30 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd07f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf9880(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd07f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c060d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c04a30(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf9880 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd07f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c060d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c06fe0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c070a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c04a30 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c060d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c06fe0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0c5c0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c0c680(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c070a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c06fe0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0c5c0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c09ce0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c0d660(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c0c680 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0c5c0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c09ce0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c0d660 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c09ce0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 members processed!(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_done] (0x2000): No external members, done(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_done] (0x4000): releasing operation connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb26f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb27b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb26f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb27b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb26f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
(0x4000): Searching for overrides in view [Default Trust View] with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))][cn=Default
Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 19(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 19 timeout 6(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
19 finished(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
override found with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb0b70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb26f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb26f0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bc91d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bc9290(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bc91d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bc9290 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bc91d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000019](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
Searching for groups with base
[cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(gidNumber=320000019)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaExternalMember](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 20(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 20 timeout 6(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bb2de0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [gidNumber](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [member](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaNTSecurityIdentifier](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bb2de0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 20 finished(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_groups_process] (0x0400): Search for groups, returned 1
results.(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
server supports deref method OpenLDAP(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
hash table [groups](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
About to process group
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd7900(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd79c0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd7900 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd79c0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd7900 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd7bf0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf1780(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd7bf0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf1780 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd7bf0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb0eb0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0f70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0f70 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf0c10(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf0c10 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf0cd0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf0c10 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf0c10(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf0c10 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf0cd0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf0c10 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf1780(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf1840(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf1780 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf1840 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf1780 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf1950(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0eb0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf1950 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0eb0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf1950 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf0c10(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf0c10 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf0cd0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf0c10 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf1780(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf1840(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf1780 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf1840 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf1780 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd7bc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7c80(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd7bc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7c80 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd7bc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd7bc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7c80(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd7bc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7c80 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd7bc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
cache, skipping(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd63c0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd6480(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd63c0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd6480 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd63c0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bda620(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bda6e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bda620 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bda6e0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bda620 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
Looking up 6/7 members of group
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
Members of group
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will be
processed individually(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
hash table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
hash table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_recv] (0x0400): 6 users found in the hash table(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1
groups found in the hash table(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jviger(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd7fb0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd8070(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd7fb0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd8070 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd7fb0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jfifield(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd82d0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd63c0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd82d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd63c0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd82d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object chunsicker(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf1d70(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd6e00(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf1d70 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd6e00 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf1d70 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object cperry(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd1520(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bda4d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1520 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bda4d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1520 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jodell(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bef750(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd82d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bef750 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd82d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bef750 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object lglassover(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd69e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bcda20(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd69e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bcda20 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd69e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object developers(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
group developers(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a
posix group(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding original DN
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
attributes of [developers].(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
[20160504191023Z] to attributes of [developers].(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): The group has 7 members(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Group has 7 members(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [chunsicker](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[cperry](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [jfifield](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[jodell](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [lglassover](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[jviger](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing info
for group developers(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bef790(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1befb90(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bef790 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1befb90 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bef790 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_by_name] (0x0400): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_store_group] (0x1000): Group developers does not exist.(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bcda20(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bda7d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bcda20 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bda7d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bcda20 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_group_by_gid] (0x0400): No such entry(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfdba0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfdc60(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfdba0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfdc60 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfdba0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c064a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c06560(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c064a0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c068f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c069b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c06560 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c064a0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c068f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c069b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c068f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 processed!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object developers(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
group developers(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c053d0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf0a20(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c053d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf0a20 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c053d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfe3e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd12d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfe3e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd12d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfe3e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_sids_of_members] (0x0400): No such entry(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
or directory].(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
users to group [developers](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_find_entry_by_origDN] (0x4000): Searching cache for
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bda7d0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c074e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bda7d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c074e0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bda7d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_fill_memberships] (0x1000):     member #5
(uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
[name=jgoddard,cn=users,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfe3e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1befb90(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfe3e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1befb90 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfe3e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfe3e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c053d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfe3e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c082f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c083b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c053d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfe3e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c082f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfddb0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfde70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c083b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c082f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfddb0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c089f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c0c5a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfde70 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfddb0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c089f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0c3e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c06d50(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c0c5a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c089f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0c3e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c06d50 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0c3e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 members processed!(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_done] (0x2000): No external members, done(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_done] (0x4000): releasing operation connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b9f1f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb26f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9f1f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb26f0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9f1f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
(0x4000): Searching for overrides in view [Default Trust View] with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))][cn=Default
Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 21(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 21 timeout 6(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bef2c0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
21 finished(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
override found with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb05e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb16c0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb05e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb16c0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb05e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd6aa0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1baf650(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6aa0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1baf650 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6aa0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000031](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
Searching for groups with base
[cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(gidNumber=320000031)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaExternalMember](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 22(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 22 timeout 6(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [gidNumber](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [member](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaNTSecurityIdentifier](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 22 finished(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_groups_process] (0x0400): Search for groups, returned 1
results.(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
server supports deref method OpenLDAP(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [groups](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_process_send] (0x2000): About to process group
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd67e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd68a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd67e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd68a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd67e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb21d0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb2290(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb21d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb2290 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb21d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd6720(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd67e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6720 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd67e0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6720 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd6480(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf18b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6480 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf18b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6480 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd6480(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf18b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd6480 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf18b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd6480 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
cache, skipping(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb0f70(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1030(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0f70 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1030 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0f70 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb2bc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd71c0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2bc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd71c0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2bc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd71c0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7280(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd71c0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7280 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd71c0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb2bc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb1260(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2bc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb1260 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2bc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd0fc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0b70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd0fc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0b70 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd0fc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb2bc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0b70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2bc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0b70 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2bc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb11e0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb12a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb11e0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb12a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb11e0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd7f50(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd8010(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd7f50 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd8010 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd7f50 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
unknown object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd8010(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb11e0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd8010 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb11e0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd8010 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): Search groups with filter:
(&(objectclass=group)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd8210(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7f50(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd8210 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7f50 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd8210 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_groups] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_split_members] (0x4000):
[uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
object(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
Looking up 7/8 members of group
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
Members of group
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
will be processed individually(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
hash table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_hash_insert] (0x4000): Inserting
[uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting
[uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
hash table [users](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
Inserting [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
into hash table [users](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_group_recv] (0x0400): 7 users found in the hash table(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1
groups found in the hash table(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jviger(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd1de0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7c30(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1de0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7c30 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1de0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jfifield(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb23f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0b70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb23f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0b70 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb23f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object mlibby(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfe660(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0f30(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfe660 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0f30 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfe660 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object chunsicker(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd0fc0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc150(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd0fc0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc150 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd0fc0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object cperry(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfeb20(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd8450(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfeb20 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd8450 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfeb20 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jodell(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd8450(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf0af0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd8450 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf0af0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd8450 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object lglassover(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
users with filter:
(&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb23f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd0fc0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb23f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd0fc0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb23f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_users] (0x2000): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jira-administrators(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
group jira-administrators(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_group] (0x2000): This is a posix group(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
to attributes of [jira-administrators].(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
[20160504191023Z] to attributes of [jira-administrators].(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400): The
group has 8 members(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Group has 8 members(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [chunsicker](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[jfifield](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [cperry](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[jodell](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [jviger](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_ghost_members] (0x0400): Adding ghost member for group
[lglassover](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
Adding ghost member for group [mlibby](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_group] (0x0400): Storing info for group jira-administrators(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb2250(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb2310(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2250 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb2310 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2250 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_by_name] (0x0400): No such entry(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_store_group] (0x1000): Group jira-administrators does not exist.(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb0eb0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb2250(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb2250 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0eb0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_group_by_gid] (0x0400): No such entry(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfdee0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfdfa0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfdee0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfdfa0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfdee0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c07fd0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08090(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c07fd0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08730(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c087f0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08090 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c07fd0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08730 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c087f0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08730 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 processed!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jira-administrators(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
group jira-administrators(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb2250(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08150(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2250 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08150 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2250 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb0b70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc150(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc150 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_sids_of_members] (0x0400): No such entry(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
or directory].(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
users to group [jira-administrators](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_find_entry_by_origDN] (0x4000): Searching cache for
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1b9f9f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc150(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9f9f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc150 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9f9f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_fill_memberships] (0x1000):     member #2
(uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
[name=jgoddard,cn=users,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0a510(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd0fc0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0a510 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd0fc0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0a510 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb0b70(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfc150(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0a0a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfcd30(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfc150 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0a0a0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c096d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c09790(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfcd30 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0a0a0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c096d0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0cb20(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c087a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c09790 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c096d0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0cb20 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0bd80(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c0d9d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c087a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0cb20 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0bd80 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c0d9d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0bd80 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_groups] (0x4000): Group 0 members processed!(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_nested_done] (0x2000): No external members, done(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_done] (0x4000): releasing operation connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bbc470(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd7a10(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bbc470 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd7a10 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bbc470 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
(0x4000): Searching for overrides in view [Default Trust View] with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))][cn=Default
Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 23(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 23 timeout 6(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
23 finished(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
override found with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb2d60(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bc91d0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb2d60 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bc91d0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb2d60 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb1f60(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bc93a0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb1f60 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bc93a0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb1f60 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x1004][FAST BE_REQ_NETGROUP][1][name=office](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_netgr_next_base] (0x0400): Searching
for netgroups with base [cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(cn=office)(objectclass=ipaNisNetgroup))][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [member](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf](Thu Aug
11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberUser](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [externalHost](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nisDomainName](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
24(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 24
timeout 6(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [objectClass](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [cn](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberHost](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [nisDomainName](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
Total count [0](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
24 finished(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_netgroups_process] (0x0400):
Search for netgroups, returned 1 results.(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(|(memberOf=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com))(objectclass=ipaHost))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [fqdn](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[serverHostname](Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
25(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 25
timeout 6(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=goddard-l.internal.emerlyn.com
<http://goddard-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=crashplan-master.internal.emerlyn.com
<http://crashplan-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=staging-app-2.internal.emerlyn.com
<http://staging-app-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=nagios-2.internal.emerlyn.com
<http://nagios-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=metrics-1.internal.emerlyn.com
<http://metrics-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=rundeck-master.internal.emerlyn.com
<http://rundeck-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=pairing-vm2.internal.emerlyn.com
<http://pairing-vm2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN: [fqdn=mike-d.internal.emerlyn.com
<http://mike-d.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=jenkins.internal.emerlyn.com
<http://jenkins.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=sonar-01.internal.emerlyn.com
<http://sonar-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=emerlyn-loaner.internal.emerlyn.com
<http://emerlyn-loaner.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=graylog-01.internal.emerlyn.com
<http://graylog-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=utility-01.internal.emerlyn.com
<http://utility-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=lglassover-l.internal.emerlyn.com
<http://lglassover-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=docker-dev-02.internal.emerlyn.com
<http://docker-dev-02.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=docker-dev-03.internal.emerlyn.com
<http://docker-dev-03.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f970], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0](Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
25 finished(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_netgr_members_process] (0x2000):
Found 18 members in current search base(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_netgr_process_all] (0x2000): Extracting netgroup members of netgroup
0(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
Extracted 0 netgroup members(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_netgr_process_all] (0x4000): Extracting user members of netgroup 0(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
Extracted 0 user members(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_netgr_process_all] (0x4000): Extracting host members of netgroup 0(Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
Extracted 18 host members(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_netgr_process_all] (0x2000): Putting together triples of netgroup
0(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x2000): Storing
netgroup office(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): Adding
original DN [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] to
attributes of [office].(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_save_netgroup] (0x1000): No original members for netgroup [office](Thu
Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No members
for netgroup [office](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_save_netgroup] (0x0400): Storing info for netgroup office(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c135f0(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c136b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c135f0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c136b0 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c135f0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c1d5b0(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1d670(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c1d5b0 "ltdb_callback"(Thu Aug 11 15:05:26
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1d670 "ltdb_timeout"(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c1d5b0 "ltdb_callback"(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_done] (0x4000): releasing operation connection(Thu Aug 11
15:05:26 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request
processed. Returned 0,0,Success(Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[(nil)], ldap[0x1b977d0](Thu Aug 11 15:05:26 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bbfca0(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
request for [0x3][BE_REQ_INITGROUPS][1][name=jgoddard](Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_req_set_domain] (0x0400): Changing request domain from
[internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb26f0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb27b0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb26f0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb27b0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb26f0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb05e0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0b70(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb05e0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bc8730(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bc87f0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0b70 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb05e0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bc8730 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bb0b70(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bda750(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bc87f0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bc8730 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bda4d0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bc8670(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bda750 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb0b70 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bda4d0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bc8670 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bda4d0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_initgr_send] (0x4000):
Retrieving info for initgroups call(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_initgr_next_base] (0x0400): Searching for users with base
[cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(uid=jgoddard)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userPassword](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber](Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [homeDirectory](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [krbPrincipalName](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaNTSecurityIdentifier](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[shadowLastChange](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shadowMin](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax](Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shadowWarning](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[shadowInactive](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [shadowExpire](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [krbLastPwdChange](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[krbPasswordExpiration](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [authorizedService](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[accountExpires](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userAccountControl](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [host](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [loginExpirationTime](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[loginAllowedTimeMap](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUserAuthType](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[userCertificate;binary](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
26(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 26
timeout 6(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [uid](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [uidNumber](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [gidNumber](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [gecos](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory](Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [loginShell](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [cn](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [entryUSN](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [krbPasswordExpiration](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [nsAccountLock](Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaSshPubKey](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bb15d0], ldap[0x1b977d0](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_destructor] (0x2000): Operation 26 finished(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_initgr_user] (0x4000): Receiving info for the user(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): Storing
the user(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object jgoddard(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x0400): Processing user jgoddard(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x2000): Adding originalDN
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
attributes of [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x0400): Adding original memberOf attributes to
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding original mod-Timestamp [20160811190153Z] to attributes of
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding user
principal [jgoddard at INTERNAL.EMERLYN.COM <jgoddard at INTERNAL.EMERLYN.COM>]
to attributes of [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowMin is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowWarning is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
shadowExpire is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard].(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding krbPasswordExpiration [20170718194453Z] to attributes of
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
pwdAttribute is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
adAccountExpires is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available
for [jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
Adding nsAccountLock [FALSE] to attributes of [jgoddard].(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
authorizedHost is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
ndsLoginExpirationTime is not available for [jgoddard].(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): ndsLoginAllowedTimeMap is not
available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): Adding sshPublicKey
[c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
to attributes of [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_add_ldap_attr] (0x2000): authType is not available for
[jgoddard].(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
userCertificate is not available for [jgoddard].(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_save_user] (0x0400): Storing info for user jgoddard(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf2960(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf2a20(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2960 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf2a20 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2960 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c002a0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c00360(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c002a0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c00360 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c002a0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [userPassword] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c091e0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd090(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c091e0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd090 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c091e0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowLastChange] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfed00(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c02b70(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c02b70 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowMin] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf25f0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf25f0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowMax] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfed00(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd2b0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd2b0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowWarning] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c060e0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c02320(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c060e0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c02320 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c060e0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowInactive] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c01a10(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c05b90(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c01a10 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c05b90 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c01a10 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowExpire] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c01a10(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfed00(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c01a10 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfed00 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c01a10 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [shadowFlag] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c01a10(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c01a10 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [pwdAttribute] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd090(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd090 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [authorizedService] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c01a10(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c01a10 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [adAccountExpires] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd090(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd090 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [adUserAccountControl]
from [jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c09740(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c09740 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [authorizedHost] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf29a0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd090(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf29a0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd090 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf29a0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginDisabled] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf29a0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfed00(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf29a0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfed00 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf29a0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginExpirationTime]
from [jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfd2b0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf29a0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf29a0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfd2b0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginAllowedTimeMap]
from [jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfed00(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd2b0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd2b0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [authType] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bfed00(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfd090(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfd090 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfed00 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_remove_attrs] (0x2000): Removing attribute [userCertificate] from
[jgoddard](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 3)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf29a0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfed00(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf29a0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfed00 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf29a0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): cancel ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_initgr_user] (0x4000): Commit change(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf1a80(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf1b40(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf1a80 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf1b40 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf1a80 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_initgr_user] (0x4000): Process user's groups(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object jgoddard(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
server supports deref method OpenLDAP(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
Dereferencing entry
[uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] using
OpenLDAP deref(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send] (0x0400):
WARNING: Disabling paging because scope is set to base.(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
filter][uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [cn](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [gidNumber](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaNTSecurityIdentifier](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[modifyTimestamp](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [entryUSN](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaExternalMember](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 27(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 27 timeout 6(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bfed00], ldap[0x1b977d0](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: top(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
groupofnames(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: posixgroup(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
ipausergroup(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaobject(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
nestedGroup(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaNTGroupAttrs(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Found map for objectclass 'posixgroup'(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: objectClass(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: cn(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value: admins(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: gidNumber(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value: 320000000(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: member(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: ipaUniqueID(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
19821026-9d9b-11e4-8386-0050568354a7(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute:
ipaNTSecurityIdentifier(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
S-1-5-21-711561063-4190233445-1602496204-512(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 20160408185328Z(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 3382936(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: top(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
groupofnames(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: nestedgroup(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
ipausergroup(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaobject(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup'(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: objectClass(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: cn(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value: ipausers(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: member(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=mmasters,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=ntaylor,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=nagiosadmin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=rclay-storm,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=nagios,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=bandreoli,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=emerlyn,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=db-restore,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: ipaUniqueID(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
198528d8-9d9b-11e4-a057-0050568354a7(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 20160510140017Z(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 3855196(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaobject(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value: top(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipausergroup(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value: posixgroup(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: groupofnames(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
nestedgroup(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipantgroupattrs(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup'(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: objectClass(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: cn(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value: developers(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: gidNumber(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value: 320000019(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: member(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: ipaUniqueID(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
f047af7a-09fd-11e5-8827-0050568354a7(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute:
ipaNTSecurityIdentifier(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
S-1-5-21-711561063-4190233445-1602496204-1019(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 20160504191023Z(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 3757093(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipasudorule(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
ipaassociation(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): Dereferenced
DN:
cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaobject(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value: top(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipausergroup(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value: posixgroup(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: groupofnames(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
nestedgroup(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipantgroupattrs(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup'(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: objectClass(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: cn(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
jira-administrators(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: gidNumber(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value: 320000031(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: member(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: ipaUniqueID(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
48d1856c-3f73-11e5-94f7-0050568354a7(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute:
ipaNTSecurityIdentifier(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
S-1-5-21-711561063-4190233445-1602496204-1031(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 20160504191023Z(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: 3757081(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): All deref results from a single
control parsed(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
Total count [0](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
27 finished(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bf2480(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf2540(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2480 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf2540 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2480 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfcf30(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bffc10(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfcf30 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bffc10 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfcf30 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_search_by_name] (0x0400): No such entry(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_add_incomplete_groups] (0x1000): Group #1 [ipausers][ipausers] is not
cached, need to add a fake entry(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfcf30(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf29e0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfcf30 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf29e0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfcf30 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfcd70(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf8870(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfcd70 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf8870 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfcd70 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object admins(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object ipausers(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
[0][Success](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] (0x1000): The
group ipausers gid was missing(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_add_incomplete_groups] (0x0400): Marking group ipausers as non-posix
and setting GID=0!(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] (0x2000):
Adding fake group ipausers to sysdb(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf7860(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd8ba0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf7860 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd8ba0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf7860 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf8870(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf24c0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf8870 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf24c0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf8870 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_primary_name] (0x0400): Processing object admins(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000):
searching sysdb with filter
[(&(objectClass=group)(member=name=admins,cn=groups,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb))](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf2920(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd9100(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2920 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd9100 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2920 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x1000): admins is a member of 0 sysdb
groups(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): Looking up direct parents for group
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): The group
[cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
direct parents(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
(0x1000): The group admins is a direct member of 0 LDAP groups(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object ipausers(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x2000): searching sysdb with filter
[(&(objectClass=group)(member=name=ipausers,cn=groups,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb))](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf24c0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd9100(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf24c0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd9100 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf24c0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x1000): ipausers is a member of 0 sysdb
groups(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): Looking up direct parents for group
[cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): The group
[cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
direct parents(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
(0x1000): The group ipausers is a direct member of 0 LDAP groups(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object developers(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x2000): searching sysdb with filter
[(&(objectClass=group)(member=name=developers,cn=groups,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb))](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf24c0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf2920(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf24c0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf2920 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf24c0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x1000): developers is a member of 0 sysdb
groups(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): Looking up direct parents for group
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): The group
[cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
direct parents(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
(0x1000): The group developers is a direct member of 0 LDAP groups(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
Processing object jira-administrators(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x2000): searching sysdb with filter
[(&(objectClass=group)(member=name=jira-administrators,cn=groups,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb))](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf2920(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfed00(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2920 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfed00 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2920 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x1000): jira-administrators is a member of 0
sysdb groups(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): Looking up direct parents for group
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com](Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
(0x4000): The group
[cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
has 0 direct parents(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_initgr_nested_get_membership_diff] (0x1000): The group
jira-administrators is a direct member of 0 LDAP groups(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_initgr_store_user_memberships] (0x1000): The user jgoddard is a
direct member of 4 LDAP groups(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x2000): searching sysdb with filter
[(&(objectClass=group)(member=name=jgoddard,cn=users,cn=internal.emerlyn.com
<http://internal.emerlyn.com>,cn=sysdb))](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf2920(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3b80(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2920 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3b80 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2920 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sysdb_get_direct_parents] (0x1000): jgoddard is a member of 3 sysdb
groups(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships]
(0x2000): Updating memberships for jgoddard(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bfcf30(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf2a60(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bfcf30 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c0b340(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf24c0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf2a60 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bfcf30 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c0b340 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c15610(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c156d0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf24c0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c0b340 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c15610 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c16c30(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c16010(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c156d0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c15610 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c16c30 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd9560(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c0c530(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c16010 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c16c30 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd9560 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c0c530 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd9560 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_initgr_done] (0x4000): Initgroups done(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd3b80(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bfcf30(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd3b80 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bfcf30 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd3b80 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to
do.(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
operation connection(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf2cd0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1380(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2cd0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1380 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2cd0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1baf710(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb26f0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1baf710 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb26f0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1baf710 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1baf710(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bb0eb0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1baf710 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bb0eb0 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1baf710 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
(0x4000): Searching for overrides in view [Default Trust View] with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 28(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 28 timeout 6(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bb2de0], ldap[0x1b977d0](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0](Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
28 finished(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
override found with filter
[(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd3b80(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9f130(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd3b80 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9f130 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd3b80 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_add_timeout] (0x2000): 0x1bb15e0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[(nil)], ldap[0x1b977d0](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000):
0x1bb15e0(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1bc49b0(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request
processed. Returned 0,0,Success(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_pam_handler] (0x0100): Got request with the following data(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command:
SSS_PAM_AUTHENTICATE(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): domain: internal.emerlyn.com
<http://internal.emerlyn.com>(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): user: jgoddard(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): service: sudo(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): tty: /dev/pts/0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): ruser: jgoddard(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): rhost: (Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): authtok type: 1(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): newauthtok type: 0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): priv: 0(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): cli_pid: 5477(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): logon name: not set(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[krb5_auth_queue_send] (0x1000): Wait queue of user [jgoddard] is empty,
running request [0x1bb1ab0] immediately.(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [krb5_setup]
(0x4000): No mapping for: jgoddard(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bc93a0(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bc9460(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bc93a0 "ltdb_callback"(Thu Aug 11 15:05:29
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bc9460 "ltdb_timeout"(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bc93a0 "ltdb_callback"(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user
[jgoddard] found.(Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
to resolve service 'IPA'(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[get_server_status] (0x1000): Status of server
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'working'(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
port 389 for server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'working'(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
(0x2000): Resolve timeout set to 6 seconds(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved(Thu Aug
11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' is 'working'(Thu Aug 11
15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
Saving the first resolved server(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_resolve_server_process] (0x0200): Found address for server
id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200(Thu
Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
Constructed uri 'ldap://id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>'(Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid
[5481](Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): Signal
handler set up for pid [5481](Thu Aug 11 15:05:29 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[write_pipe_handler] (0x0400): All data has been sent!(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[read_pipe_handler] (0x0400): EOF received, client finished(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000):
child response [0][3][40].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[parse_krb5_child_response] (0x1000): child response
[0][-1073741822][30].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[parse_krb5_child_response] (0x1000): child response
[0][-1073741823][32].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[parse_krb5_child_response] (0x1000): TGT times are
[1470942330][1470942330][1471028729][0].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[parse_krb5_child_response] (0x1000): child response [0][6][8].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): Setting
status: PORT_WORKING. Called from: ../src/providers/krb5/krb5_auth.c:
krb5_auth_done: 1039(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'working'(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
Marking server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'working'(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
port 389 of duplicate server 'id-management-1.internal.emerlyn.com
<http://id-management-1.internal.emerlyn.com>' as 'working'(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [krb5_mod_ccname] (0x4000): Save ccname
[KEYRING:persistent:320000001] for user [jgoddard].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1b9f970(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9fa30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1b9f970 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9fa30 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1b9f970 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 0)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bca1a0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bca260(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bca1a0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bca260 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bca1a0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[check_wait_queue] (0x1000): Wait queue for user [jgoddard] is empty.(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [krb5_auth_queue_done] (0x1000):
krb5_auth_queue request [0x1bb1ab0] done.(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100):
Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): Sent
result [0][internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting for
child [5481].(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child [5481]
finished successfully.(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_dispatch] (0x4000): Dispatching.(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
[internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_pam_handler] (0x0100): Got request with the following data(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command:
SSS_PAM_ACCT_MGMT(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): domain:
internal.emerlyn.com <http://internal.emerlyn.com>(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): user: jgoddard(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): service: sudo(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): tty: /dev/pts/0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): ruser: jgoddard(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): rhost: (Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): authtok type: 0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): newauthtok type: 0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): priv: 0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): cli_pid: 5477(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[pam_print_data] (0x0100): logon name: not set(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_access_send] (0x0400): Performing access check for user
[jgoddard](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bb16d0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1b9f220(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bb16d0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1b9f220 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bb16d0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user
[jgoddard](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_account_expired_rhds] (0x4000):
Account for user [jgoddard] is not locked.(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [hbac_retry]
(0x4000): Connection status is [online].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [fqdn](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[serverHostname](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipaUniqueID](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
29(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 29
timeout 60(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectClass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [fqdn](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [serverHostname](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [memberOf](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaUniqueID](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd6aa0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
29 finished(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
server supports deref method OpenLDAP(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
Dereferencing entry [fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com]
using OpenLDAP deref(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_print_server] (0x2000): Searching 10.72.100.16(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because
scope is set to base.(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
filter][fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectClass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 30(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 30 timeout 60(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd6aa0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_x_deref_parse_entry] (0x0400): Got deref control(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaobject(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
ipahostgroup(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: nestedGroup(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
groupOfNames(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: top(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
mepOriginEntry(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found map for
objectclass 'ipahostgroup'(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: objectClass(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: cn(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: office(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x2000): Dereferenced attribute: memberOf(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value: cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
attribute value:
ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
attribute: ipaUniqueID(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced attribute value:
e91566cc-bb9f-11e4-b8b6-0050568354a7(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x1000): Dereferenced DN:
cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
ipanisnetgroup(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaobject(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
mepManagedEntry(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipaAssociation(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value: top(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): Dereferenced
DN:
ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
objectClass value: ipasudorule(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_deref] (0x4000): Dereferenced objectClass value:
ipaassociation(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): All
deref results from a single control parsed(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd6aa0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
30 finished(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_hostgroup_info_done] (0x0200):
Dereferenced host group: office(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_service_info_next] (0x0400): Sending request for next search
base:
[cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACService)](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(objectClass=ipaHBACService)][cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipauniqueid](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
31(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 31
timeout 60(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=sshd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=ftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=su,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=login,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=su-l,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=sudo,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=sudo-i,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=gdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=gdm-password,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=kdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[cn=proftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=vsftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=gssftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=crond,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_RESULT](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
Total count [0](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
31 finished(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_hbac_servicegroup_info_next]
(0x0400): Sending request for next search base:
[cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACServiceGroup)](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipauniqueid](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberOf](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid =
32(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 32
timeout 60(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [member](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
[cn=ftp,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [member](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1b9f3d0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
32 finished(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ipa_hbac_rule_info_next] (0x0400):
Sending request for next search base:
[cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
10.72.100.16(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))][cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [ipauniqueid](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs:
[ipaenabledflag](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [accessRuleType](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [userCategory](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [serviceCategory](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [sourceHostCategory](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
Requesting attrs: [memberHost](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
ldap_search_ext called, msgid = 33(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_op_add] (0x2000): New operation 33 timeout 60(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd1dd0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: ldap_result found nothing!(Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
type: [LDAP_RES_SEARCH_ENTRY](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_entry] (0x1000): OriginalDN:
[ipaUniqueID=19e5fa5a-9d9b-11e4-9cb5-0050568354a7,cn=hbac,dc=internal,dc=emerlyn,dc=com].(Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [objectclass](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [cn](Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [ipauniqueid](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [ipaenabledflag](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [accessRuleType](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [userCategory](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_parse_range] (0x2000): No sub-attributes for [serviceCategory](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
sub-attributes for [hostCategory](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
ops[0x1bd1dd0], ldap[0x1b977d0](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sdap_get_generic_op_finished] (0x2000): Total count [0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
33 finished(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 0)(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 1)(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd42a0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd4360(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd42a0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd4360 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd42a0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name:
[docker-dev-01.internal.emerlyn.com
<http://docker-dev-01.internal.emerlyn.com>].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4f50(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf5010(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4f50 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf5010 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4f50 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08000(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c080c0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08000 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c080c0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08000 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [office].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd40b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd4170(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd40b0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd4170 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd40b0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c06c10(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c06cd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c06c10 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c06cd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c06c10 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf2950(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf2950 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf2950 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [sshd].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf2910(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf2910 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf5110(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf5110 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf44b0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf5110 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [ftp].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c16c90(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c14fc0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c16c90 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c14fc0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c16c90 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [su].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c15130(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c151f0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c15130 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c151f0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c15130 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [login].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c17470(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c17470 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf44b0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c17470 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4fd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c17470(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c17470 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [su-l].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf4fd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf4fd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4fd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c17470(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c17470 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [sudo].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c17470(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c17470 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08a30 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c17470 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf44b0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [sudo-i].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4fd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08a30 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4fd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c199f0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c199f0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [gdm].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4fd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08a30 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4fd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf44b0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [gdm-password].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1e850(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1e850 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c06aa0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c06aa0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [kdm].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1b3a0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [proftpd].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf44b0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c1f350(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c199f0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c1f350 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c199f0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c1f350 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [vsftpd].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf44b0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1b3a0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf44b0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c1b3a0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c1b3a0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c1b3a0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [gssftp].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1b3a0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08a30 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [pure-ftpd].(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
(nesting: 2)(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x1bd1dd0(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf2910(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf2910 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c1fc80(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c20950(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c1fc80 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c20950 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c1fc80 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [crond].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c20950(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1fc80(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c20950 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1fc80 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c20950 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c1b3a0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1dd0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [Sudo].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c15070(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c15070 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c15070 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bf4570(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bf4630(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bf4570 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bf4630 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bf4570 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name: [ftp].(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c13750(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c13750 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c26210(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08580(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c26210 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08580 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c26210 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c25c20(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c25c20 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd1dd0 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c25c20 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_save_list] (0x4000): Object name:
[19e5fa5a-9d9b-11e4-9cb5-0050568354a7].(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c08a30(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c15070(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c15070 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c08a30 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): start ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1c13c00(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1c08580(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1c13c00 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1c08580 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1c13c00 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 3)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 2)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 1)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): commit ldb transaction (nesting: 0)(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd3d80(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3e40(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd3d80 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3e40 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd3d80 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_attrs_to_rule] (0x1000): Processing rule [allow_all](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_user_attrs_to_rule] (0x1000):
Processing users for rule [allow_all](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_get_category] (0x0200): Category is set to 'all'.(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_service_attrs_to_rule] (0x1000): Processing PAM services for rule
[allow_all](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200): Category is
set to 'all'.(Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_thost_attrs_to_rule] (0x1000):
Processing target hosts for rule [allow_all](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_get_category] (0x0200): Category is set to 'all'.(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule
[allow_all](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule] (0x2000):
Source hosts disabled, setting ALL(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1da0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3d80(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1da0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3d80 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1da0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_eval_user_element] (0x1000): [22] groups for [jgoddard](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
group [admins] for user [jgoddard](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_eval_user_element] (0x2000): Skipping non-group memberOf
[cn=Replication
Administrators,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Add Replication
Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Modify Replication
Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Remove Replication
Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Modify DNA
Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Modify PassSync Managers
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Add Configuration
Sub-Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Read LDBM Database
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Read PassSync Managers
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Read DNA
Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=System: Read Replication
Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=Host
Enrollment,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=System: Add krbPrincipalName to a
Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=System: Enroll a
Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=System: Manage Host
Certificates,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug
11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=System: Manage Host Enrollment
Password,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf [cn=System: Manage Host
Keytab,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
group [ipausers] for user [jgoddard](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[hbac_eval_user_element] (0x1000): Added group [developers] for user
[jgoddard](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
Skipping non-group memberOf
[ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
group [jira-administrators] for user [jgoddard](Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1da0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3d80(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1da0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3d80 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1da0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_callback": 0x1bd1da0(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Added timed event "ltdb_timeout": 0x1bd3d80(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Running timer event 0x1bd1da0 "ltdb_callback"(Thu Aug 11 15:05:32
2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
(0x4000): Destroying timer event 0x1bd3d80 "ltdb_timeout"(Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
0x1bd1da0 "ltdb_callback"(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule
[allow_all](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
operation connection(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
[Success](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0](Thu Aug 11
15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
ldap_result found nothing!(Thu Aug 11 15:05:32 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
[Success](Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100):
Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>](Thu
Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): Sent
result [0][internal.emerlyn.com <http://internal.emerlyn.com>](Thu Aug 11
15:05:36 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1b6eac0(Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service(Thu Aug 11 15:05:36 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:46 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1b6eac0(Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service(Thu Aug 11 15:05:46 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit(Thu Aug 11
15:05:56 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
0x1b6eac0(Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.(Thu
Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
<http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service(Thu Aug 11 15:05:56 2016)
[sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit*



On Thu, Aug 11, 2016 at 2:40 PM, Justin Stephenson <jstephen at redhat.com>
wrote:

> Hello,
>
> Could you increase the debug level to 9, restart sssd  + clear the cache
> and reproduce the problem then provide the sssd_<domain>.log as well as the
> sssd_sudo.log ?
>
> Also you may want to rule out HBAC issues with the below command:
>
>      # ipa hbactest --user 'jgoddard' --host $(hostname) --service sudo
>
> Kind regards,
>
> Justin Stephenson
> On 08/11/2016 02:24 PM, Jeff Goddard wrote:
>
> Here is relevant configuration files:
>
> *nsswitch.conf:*
>
> passwd:         compat sss
> group:          compat sss
> shadow:         compat sss
> gshadow:        files
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files sss
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis sss
> sudoers: sss files
>
> *sssd.conf:*
>
> [domain/internal.emerlyn.com]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = internal.emerlyn.com
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = docker-dev-01.internal.emerlyn.com
> chpass_provider = ipa
> ipa_server = _srv_, id-management-1.internal.emerlyn.com
> ldap_tls_cacert = /etc/ipa/ca.crt
> sudo_provider=ipa
> ldap_uri=ldap://id-management-1.internal.emerlyn.com
> ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
> debug_level=7
>
> [sssd]
> services = nss, pam, sudo, ssh
> debug_level=7
> domains = internal.emerlyn.com
>
> [nss]
> homedir_substring = /home
>
> [pam]
>
> [sudo]
> debug_level=7
> [autofs]
>
> [ssh]
> debug_level=7
> [pac]
>
> [ifp]
>
>
>
> *Log output - /var/log/sssd/sssd_sudo.log: *(Thu Aug 11 12:21:43 2016)
> [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%
> admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+
> *))(&(dataExpireTimestamp<=1470932503)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> name=defaults)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> * (*Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%
> admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+
> *))(&(dataExpireTimestamp<=1470932503)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)
> (sudoUser=%developers)(sudoUser=%jira-administrators)
> (sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
> Sorting rules with higher-wins logic
> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv] (0x0200): Client
> disconnected!
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
> Client connected!
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%
> admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+
> *))(&(dataExpireTimestamp<=1470932532)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> name=defaults)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%
> admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+
> *))(&(dataExpireTimestamp<=1470932532)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)
> (sudoUser=%developers)(sudoUser=%jira-administrators)
> (sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
> Sorting rules with higher-wins logic
> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>
>
> On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> Jeff Goddard wrote:
>>
>>> I've looked though these but not found anything helpful. It appears as
>>> though my previous statement about the 1 group being found was
>>> misleading as the sssd.$mydomain.com.log file reports that no sudo rules
>>> are found. Does this mean that the LDAP tree being searched is different
>>> on ubuntu vs centos?
>>>
>>
>> I find that extremely unlikely.
>>
>> You may want to outline more what you've already checked.
>>
>> For example, is sss in sudoers in /etc/nsswitch.conf?
>>
>> You can check the 389-ds access log to see what, if any queries are being
>> made. I'd clean the sssd cache in advance.
>>
>> rob
>>
>>
>>> Jeff
>>>
>>> On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden <rcritten at redhat.com
>>> <mailto:rcritten at redhat.com>> wrote:
>>>
>>>     Jeff Goddard wrote:
>>>
>>>         Sean,
>>>
>>>         Thanks for the reply. I don't think that's my problem but I'm
>>>         posting a
>>>         redacted copy of the sssd.conf file for review below.
>>>
>>>
>>>     I'd start here:
>>>     https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>>     <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>>>
>>>     rob
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> Jeff Goddard
> Director of Information Technology
> Emerlyn Technology
>
> Email: jgoddard at emerlyn.com
> Telephone: (603) 447-8571
> Toll free: (888) 363-7596 ext. 108
> Fax: (603) 356-3346
>
>
>
>
>


Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/abaf808d/attachment.htm>

From jstephen at redhat.com  Thu Aug 11 20:14:46 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Thu, 11 Aug 2016 16:14:46 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
Message-ID: <5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>

I checked the logs but I don't see any problem the sssd processing of 
the sudo attempt, I will defer to others on the mailing list however in 
case I missed something.

What is the exact error when sudo fails? I suppose the PAM stack could 
be misconfigured or strace may be useful to look at, you can also enable 
debugging for sudo itself in /etc/sudo.conf as the SSSD troubleshooting 
wiki mentions.

===================================

    I see in the logs that the client does a LDAP search finds the
    sudorule called 'All' which gets stored in the cache file

         (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com]]]
    [sysdb_sudo_store_rule] (0x0400): Adding sudo rule All

    sssd finds the rule in the cache successfully for this user as part
    of the 'developers' group

         (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
    [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for
    [jgoddard at internal.emerlyn.com <mailto:jgoddard at internal.emerlyn.com>]

    successful response here from the backend for the PAM auth and acct
    section of the sudo call

        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler] (0x0100): Got request with the following data
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): domain: internal.emerlyn.com
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): user: jgoddard
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): service: sudo
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): tty: /dev/pts/0
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): ruser: jgoddard
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): rhost:
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): authtok type: 1
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): newauthtok type: 0
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): priv: 0
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): cli_pid: 5477
        (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): logon name: not set
        <snip>
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
        <NULL>) [Success]
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Sending result
        [0][internal.emerlyn.com]
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Sent result
        [0][internal.emerlyn.com]


        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): domain: internal.emerlyn.com
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): user: jgoddard
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): service: sudo
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): tty: /dev/pts/0
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): ruser: jgoddard
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): rhost:
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): authtok type: 0
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): newauthtok type: 0
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): priv: 0
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): cli_pid: 5477
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [pam_print_data] (0x0100): logon name: not set
        <snip>
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
        <NULL>) [Success]
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60],
        connected[1], ops[(nil)], ldap[0x1b977d0]
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Backend returned: (0, 0,
        Success) [Success]
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Sending result
        [0][internal.emerlyn.com]
        (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
        [be_pam_handler_callback] (0x0100): Sent result
        [0][internal.emerlyn.com]

Kind regards,
Justin Stephenson


On 08/11/2016 03:26 PM, Jeff Goddard wrote:
> Thanks you for the response. Here are the requested outputs. I did 
> manually delete the cache via the command
> rm -rf /var/lib/sss/db/*
>
> prior to issues the sudo -l command as the jgoddard user
> [jgoddard at id-management-1 root]$ ipa hbactest --user 'jgoddard' --host 
> docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com> --service sudo
> --------------------
> Access granted: True
> --------------------
>   Matched rules: allow_all
>
> */var/log/sssd/sssd_sudo.log:
> *(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b44dc0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b47310
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b44dc0 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b47310 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b44dc0 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b57730
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4ade0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b57730 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4ade0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b57730 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): 
> About to get sudo rules from cache
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51c90
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4ade0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51c90 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4ade0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51c90 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51990
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b44dc0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b44dc0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51990
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b44dc0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b44dc0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): 
> Sorting rules with higher-wins logic
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for 
> [jgoddard at internal.emerlyn.com <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client 
> disconnected!
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000): 
> Terminated client [0x1b51d80][18]
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> root at docker-dev-01:/home/jgoddard# cat 
> /var/log/sssd/sssd_sudo.log|grep 15:05
> (Thu Aug 11 15:05:02 2016) [sssd[sudo]] [sss_responder_ctx_destructor] 
> (0x0400): Responder is being shut down
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [server_setup] (0x0400): 
> CONFDB: /var/lib/sss/db/config.ldb
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal] 
> (0x0400): No enumeration for [internal.emerlyn.com 
> <http://internal.emerlyn.com>]!
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal] 
> (0x1000): pwd_expiration_warning is -1
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] 
> (0x0400): Adding connection 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000): 
> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface] 
> (0x0400): Registering interface org.freedesktop.sssd.service with path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path] 
> (0x0400): Registering object path /org/freedesktop/sssd/service with 
> D-Bus connection
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface] 
> (0x0400): Registering interface org.freedesktop.DBus.Properties with 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface] 
> (0x0400): Registering interface org.freedesktop.DBus.Introspectable 
> with path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [monitor_common_send_id] 
> (0x0100): Sending ID: (sudo,1)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000): 
> 0x1b3d330
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_names_init_from_args] 
> (0x0100): Using re 
> [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_fqnames_init] (0x0100): 
> Using fq format [%1$s@%2$s].
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] 
> (0x0400): Adding connection 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000): 
> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface] 
> (0x0400): Registering interface org.freedesktop.sssd.dataprovider with 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path] 
> (0x0400): Registering object path /org/freedesktop/sssd/dataprovider 
> with D-Bus connection
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface] 
> (0x0400): Registering interface org.freedesktop.DBus.Properties with 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface] 
> (0x0400): Registering interface org.freedesktop.DBus.Introspectable 
> with path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_common_send_id] (0x0100): 
> Sending ID to DP: (1,SUDO)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000): 
> 0x1b47b30
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sysdb_domain_init_internal] 
> (0x0200): DB File for internal.emerlyn.com 
> <http://internal.emerlyn.com>: 
> /var/lib/sss/db/cache_internal.emerlyn.com.ldb
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4a1f0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4a2b0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4a1f0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4a2b0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4a1f0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x0400): asq: Unable to 
> register control with rootdse!
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4a230
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4a2f0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4a230 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4a2f0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4a230 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4a300
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4a3c0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4a3c0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_process_init] (0x0400): 
> Responder Initialization complete
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'root' matched without domain, user is root
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400): 
> Adding [NCE/USER/internal.emerlyn.com/root 
> <http://internal.emerlyn.com/root>] to negative cache permanently
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'root' matched without domain, user is root
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400): 
> Adding [NCE/GROUP/internal.emerlyn.com/root 
> <http://internal.emerlyn.com/root>] to negative cache permanently
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sudo_process_init] (0x0400): 
> SUDO Initialization complete
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_issue_request] 
> (0x0400): Issuing request for [0x40df50:domains at internal.emerlyn.com 
> <mailto:0x40df50%3Adomains at internal.emerlyn.com>]
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_get_domains_msg] 
> (0x0400): Sending get domains request for [internal.emerlyn.com 
> <http://internal.emerlyn.com>][]
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000): 
> 0x1b4bcb0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_internal_get_send] 
> (0x0400): Entering request [0x40df50:domains at internal.emerlyn.com 
> <mailto:0x40df50%3Adomains at internal.emerlyn.com>]
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000): 
> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] 
> (0x2000): 0x1b47b30
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_id_callback] (0x0100): Got 
> id ack and version (1) from DP
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] 
> (0x2000): 0x1b3d330
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [id_callback] (0x0100): Got id 
> ack and version (1) from Monitor
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_remove_timeout] 
> (0x2000): 0x1b4bcb0
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b46310
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_get_reply] (0x1000): 
> Got reply from Data Provider - DP error code: 0 errno: 0 error 
> message: Success
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4ade0
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b47e60
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4ade0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b47e60 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4ade0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4a300
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b51d80
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b51d80 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b49350
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b456f0
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b49350 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b456f0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b49350 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_req_destructor] 
> (0x0400): Deleting request: [0x40df50:domains at internal.emerlyn.com 
> <mailto:0x40df50%3Adomains at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [get_client_cred] (0x4000): 
> Client creds: euid[0] egid[0] pid[5477].
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [accept_fd_handler] (0x0400): 
> Client connected!
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] 
> (0x0200): Received client version [1].
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] 
> (0x0200): Offered version [1].
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using 
> protocol version [1]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done] 
> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] 
> (0x2000): Checking negative cache for 
> [NCE/USER/internal.emerlyn.com/jgoddard 
> <http://internal.emerlyn.com/jgoddard>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200): 
> Requesting info about [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4bb60
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4bc20
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4bc20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): 
> Returning info for user [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): 
> Retrieving default options for [jgoddard] from [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4bb60
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4bc20
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4bc20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b456f0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4f420
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4f420 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b59070
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b47f20
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b59070 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b47f20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b59070 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): 
> About to get sudo rules from cache
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(name=defaults)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b456f0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b47310
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b47310 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for 
> [<default options>@internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using 
> protocol version [1]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains] 
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done] 
> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] 
> (0x2000): Checking negative cache for 
> [NCE/USER/internal.emerlyn.com/jgoddard 
> <http://internal.emerlyn.com/jgoddard>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200): 
> Requesting info about [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b4a580
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4a640
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b4a580 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4a640 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b4a580 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400): 
> Returning info for user [jgoddard at internal.emerlyn.com 
> <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400): 
> Retrieving rules for [jgoddard] from [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51c90
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4ade0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4ade0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b44dc0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b47310
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b44dc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b47310 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b44dc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b57730
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4ade0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b57730 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4ade0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b57730 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): 
> About to get sudo rules from cache
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51c90
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b4ade0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b4ade0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51990
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b44dc0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b44dc0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with 
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_callback": 0x1b51990
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed 
> event "ltdb_timeout": 0x1b44dc0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer 
> event 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying 
> timer event 0x1b44dc0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer 
> event 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): 
> Sorting rules with higher-wins logic
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] 
> [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for 
> [jgoddard at internal.emerlyn.com <mailto:jgoddard at internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): 
> Idle timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client 
> disconnected!
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000): 
> Terminated client [0x1b51d80][18]
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus 
> conn: 0x1b42660
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): 
> Dispatching.
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] 
> (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on 
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send] 
> (0x2000): Not a sysbus message, quit
>
> */var/log/sssd/sssd_$domain:
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_remove_watch] (0x2000): 
> 0x93cf00/0x93b9b0
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_remove_watch] (0x2000): 
> 0x93cf00/0x920410
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [remove_krb5_info_files] (0x0200): 
> Could not remove 
> [/var/lib/sss/pubconf/kpasswdinfo.INTERNAL.EMERLYN.COM 
> <http://kpasswdinfo.INTERNAL.EMERLYN.COM>], [2][No such file or directory]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400): 
> Terminating periodic task [SUDO Smart Refresh]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400): 
> Terminating periodic task [SUDO Full Refresh]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000): 
> Trace: sh[0x943830], connected[1], ops[(nil)], ldap[0x936580], 
> destructor_lock[0], release_memory[0]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [remove_connection_callback] 
> (0x4000): Successfully removed connection callback.
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_remove_watch] (0x2000): 
> 0x922860/0x9237a0
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [remove_socket_symlink] (0x4000): The 
> symlink points to 
> [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5155]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [remove_socket_symlink] (0x4000): The 
> path including our pid is 
> [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5155]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [remove_socket_symlink] (0x4000): 
> Removed the symlink
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): 
> Removed SUDO client
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): 
> Removed SSH client
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): 
> Removed PAM client
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): 
> Removed NSS client
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400): 
> Removed PAC client
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [server_setup] (0x0400): CONFDB: 
> /var/lib/sss/db/config.ldb
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> lookup_family_order has value ipv4_first
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dns_resolver_timeout has value 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dns_resolver_op_timeout has value 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dns_discovery_domain has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_res_get_opts] (0x0100): Lookup 
> order: ipv4_first
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [recreate_ares_channel] (0x0100): 
> Initializing new c-ares channel
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_context_init] (0x0400): Created 
> new fail over context, retry timeout is 30
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [confdb_get_domain_internal] 
> (0x0400): No enumeration for [internal.emerlyn.com 
> <http://internal.emerlyn.com>]!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [confdb_get_domain_internal] 
> (0x1000): pwd_expiration_warning is -1
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_domain_init_internal] 
> (0x0200): DB File for internal.emerlyn.com 
> <http://internal.emerlyn.com>: 
> /var/lib/sss/db/cache_internal.emerlyn.com.ldb
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b83020
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b830e0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b83020 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b830e0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b83020 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x0400): asq: Unable to 
> register control with rootdse!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b82220
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b822e0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b82220 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b822e0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b82220 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b822e0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b6d8c0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b822e0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b6d8c0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b822e0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): 
> Adding connection 0x1b6eac0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1b84310/0x1b6c3a0 (15), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3f0 (15), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.sssd.service with path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_conn_register_path] (0x0400): 
> Registering object path /org/freedesktop/sssd/service with D-Bus 
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Properties with path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Introspectable with path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [monitor_common_send_id] (0x0100): 
> Sending ID: (%BE_internal.emerlyn.com <http://BE_internal.emerlyn.com>,1)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_timeout] (0x2000): 0x1b6c560
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3f0 (15), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3a0 (15), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_names_init_from_args] (0x0100): 
> Using re 
> [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_fqnames_init] (0x0100): Using fq 
> format [%1$s@%2$s].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [create_socket_symlink] (0x1000): 
> Symlinking the dbus path 
> /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466 to a link 
> /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com 
> <http://sbus-dp_internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_new_server] (0x0400): D-BUS 
> Server listening on 
> unix:path=/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466,guid=0bf360c8f774f978ad53dd4157accc6c
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1b85860/0x1b867a0 (16), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Loading backend [ipa] with path 
> [/usr/lib/x86_64-linux-gnu/sssd/libsss_ipa.so].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_domain has value internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_server has value _srv_, id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_backup_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_hostname has value docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_hbac_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_host_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_selinux_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_subdomains_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_master_domain_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_realm has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_hbac_refresh has value 5
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_selinux_refresh has value 5
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_hbac_support_srchost is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_automount_location has value default
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_ranges_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_enable_dns_sites is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_server_mode is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ipa_views_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_new_service] (0x0400): Creating 
> new service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_add_srv_server] (0x0400): Adding 
> new SRV server to service 'IPA' using 'tcp'.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added 
> service lookup for service IPA
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): 
> Inserted primary server 'id-management-1.internal.emerlyn.com:0 
> <http://id-management-1.internal.emerlyn.com:0>' to service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added 
> Server id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_uri has value ldap://id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_backup_uri has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_default_bind_dn has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_default_authtok_type has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_default_authtok has no binary value.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_search_timeout has value 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_network_timeout has value 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_opt_timeout has value 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_tls_reqcert has value hard
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_user_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_user_search_scope has value sub
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_user_search_filter has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_user_extra_attrs has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_group_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_group_search_scope has value sub
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_group_search_filter has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_service_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_search_base has value ou=sudoers,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_full_refresh_interval has value 21600
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_smart_refresh_interval has value 900
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_use_host_filter is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_hostnames has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_ip has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_include_netgroups is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sudo_include_regexp is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_autofs_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_autofs_map_master_name has value auto.master
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_schema has value ipa_v1
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_offline_timeout has value 60
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_force_upper_case_realm is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_enumeration_refresh_timeout has value 300
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_purge_cache_timeout has value 0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_tls_cacert has value /etc/ipa/ca.crt
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_tls_cacertdir has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_tls_cert has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_tls_key has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_tls_cipher_suite has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_id_use_start_tls is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_id_mapping is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sasl_mech has value GSSAPI
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sasl_authid has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sasl_realm has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sasl_minssf has value 56
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_krb5_keytab has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_krb5_init_creds is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_backup_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_realm has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_canonicalize is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_use_kdcinfo is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_pwd_policy has value none
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_referrals is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> account_cache_expiration has value 0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_dns_service_name has value ldap
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_krb5_ticket_lifetime has value 86400
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_access_filter has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_netgroup_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_group_nesting_level has value 2
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_deref has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_account_expire_policy has value ipa
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_access_order has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_chpass_uri has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_chpass_backup_uri has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_chpass_dns_service_name has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_chpass_update_last_change is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_enumeration_search_timeout has value 60
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_auth_disable_tls_never_use_in_production is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_page_size has value 1000
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_deref_threshold has value 10
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_sasl_canonicalize is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_connection_expire_timeout has value 900
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_disable_paging is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_range_min has value 200000
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_range_max has value 2000200000
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_range_size has value 200000
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_autorid_compat is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_default_domain has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_default_domain_sid has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_idmap_helper_table_size has value 10
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_groups_use_matching_rule_in_chain is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_initgroups_use_matching_rule_in_chain is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_use_tokengroups is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_rfc2307_fallback_to_local_users is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_disable_range_retrieval is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_min_id has value 0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_max_id has value 0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> ldap_pwdlockout_dn has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> wildcard_limit has value 1000
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> ldap_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [DEFAULT][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_set_sasl_options] (0x0100): 
> Will look for docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in 
> default keytab
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] 
> (0x0200): trying to select the most appropriate principal from keytab
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000): 
> Trying to find principal 
> docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in 
> keytab.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x0400): 
> No principal matching 
> docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> found 
> in keytab.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000): 
> Trying to find principal DOCKER-DEV-01$@INTERNAL.EMERLYN.COM 
> <http://INTERNAL.EMERLYN.COM> in keytab.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x0400): 
> No principal matching DOCKER-DEV-01$@INTERNAL.EMERLYN.COM 
> <http://INTERNAL.EMERLYN.COM> found in keytab.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000): 
> Trying to find principal 
> host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in 
> keytab.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [match_principal] (0x1000): Principal 
> matched to the sample 
> (host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>).
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] 
> (0x0200): Selected primary: host/docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] 
> (0x0200): Selected realm: INTERNAL.EMERLYN.COM 
> <http://INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_set_sasl_options] (0x0100): 
> Option ldap_sasl_authid set to host/docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_set_sasl_options] (0x0100): 
> Option ldap_sasl_realm set to INTERNAL.EMERLYN.COM 
> <http://INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> ldap_user_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [USER][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [GROUP][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> ldap_netgroup_search_base set to 
> cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [NETGROUP][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option 
> ipa_host_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_HOST][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> ipa_hbac_search_base set to cn=hbac,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_HBAC][cn=hbac,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option 
> ipa_selinux_search_base set to cn=selinux,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_SELINUX][cn=selinux,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option 
> ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [SERVICE][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option 
> ipa_subdomains_search_base set to cn=trusts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_SUBDOMAINS][cn=trusts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option 
> ipa_master_domain_search_base set to 
> cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option 
> ipa_ranges_search_base set to 
> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_RANGES][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option 
> ipa_views_search_base set to 
> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [IPA_VIEWS][cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_entry_usn has value entryUSN
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_rootdse_last_usn has value lastUSN
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_object_class has value posixAccount
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_name has value uid
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_pwd has value userPassword
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_uid_number has value uidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_gid_number has value gidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_gecos has value gecos
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_home_directory has value homeDirectory
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shell has value loginShell
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_principal has value krbPrincipalName
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_fullname has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_member_of has value memberOf
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_objectsid has value ipaNTSecurityIdentifier
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_primary_group has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_modify_timestamp has value modifyTimestamp
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_entry_usn has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_last_change has value shadowLastChange
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_min has value shadowMin
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_max has value shadowMax
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_warning has value shadowWarning
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_inactive has value shadowInactive
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_expire has value shadowExpire
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shadow_flag has value shadowFlag
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_krb_last_pwd_change has value krbLastPwdChange
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_krb_password_expiration has value krbPasswordExpiration
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_pwd_attribute has value pwdAttribute
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_authorized_service has value authorizedService
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_ad_account_expires has value accountExpires
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_ad_user_account_control has value userAccountControl
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_ns_account_lock has value nsAccountLock
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_authorized_host has value host
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_nds_login_disabled has value loginDisabled
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_nds_login_expiration_time has value loginExpirationTime
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_nds_login_allowed_time_map has value loginAllowedTimeMap
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_ssh_public_key has value ipaSshPubKey
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_auth_type has value ipaUserAuthType
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_certificate has value userCertificate;binary
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_object_class has value ipaUserGroup
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_object_class_alt has value posixGroup
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_pwd has value userPassword
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_gid_number has value gidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_member has value member
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_objectsid has value ipaNTSecurityIdentifier
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_modify_timestamp has value modifyTimestamp
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_entry_usn has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_type has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_external_member has value ipaExternalMember
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_object_class has value ipaNisNetgroup
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_member has value member
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_member_of has value memberOf
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_member_user has value memberUser
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_member_host has value memberHost
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_member_ext_host has value externalHost
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_domain has value nisDomainName
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_netgroup_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_object_class has value ipaHost
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_fqdn has value fqdn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_serverhostname has value serverHostname
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_member_of has value memberOf
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_ssh_public_key has value ipaSshPubKey
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_host_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_hostgroup_objectclass has value ipaHostgroup
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_hostgroup_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_hostgroup_memberof has value memberOf
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_hostgroup_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_service_object_class has value ipService
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_service_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_service_port has value ipServicePort
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_service_proto has value ipServiceProtocol
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_service_entry_usn has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_object_class has value ipaselinuxusermap
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_member_user has value memberUser
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_member_host has value memberHost
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_see_also has value seeAlso
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_selinux_user has value ipaSELinuxUser
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_enabled has value ipaEnabledFlag
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_user_category has value userCategory
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_host_category has value hostCategory
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_selinux_usermap_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_view_class has value nsContainer
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_view_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_overide_object_class has value ipaOverrideAnchor
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_anchor_uuid has value ipaAnchorUUID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_user_override_object_class has value ipaUserOverride
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ipa_group_override_object_class has value ipaGroupOverride
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_name has value uid
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_uid_number has value uidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_gid_number has value gidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_gecos has value gecos
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_home_directory has value homeDirectory
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_shell has value loginShell
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_group_gid_number has value gidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_user_ssh_public_key has value ipaSshPubKey
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_update is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_refresh_interval has value 0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_iface has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_ttl has value 1200
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_update_ptr is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_force_tcp is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_auth has value gss-tsig
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> dyndns_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b93620
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b97080
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b93620 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b97080 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b93620 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_setup_tasks] (0x0400): 
> Setting up cleanup task for internal.emerlyn.com 
> <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b8fce0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b96770
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b8fce0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b96770 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b8fce0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sssm_ipa_id_init] (0x0020): Cannot 
> find view name in the cache. Will do online lookup later.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin] 
> (0x0400): Trying to set SRV lookup plugin to DNS
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin] 
> (0x0400): SRV lookup plugin is now DNS
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): ID 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_domain has value internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_server has value _srv_, id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_backup_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hostname has value docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hbac_search_base has value cn=hbac,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_host_search_base has value cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_selinux_search_base has value cn=selinux,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_subdomains_search_base has value 
> cn=trusts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_master_domain_search_base has value 
> cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> krb5_realm has value INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hbac_refresh has value 5
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_selinux_refresh has value 5
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hbac_support_srchost is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_automount_location has value default
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_ranges_search_base has value 
> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_enable_dns_sites is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_server_mode is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_views_search_base has value 
> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_backup_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_realm has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_ccachedir has value /tmp
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_ccname_template has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_auth_timeout has value 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_keytab has value /etc/krb5.keytab
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_validate is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_kpasswd has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_backup_kpasswd has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_store_password_if_offline is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_renewable_lifetime has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_lifetime has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_renew_interval has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_use_fast has value try
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_fast_principal has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_canonicalize is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_use_enterprise_principal is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_use_kdcinfo is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option 
> krb5_map_user has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [krb5_try_kdcip] (0x0100): No KDC 
> found in configuration, trying legacy option
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0400): 
> Option krb5_realm set to INTERNAL.EMERLYN.COM 
> <http://INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): 
> Option krb5_fast_principal set to 
> host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): 
> Option krb5_use_kdcinfo set to true
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_and_export_lifetime] (0x0200): 
> No lifetime configured.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_and_export_lifetime] (0x0200): 
> No lifetime configured.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_and_export_options] (0x0100): 
> No KDC explicitly configured, using defaults.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_and_export_options] (0x0100): 
> No kpasswd server explicitly configured, using the KDC or defaults.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [parse_krb5_map_user] (0x0200): 
> Warning: krb5_map_user is empty!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): AUTH 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_domain has value internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_server has value _srv_, id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_backup_server has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hostname has value docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hbac_search_base has value cn=hbac,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_host_search_base has value cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_selinux_search_base has value cn=selinux,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_subdomains_search_base has value 
> cn=trusts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_master_domain_search_base has value 
> cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> krb5_realm has value INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hbac_refresh has value 5
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_selinux_refresh has value 5
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_hbac_support_srchost is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_automount_location has value default
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_ranges_search_base has value 
> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_enable_dns_sites is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_server_mode is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> ipa_views_search_base has value 
> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option 
> krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): ACCESS 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): CHPASS 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sssm_ipa_sudo_init] (0x2000): 
> Initializing IPA sudo handler
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x2000): 
> Initializing IPA sudo back end
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x0400): Using LDAP 
> schema for sudo
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_init] (0x2000): 
> Initializing sudo LDAP back end
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [SUDO][ou=sudoers,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_object_class has value sudoRole
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_name has value cn
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_command has value sudoCommand
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_host has value sudoHost
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_user has value sudoUser
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_option has value sudoOption
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_runas has value sudoRunAs
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_runasuser has value sudoRunAsUser
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_runasgroup has value sudoRunAsGroup
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_notbefore has value sudoNotBefore
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_notafter has value sudoNotAfter
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_order has value sudoOrder
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_sudorule_entry_usn has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1ba05e0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9c740
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1ba05e0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9c740 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1ba05e0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400): Periodic 
> task [SUDO Full Refresh] was created
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400): Task 
> [SUDO Full Refresh]: scheduling task 0 seconds from now [1470942316]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400): Periodic 
> task [SUDO Smart Refresh] was created
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400): Task 
> [SUDO Smart Refresh]: scheduling task 900 seconds from now [1470943216]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): SUDO 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no 
> module name found in confdb, using [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sssm_ipa_autofs_init] (0x2000): 
> Initializing IPA autofs handler
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_autofs_init] (0x2000): 
> Initializing autofs LDAP back end
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_autofs_options] (0x1000): 
> Option ldap_autofs_search_base set to 
> cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100): 
> Search base added: 
> [AUTOFS][cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_autofs_map_object_class has value automountMap
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_autofs_map_name has value automountMapName
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_autofs_entry_object_class has value automount
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_autofs_entry_key has value automountKey
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option 
> ldap_autofs_entry_value has value automountInformation
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): autofs 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no 
> module name found in confdb, using [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): selinux 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no 
> module name found in confdb, using [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): HOST 
> backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no 
> module name found in confdb, using [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): 
> Backend [ipa] already loaded.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_config_status] (0x4000): IPA 
> subdomain provider is configured implicit.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_subdom_reinit] (0x2000): 
> Re-initializing domain internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_write_krb5_localauth_snippet] 
> (0x0200): File for localauth plugin configuration is 
> [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9e080
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1ba02b0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9e080 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1ba02b0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9e080 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1ba02b0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1ba0370
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1ba02b0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1ba0370 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1ba02b0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1ba15f0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9fae0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1ba15f0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9fae0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1ba15f0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_write_domain_mappings] (0x0200): 
> Mapping file for domain [internal.emerlyn.com 
> <http://internal.emerlyn.com>] is 
> [/var/lib/sss/pubconf/krb5.include.d/domain_realm_internal_emerlyn_com]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): 
> Get-Subdomains backend target successfully loaded from provider [ipa].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [become_user] (0x0200): Trying to 
> become user [0][0].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [become_user] (0x0200): Already user [0].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [main] (0x0400): Backend provider 
> (internal.emerlyn.com <http://internal.emerlyn.com>) started!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_execute] (0x0400): Task 
> [SUDO Full Refresh]: executing task, timeout 21600 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_full_refresh_send] 
> (0x0400): Issuing a full refresh of sudo rules
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> beginning to connect
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): 
> Trying to resolve service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port 
> status of port 0 for server '(no name)' is 'neutral'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout] 
> (0x2000): Resolve timeout set to 6 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The 
> status of SRV lookup is neutral
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_discover_srv_next_domain] 
> (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery 
> domain 'internal.emerlyn.com <http://internal.emerlyn.com>'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_getsrv_send] (0x0100): Trying 
> to resolve SRV record of '_ldap._tcp.internal.emerlyn.com 
> <http://tcp.internal.emerlyn.com>'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [schedule_request_timeout] (0x2000): 
> Scheduling a timeout of 6 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000): 
> Scheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3f0 (15), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3a0 (15), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3f0 (15), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3a0 (15), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3f0 (15), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3a0 (15), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3f0 (15), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1b84310/0x1b6c3a0 (15), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000): 0x1b6c560
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [id_callback] (0x0100): Got id ack 
> and version (1) from Monitor
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unschedule_timeout_watcher] 
> (0x4000): Unscheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_getsrv_done] (0x1000): Using 
> TTL [86400]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400): 
> Deleting request watch
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400): Got 
> answer. Processing...
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400): Got 
> 3 servers
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): 
> Inserted primary server 'idmfs-01.internal.emerlyn.com:389 
> <http://idmfs-01.internal.emerlyn.com:389>' to service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): 
> Inserted primary server 'id-management-1.internal.emerlyn.com:389 
> <http://id-management-1.internal.emerlyn.com:389>' to service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): 
> Inserted primary server 'id-management-2.internal.emerlyn.com:389 
> <http://id-management-2.internal.emerlyn.com:389>' to service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_srv_data_status] (0x0100): 
> Marking SRV lookup of service 'IPA' as 'resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' is 'name not resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000): 
> [idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>] 
> does not look like an IP address
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000): 
> Querying files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send] 
> (0x0100): Trying to resolve A record of 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' in files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100): 
> Marking server 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' as 'resolving name'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000): 
> Querying files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send] 
> (0x0100): Trying to resolve AAAA record of 
> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' 
> in files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_next] (0x0200): 
> No more address families to retry
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000): 
> Querying DNS
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query] 
> (0x0100): Trying to resolve A record of 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' in DNS
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [schedule_request_timeout] (0x2000): 
> Scheduling a timeout of 6 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000): 
> Scheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unschedule_timeout_watcher] 
> (0x4000): Unscheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] 
> (0x1000): Parsing an A reply
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400): 
> Deleting request watch
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100): 
> Marking server 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' as 'name resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000): 
> Saving the first resolved server
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200): 
> Found address for server idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>: [10.72.100.56] TTL 1200
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400): 
> Constructed uri 'ldap://idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unique_filename_destructor] 
> (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unlink_dbg] (0x2000): File already 
> removed: [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x4000): Using 
> file descriptor [19] for LDAP connection.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): 
> Setting 6 seconds timeout for connecting
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_async_sys_connect_done] 
> (0x0020): connect failed [113][No route to host].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_ldap_init_sys_connect_done] 
> (0x0020): sdap_async_sys_connect request failed: [113]: No route to host.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_ldap_init_state_destructor] 
> (0x0400): closing socket [19]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sys_connect_done] (0x0020): 
> sdap_async_connect_call request failed: [113]: No route to host.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000): 
> Trace: sh[0x1b9e670], connected[0], ops[(nil)], ldap[(nil)], 
> destructor_lock[0], release_memory[0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): 
> Setting status: PORT_NOT_WORKING. Called from: 
> ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done: 1567
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): 
> Marking port 389 of server 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' as 'not working'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): 
> Marking port 389 of duplicate server 'idmfs-01.internal.emerlyn.com 
> <http://idmfs-01.internal.emerlyn.com>' as 'not working'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): 
> Trying to resolve service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'name not resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port 
> status of port 389 for server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'neutral'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout] 
> (0x2000): Resolve timeout set to 6 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The 
> status of SRV lookup is resolved
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'name not resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000): 
> [id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>] does not look like an 
> IP address
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000): 
> Querying files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send] 
> (0x0100): Trying to resolve A record of 
> 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' in files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100): 
> Marking server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'resolving name'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000): 
> Querying files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send] 
> (0x0100): Trying to resolve AAAA record of 
> 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' in files
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_next] (0x0200): 
> No more address families to retry
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000): 
> Querying DNS
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query] 
> (0x0100): Trying to resolve A record of 
> 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' in DNS
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [schedule_request_timeout] (0x2000): 
> Scheduling a timeout of 6 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000): 
> Scheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unschedule_timeout_watcher] 
> (0x4000): Unscheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] 
> (0x1000): Parsing an A reply
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400): 
> Deleting request watch
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100): 
> Marking server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'name resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200): 
> Found address for server id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400): 
> Constructed uri 'ldap://id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unique_filename_destructor] 
> (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unlink_dbg] (0x2000): File already 
> removed: [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x4000): Using 
> file descriptor [19] for LDAP connection.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): 
> Setting 6 seconds timeout for connecting
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_ldap_connect_callback_add] 
> (0x1000): New LDAP connection to 
> [ldap://id-management-1.internal.emerlyn.com:389/??base 
> <http://id-management-1.internal.emerlyn.com:389/??base>] with fd [19].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_rootdse_send] (0x4000): 
> Getting rootdse
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with [(objectclass=*)][].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [*]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [altServer]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [namingContexts]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [supportedControl]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [supportedExtension]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [supportedFeatures]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [supportedLDAPVersion]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [supportedSASLMechanisms]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [domainControllerFunctionality]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [defaultNamingContext]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [lastUSN]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [highestCommittedUSN]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 1
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 1 timeout 6
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [vendorName]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [vendorVersion]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [dataversion]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [netscapemdsuffix]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [changeLog]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [firstchangenumber]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [lastchangenumber]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [namingContexts]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [supportedControl]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [supportedExtension]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [supportedLDAPVersion]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [supportedSASLMechanisms]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [defaultNamingContext]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [lastUSN]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 1 finished
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_rootdse_done] (0x2000): Got 
> rootdse
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_rootdse_done] (0x2000): 
> Skipping auto-detection of match rule
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_server_opts_from_rootdse] 
> (0x4000): USN value: 5396286 (int: 5396286)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_kinit_send] (0x0400): 
> Attempting kinit (default, host/docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>, INTERNAL.EMERLYN.COM 
> <http://INTERNAL.EMERLYN.COM>, 86400)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_kinit_next_kdc] (0x1000): 
> Resolving next KDC for service IPA
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): 
> Trying to resolve service 'IPA'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'name resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout] 
> (0x2000): Resolve timeout set to 6 seconds
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The 
> status of SRV lookup is resolved
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'name resolved'
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000): 
> Saving the first resolved server
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200): 
> Found address for server id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_kinit_kdc_resolved] (0x1000): 
> KDC resolved, attempting to get TGT...
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [create_tgt_req_send_buffer] 
> (0x0400): buffer size: 83
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): 
> Setting up signal handler up for pid [5472]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): 
> Signal handler set up for pid [5472]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_tgt_child_timeout] (0x0400): 
> Setting 6 seconds timeout for tgt child
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [write_pipe_handler] (0x0400): All 
> data has been sent!
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Entering.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Adding connection 0x1bbb650.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): 
> Adding connection 0x1bbb650
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Got a connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up 
> Backend ID timeout [0x1bbc470]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.sssd.dataprovider with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_conn_register_path] (0x0400): 
> Registering object path /org/freedesktop/sssd/dataprovider with D-Bus 
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Properties with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Introspectable with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbb650
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb2120 (21), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Entering.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Adding connection 0x1bbfca0.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): 
> Adding connection 0x1bbfca0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd670 (23), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Got a connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up 
> Backend ID timeout [0x1bc0ea0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.sssd.dataprovider with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_conn_register_path] (0x0400): 
> Registering object path /org/freedesktop/sssd/dataprovider with D-Bus 
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Properties with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Introspectable with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd670 (23), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd620 (23), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd670 (23), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Entering.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Adding connection 0x1bc2540.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): 
> Adding connection 0x1bc2540
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1bc3920/0x1bc2040 (24), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2090 (24), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Got a connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up 
> Backend ID timeout [0x1bc3c00]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.sssd.dataprovider with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_conn_register_path] (0x0400): 
> Registering object path /org/freedesktop/sssd/dataprovider with D-Bus 
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Properties with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Introspectable with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc2540
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Entering.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Adding connection 0x1bc49b0.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): 
> Adding connection 0x1bc49b0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1bc5a70/0x1bc3a20 (25), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Got a connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up 
> Backend ID timeout [0x1bc5d50]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.sssd.dataprovider with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_conn_register_path] (0x0400): 
> Registering object path /org/freedesktop/sssd/dataprovider with D-Bus 
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Properties with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Introspectable with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a70 (25), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a20 (25), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a20 (25), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd670 (23), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd620 (23), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd670 (23), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2090 (24), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2040 (24), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2090 (24), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2040 (24), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.RegisterService 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): 
> Cancel DP ID timeout [0x1bc0ea0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Added 
> Frontend client [PAM]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get 
> subdomains []
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Queue is 
> empty, running request immediately.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding 
> request to queue.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> waiting for connection to complete
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2090 (24), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2040 (24), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2090 (24), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc3920/0x1bc2040 (24), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb2120 (21), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbb650
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.RegisterService 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): 
> Cancel DP ID timeout [0x1bbc470]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Added 
> Frontend client [SUDO]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbb650
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get 
> subdomains []
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding 
> request to queue.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc2540
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.RegisterService 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): 
> Cancel DP ID timeout [0x1bc3c00]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Added 
> Frontend client [SSH]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc2540
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get 
> subdomains []
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding 
> request to queue.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Entering.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Adding connection 0x1bcaa90.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): 
> Adding connection 0x1bcaa90
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000): 
> 0x1bcba00/0x1bca5c0 (26), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca610 (26), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection] 
> (0x0200): Got a connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up 
> Backend ID timeout [0x1bcbce0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.sssd.dataprovider with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_conn_register_path] (0x0400): 
> Registering object path /org/freedesktop/sssd/dataprovider with D-Bus 
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Properties with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400): 
> Registering interface org.freedesktop.DBus.Introspectable with path 
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bcaa90
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca610 (26), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca5c0 (26), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca610 (26), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca5c0 (26), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca610 (26), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca5c0 (26), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca610 (26), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bcba00/0x1bca5c0 (26), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bcaa90
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.RegisterService 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): 
> Cancel DP ID timeout [0x1bcbce0]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Added 
> Frontend client [PAC]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bcaa90
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get 
> subdomains []
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding 
> request to queue.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting 
> for child [5472].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child 
> [5472] finished successfully.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [read_pipe_handler] (0x0400): EOF 
> received, client finished
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_tgt_recv] (0x0400): Child 
> responded: 0 [FILE:/var/lib/sss/db/ccache_INTERNAL.EMERLYN.COM 
> <http://ccache_INTERNAL.EMERLYN.COM>], expired on [1471028716]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x0100): expire 
> timeout is 900
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x1000): the 
> connection will expire at 1470943216
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sasl_bind_send] (0x0100): Executing 
> sasl bind mech: GSSAPI, user: host/docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): 
> Setting status: PORT_WORKING. Called from: 
> ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2052
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): 
> Marking port 389 of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'working'
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100): 
> Marking server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'working'
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): 
> Marking port 389 of duplicate server 
> 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'working'
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): 
> notify connected to op #1
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_connect_done] 
> (0x0400): SUDO LDAP connection successful
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_ipv4_addr] (0x0200): Loopback 
> IPv4 address 127.0.0.1
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] 
> (0x2000): Found IP address: 10.72.100.66 in network 10.72.100.0/24 
> <http://10.72.100.0/24>
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] 
> (0x2000): Found IP address: 172.17.0.1 in network 172.17.0.0/16 
> <http://172.17.0.0/16>
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_ipv6_addr] (0x0200): Loopback 
> IPv6 address ::1
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] 
> (0x2000): Found IP address: fe80::250:56ff:fe9a:495f in network fe80::/64
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] 
> (0x2000): Found IP address: fe80::42:43ff:fe27:e955 in network fe80::/64
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] 
> (0x2000): Found IP address: fe80::ac23:29ff:fe04:bb1a in network fe80::/64
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] 
> (0x2000): Found IP address: fe80::c494:9dff:feed:a7d8 in network fe80::/64
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_hostnames_send] 
> (0x2000): Found fqdn: docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_hostnames_send] 
> (0x2000): Found hostname: docker-dev-01
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): 
> notify connected to op #2
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaBaseID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaSecondaryBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaIDRangeSize]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTTrustedDomainSID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaRangeType]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 5
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 5 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): 
> caching successful connection after 2 notifies
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_run_unconditional_online_cb] 
> (0x0400): Running unconditional online callbacks.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_run_online_cb] (0x0080): Going 
> online. Running callbacks.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_send] 
> (0x0400): About to fetch sudo rules
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_search_bases_next_base] 
> (0x0400): Issuing LDAP lookup with base 
> [ou=sudoers,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>)(sudoHost=docker-dev-01)(sudoHost=10.72.100.66)(sudoHost=10.72.100.0/24)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=fe80::250:56ff:fe9a:495f)(sudoHost=fe80::/64)(sudoHost=fe80::42:43ff:fe27:e955)(sudoHost=fe80::/64)(sudoHost=fe80::ac23:29ff:fe04:bb1a)(sudoHost=fe80::/64)(sudoHost=fe80::c494:9dff:feed:a7d8)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=sudoers,dc=internal,dc=emerlyn,dc=com 
> <http://10.72.100.0/24%29%28sudoHost=172.17.0.1%29%28sudoHost=172.17.0.0/16%29%28sudoHost=fe80::250:56ff:fe9a:495f%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::42:43ff:fe27:e955%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::ac23:29ff:fe04:bb1a%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::c494:9dff:feed:a7d8%29%28sudoHost=fe80::/64%29%28sudoHost=+*%29%28%7C%28sudoHost=*%5C%5C*%29%28sudoHost=*?*%29%28sudoHost=*%5C2A*%29%28sudoHost=*[*]*%29%29%29%29][ou=sudoers,dc=internal,dc=emerlyn,dc=com>].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoCommand]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoHost]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoUser]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoOption]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoRunAs]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoRunAsUser]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoRunAsGroup]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoNotBefore]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoNotAfter]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sudoOrder]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 6 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a70 (25), R/- (disabled)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a20 (25), -/W (enabled)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000): 
> 0x1bc5a70/0x1bc3a20 (25), -/W (disabled)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.RegisterService 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): 
> Cancel DP ID timeout [0x1bc5d50]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Added 
> Frontend client [NSS]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getDomains on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get 
> subdomains []
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding 
> request to queue.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [cn=All,ou=sudoers,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [sudoCommand]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [sudoHost]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [sudoUser]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [sudoRunAsUser]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [sudoRunAsGroup]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 6 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_search_bases_done] (0x0400): 
> Receiving data from base [ou=sudoers,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_done] 
> (0x0040): Received 1 sudo rules
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing 
> operation connection
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_done] (0x0400): 
> Received 1 rules
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_sudo_purge_all] (0x0400): 
> Deleting all cached sudo rules
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2300
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb23c0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2300 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb23c0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2300 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_sudo_store_rule] (0x0400): 
> Adding sudo rule All
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb11b0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd63c0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb11b0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd63c0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb11b0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1be3710
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1be37d0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1be3710 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1be37d0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1be3710 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_done] (0x0400): 
> Sudoers is successfuly stored in cache
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_set_usn] (0x0200): SUDO 
> higher USN value: [2582737]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb31e0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb32a0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb31e0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb32a0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb31e0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb15d0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1690
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb15d0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1690 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb15d0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_full_refresh_done] 
> (0x0400): Successful full refresh of sudo rules
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_done] (0x0400): Task [SUDO 
> Full Refresh]: finished successfully
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400): Task 
> [SUDO Full Refresh]: scheduling task 21600 seconds from last execution 
> time [1470963916]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb0d50], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_subdom_reset_timeouts_cb] 
> (0x4000): Resetting last_refreshed and disabled_until.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaBaseID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaSecondaryBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaIDRangeSize]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTTrustedDomainSID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaRangeType]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 7
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 7 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaBaseID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSecondaryBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaIDRangeSize]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaRangeType]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 5 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9eae0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9eba0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9eae0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9eba0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9eae0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_update_ranges] (0x0400): 
> Adding range [INTERNAL.EMERLYN.COM_id_range].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1be29e0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1be2aa0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1be29e0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1be2aa0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1be29e0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9eae0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9eba0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9eae0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9eba0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9eae0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9ea20
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9eae0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9ea20 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9eae0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9ea20 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 8
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 8 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done] 
> (0x4000): Checking master record..
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaBaseID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSecondaryBaseRID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaIDRangeSize]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaRangeType]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 7 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1ba02b0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1ba0370
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1ba02b0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1ba0370 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1ba02b0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1ba0370
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1ba0430
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1ba0370 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1ba0430 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1ba0370 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2ad0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb2b90
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2ad0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb2b90 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2ad0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 9
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 9 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done] 
> (0x4000): Checking master record..
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 8 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0f70
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1030
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0f70 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1030 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0f70 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0f70
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1030
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0f70 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1030 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0f70 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6910
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1040
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6910 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1040 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6910 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTTrustedDomainSID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTTrustDirection]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 10
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 10 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 9 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTTrustedDomainSID]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTTrustDirection]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 11
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 11 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 10 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_deref_search_with_filter_send] 
> (0x2000): Server supports OpenLDAP deref
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400): 
> Dereferencing entry [cn=accounts,dc=internal,dc=emerlyn,dc=com] using 
> OpenLDAP deref
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 12
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 12 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 11 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_deref_search_with_filter_send] 
> (0x2000): Server supports OpenLDAP deref
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400): 
> Dereferencing entry [cn=accounts,dc=internal,dc=emerlyn,dc=com] using 
> OpenLDAP deref
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 13
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 13 timeout 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> Got deref control
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> All deref results from a single control parsed
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 12 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No 
> view found, using default.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): 
> Found view name [default].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): 
> Found IPA default view name, replacing with sysdb default.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): 
> read_at_init [false] current view  [(null)].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6870
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd6930
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6870 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd6930 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6870 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd95b0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd9670
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd95b0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd9670 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd95b0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd04e0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd05a0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd04e0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd05a0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd04e0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1ba0500
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd95e0
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1ba0500 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd95e0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1ba0500 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1d60
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1e20
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1d60 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1e20 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1d60 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_subdomains_callback] (0x0400): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): 
> Queued request filed successfully.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_subdomains_callback] (0x0400): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): 
> Queued request filed successfully.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_subdomains_callback] (0x0400): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): 
> Queued request filed successfully.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_subdomains_callback] (0x0400): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): 
> Queued request filed successfully.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_subdomains_callback] (0x0400): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): 
> Request queue is empty.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400): Back 
> end is online
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task 
> [SUDO Smart Refresh]: already enabled
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400): Back 
> end is online
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task 
> [SUDO Full Refresh]: already enabled
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> Got deref control
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> All deref results from a single control parsed
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 13 finished
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No 
> view found, using default.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): 
> Found view name [default].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): 
> Found IPA default view name, replacing with sysdb default.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): 
> read_at_init [true] current view  [default].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_sudo_online_cb] (0x0400): We 
> are back online. SUDO host information will be renewed on next refresh.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [delayed_online_authentication_callback] (0x0200): Backend is online, 
> starting delayed online authentication.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x1001][FAST BE_REQ_USER][1][idnumber=320000001]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb04f0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3d80
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb04f0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3d80 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb04f0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_idmap_check_posix_child] 
> (0x4000): Idmap of domain [S-1-5-21-711561063-4190233445-1602496204] 
> already known, nothing to do.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_search_user_next_base] 
> (0x0400): Searching for users with base 
> [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(uidNumber=320000001)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [uid]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [uidNumber]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gecos]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [homeDirectory]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginShell]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [krbPrincipalName]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowLastChange]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowMin]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowMax]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowWarning]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowInactive]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowExpire]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowFlag]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [krbLastPwdChange]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [krbPasswordExpiration]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [pwdAttribute]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [authorizedService]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [accountExpires]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userAccountControl]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [nsAccountLock]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [host]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginDisabled]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginExpirationTime]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginAllowedTimeMap]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaSshPubKey]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUserAuthType]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userCertificate;binary]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 14
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 14 timeout 6
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [uid]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [uidNumber]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gidNumber]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gecos]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [homeDirectory]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [loginShell]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [krbPrincipalName]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [modifyTimestamp]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [krbLastPwdChange]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [krbPasswordExpiration]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [nsAccountLock]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 14 finished
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_search_user_process] (0x0400): 
> Search for users, returned 1 results.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_search_user_process] (0x4000): 
> Retrieved total 1 users
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jgoddard
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Processing 
> user jgoddard
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000): Adding 
> originalDN 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to 
> attributes of [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding 
> original memberOf attributes to [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original mod-Timestamp [20160811190153Z] to attributes of 
> [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding 
> user principal [jgoddard at INTERNAL.EMERLYN.COM 
> <mailto:jgoddard at INTERNAL.EMERLYN.COM>] to attributes of [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowLastChange is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowMin is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowMax is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowWarning is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowInactive is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowExpire is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowFlag is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding krbPasswordExpiration [20170718194453Z] to attributes of 
> [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> pwdAttribute is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> authorizedService is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> adAccountExpires is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> adUserAccountControl is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding nsAccountLock [FALSE] to attributes of [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> authorizedHost is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> ndsLoginDisabled is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> ndsLoginExpirationTime is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> ndsLoginAllowedTimeMap is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding sshPublicKey 
> [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=] 
> to attributes of [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> authType is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> userCertificate is not available for [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Storing 
> info for user jgoddard
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfbbe0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfbca0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfbbe0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfbca0 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfbbe0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400): No 
> such entry
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfb6d0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfaa10
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfb6d0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfaa10 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfb6d0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_user_by_uid] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfebf0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfecb0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfebf0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfecb0 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfebf0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c09ca0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c09d60
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c09ca0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c09d60 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c09ca0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0af50
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bff180
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0af50 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bff180 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0af50 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_users] (0x4000): User 0 
> processed!
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_users_done] (0x4000): 
> Saving 1 Users - Done
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing 
> operation connection
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb27b0
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3d80
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb27b0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3d80 "ltdb_timeout"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb27b0 "ltdb_callback"
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done] 
> (0x4000): Searching for overrides in view [Default Trust View] with 
> filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default 
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 15
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 15 timeout 6
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 15 finished
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): 
> No override found with filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2060
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb2d60
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2060 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb2d60 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2060 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bc8780
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1ea0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bc8780 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1ea0 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bc8780 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000001]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400): 
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(gidNumber=320000001)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [posixGroup]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 16
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 16 timeout 6
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gidNumber]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [modifyTimestamp]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 16 finished
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_process] (0x0400): 
> Search for groups, returned 1 results.
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): 
> The server supports deref method OpenLDAP
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [groups]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): About to process group 
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 0 
> users found in the hash table
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1 
> groups found in the hash table
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str] (0x1000): No 
> [objectSIDString] attribute. [0][Success]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x4000): 
> objectSID: not available for group [(null)].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jgoddard
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): 
> Processing group jgoddard
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a 
> posix group
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original DN 
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to 
> attributes of [jgoddard].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original mod-Timestamp [20150116164416Z] to attributes of 
> [jgoddard].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): The group has 0 members
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Group has 0 members
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing 
> info for group jgoddard
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0eb0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0f70
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0f70 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400): No 
> such entry
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000): Group 
> jgoddard does not exist.
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bae460
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9f970
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bae460 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9f970 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bae460 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd05a0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd0660
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd05a0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd0660 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd05a0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bca2c0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd6740
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bca2c0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c011d0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c01290
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd6740 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bca2c0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c011d0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c01290 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c011d0 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> processed!
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str] (0x1000): No 
> [objectSIDString] attribute. [0][Success]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Failed 
> to get group sid
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jgoddard
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): 
> Processing group jgoddard
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): No 
> members for group [jgoddard]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1280
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bae5c0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1280 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bae5c0 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1280 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9f970
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bae5c0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9f970 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bae5c0 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9f970 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> members processed!
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No 
> external members, done(Thu Aug 11 15:05:25 2016) 
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] 
> [sdap_id_op_done] (0x4000): releasing operation connection
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1baf710
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1ea0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1baf710 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1ea0 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1baf710 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done] 
> (0x4000): Searching for overrides in view [Default Trust View] with 
> filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))][cn=Default 
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 17
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 17 timeout 6
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 17 finished
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): 
> No override found with filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1baf650
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1baf710
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1baf650 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1baf710 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1baf650 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2290
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1ea0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2290 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1ea0 "ltdb_timeout"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2290 "ltdb_callback"
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000000]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400): 
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(gidNumber=320000000)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [posixGroup]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 18
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 18 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.service.ping on path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gidNumber]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [member]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 18 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_process] (0x0400): 
> Search for groups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): 
> The server supports deref method OpenLDAP
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [groups]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): About to process group 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6770
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd6830
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6770 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd6830 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6770 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bca3e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd67b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bca3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd67b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bca3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bca3e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd66b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bca3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd66b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bca3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd63c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd6480
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd63c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd6480 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd63c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6480
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd66c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6480 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd66c0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6480 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> found in cache, skipping
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0eb0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0f70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0f70 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb12c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7ae0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb12c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7ae0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb12c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb1210
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7ae0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb1210 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7ae0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb1210 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd04e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf14a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd04e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf14a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd04e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): Looking up 4/5 members of group 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): Members of group 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will 
> be processed individually
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 4 
> users found in the hash table
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1 
> groups found in the hash table
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jfifield
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb1160
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1220
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb1160 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1220 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb1160 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object admin
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9f1e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd0a30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9f1e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd0a30 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9f1e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object chunsicker
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9fa30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bcd910
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9fa30 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bcd910 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9fa30 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object test
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bcd910
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bae4d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bcd910 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bae4d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bcd910 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object admins
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): 
> Processing group admins
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a 
> posix group
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original DN 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to 
> attributes of [admins].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original mod-Timestamp [20160408185328Z] to attributes of [admins].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): The group has 5 members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Group has 5 members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [admin]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [chunsicker]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jfifield]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [test]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing 
> info for group admins
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd15f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd16b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd15f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd16b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd15f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000): Group 
> admins does not exist.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd07f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd15f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd07f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd15f0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd07f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd0a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd160
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd0a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd160 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd0a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfc820
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc8e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfc820 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c060a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c06160
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc8e0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfc820 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c060a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c06160 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c060a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> processed!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object admins
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): 
> Processing group admins
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c07c50
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc820
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c07c50 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc820 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c07c50 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf94a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc820
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf94a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc820 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf94a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_sids_of_members] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x2000): 
> retain_extern_members failed: 2:[No such file or directory].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding 
> member users to group [admins]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_find_entry_by_origDN] (0x4000): 
> Searching cache for 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfc820
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf94a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfc820 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf94a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfc820 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_fill_memberships] (0x1000):     
> member #2 
> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com): 
> [name=jgoddard,cn=users,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfcd30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd07f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfcd30 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd07f0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfcd30 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd07f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf9880
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd07f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c060d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c04a30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf9880 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd07f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c060d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c06fe0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c070a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c04a30 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c060d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c06fe0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0c5c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c0c680
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c070a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c06fe0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0c5c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c09ce0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c0d660
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c0c680 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0c5c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c09ce0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c0d660 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c09ce0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> members processed!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No 
> external members, done(Thu Aug 11 15:05:26 2016) 
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] 
> [sdap_id_op_done] (0x4000): releasing operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb26f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb27b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb26f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb27b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb26f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done] 
> (0x4000): Searching for overrides in view [Default Trust View] with 
> filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))][cn=Default 
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 19
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 19 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 19 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): 
> No override found with filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0b70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb26f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb26f0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bc91d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bc9290
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bc91d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bc9290 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bc91d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000019]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400): 
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(gidNumber=320000019)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [posixGroup]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 20
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 20 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gidNumber]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [member]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 20 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_process] (0x0400): 
> Search for groups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): 
> The server supports deref method OpenLDAP
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [groups]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): About to process group 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd7900
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd79c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd7900 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd79c0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd7900 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd7bf0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf1780
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd7bf0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf1780 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd7bf0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0eb0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0f70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0f70 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf0c10
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf0cd0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf0c10 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf0cd0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf0c10 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf0c10
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf0cd0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf0c10 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf0cd0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf0c10 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf1780
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf1840
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf1780 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf1840 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf1780 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf1950
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0eb0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf1950 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0eb0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf1950 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf0c10
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf0cd0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf0c10 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf0cd0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf0c10 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf1780
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf1840
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf1780 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf1840 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf1780 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd7bc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7c80
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd7bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7c80 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd7bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd7bc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7c80
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd7bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7c80 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd7bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> found in cache, skipping
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd63c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd6480
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd63c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd6480 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd63c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bda620
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bda6e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bda620 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bda6e0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bda620 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): Looking up 6/7 members of group 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): Members of group 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> will be processed individually
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 6 
> users found in the hash table
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1 
> groups found in the hash table
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jviger
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd7fb0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd8070
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd7fb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd8070 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd7fb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jfifield
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd82d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd63c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd82d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd63c0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd82d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object chunsicker
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf1d70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd6e00
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf1d70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd6e00 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf1d70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object cperry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1520
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bda4d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1520 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bda4d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1520 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jodell
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bef750
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd82d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bef750 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd82d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bef750 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object lglassover
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd69e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bcda20
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd69e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bcda20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd69e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object developers
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): 
> Processing group developers
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a 
> posix group
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original DN 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to 
> attributes of [developers].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original mod-Timestamp [20160504191023Z] to attributes of 
> [developers].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): The group has 7 members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Group has 7 members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [chunsicker]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [cperry]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jfifield]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jodell]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [lglassover]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jviger]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing 
> info for group developers
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bef790
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1befb90
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bef790 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1befb90 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bef790 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000): Group 
> developers does not exist.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bcda20
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bda7d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bcda20 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bda7d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bcda20 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfdba0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfdc60
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfdba0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfdc60 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfdba0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c064a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c06560
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c064a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c068f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c069b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c06560 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c064a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c068f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c069b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c068f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> processed!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object developers
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): 
> Processing group developers
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c053d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf0a20
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c053d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf0a20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c053d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfe3e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd12d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfe3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd12d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfe3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_sids_of_members] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x2000): 
> retain_extern_members failed: 2:[No such file or directory].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding 
> member users to group [developers]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_find_entry_by_origDN] (0x4000): 
> Searching cache for 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bda7d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c074e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bda7d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c074e0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bda7d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_fill_memberships] (0x1000):     
> member #5 
> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com): 
> [name=jgoddard,cn=users,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfe3e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1befb90
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfe3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1befb90 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfe3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfe3e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c053d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfe3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c082f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c083b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c053d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfe3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c082f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfddb0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfde70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c083b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c082f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfddb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c089f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c0c5a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfde70 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfddb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c089f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0c3e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c06d50
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c0c5a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c089f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0c3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c06d50 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0c3e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> members processed!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No 
> external members, done(Thu Aug 11 15:05:26 2016) 
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] 
> [sdap_id_op_done] (0x4000): releasing operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9f1f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb26f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9f1f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb26f0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9f1f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done] 
> (0x4000): Searching for overrides in view [Default Trust View] with 
> filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))][cn=Default 
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 21
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 21 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 21 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): 
> No override found with filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb05e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb16c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb05e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb16c0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb05e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6aa0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1baf650
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6aa0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1baf650 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6aa0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000031]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400): 
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(gidNumber=320000031)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [posixGroup]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 22
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 22 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gidNumber]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [member]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 22 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_groups_process] (0x0400): 
> Search for groups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): 
> The server supports deref method OpenLDAP
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [groups]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): About to process group 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd67e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd68a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd67e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd68a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd67e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb21d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb2290
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb21d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb2290 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb21d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6720
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd67e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6720 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd67e0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6720 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6480
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf18b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6480 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf18b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6480 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd6480
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf18b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd6480 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf18b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd6480 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> found in cache, skipping
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0f70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1030
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0f70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1030 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0f70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2bc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd71c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd71c0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd71c0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7280
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd71c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7280 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd71c0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2bc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb1260
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb1260 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd0fc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0b70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd0fc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0b70 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd0fc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2bc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0b70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0b70 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2bc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb11e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb12a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb11e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb12a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb11e0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd7f50
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd8010
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd7f50 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd8010 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd7f50 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd8010
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb11e0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd8010 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb11e0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd8010 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): 
> Search groups with filter: 
> (&(objectclass=group)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd8210
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7f50
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd8210 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7f50 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd8210 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_split_members] 
> (0x4000): 
> [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is 
> unknown object
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): Looking up 7/8 members of group 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] 
> (0x2000): Members of group 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> will be processed individually
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> into hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] 
> (0x4000): Inserting 
> [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into 
> hash table [users]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 7 
> users found in the hash table
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1 
> groups found in the hash table
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jviger
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1de0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7c30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1de0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7c30 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1de0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jfifield
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb23f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0b70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb23f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0b70 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb23f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object mlibby
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfe660
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0f30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfe660 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0f30 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfe660 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object chunsicker
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd0fc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc150
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd0fc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc150 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd0fc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object cperry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfeb20
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd8450
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfeb20 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd8450 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfeb20 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jodell
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd8450
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf0af0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd8450 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf0af0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd8450 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object lglassover
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search 
> users with filter: 
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb23f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd0fc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb23f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd0fc0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb23f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): 
> Processing group jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a 
> posix group
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original DN 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> to attributes of [jira-administrators].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original mod-Timestamp [20160504191023Z] to attributes of 
> [jira-administrators].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): The group has 8 members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Group has 8 members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [chunsicker]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jfifield]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [cperry]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jodell]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [jviger]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [lglassover]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] 
> (0x0400): Adding ghost member for group [mlibby]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Storing 
> info for group jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2250
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb2310
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2250 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb2310 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2250 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400): No 
> such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000): Group 
> jira-administrators does not exist.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0eb0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb2250
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb2250 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0eb0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfdee0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfdfa0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfdee0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfdfa0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfdee0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c07fd0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08090
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c07fd0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08730
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c087f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08090 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c07fd0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08730 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c087f0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08730 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> processed!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): 
> Processing group jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2250
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08150
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2250 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08150 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2250 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0b70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc150
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc150 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_sids_of_members] (0x0400): 
> No such entry
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x2000): 
> retain_extern_members failed: 2:[No such file or directory].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding 
> member users to group [jira-administrators]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_find_entry_by_origDN] (0x4000): 
> Searching cache for 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9f9f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc150
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9f9f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc150 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9f9f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_fill_memberships] (0x1000):     
> member #2 
> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com): 
> [name=jgoddard,cn=users,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0a510
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd0fc0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0a510 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd0fc0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0a510 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0b70
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfc150
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0a0a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfcd30
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfc150 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0a0a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c096d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c09790
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfcd30 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0a0a0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c096d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0cb20
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c087a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c09790 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c096d0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0cb20 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0bd80
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c0d9d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c087a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0cb20 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0bd80 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c0d9d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0bd80 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000): Group 0 
> members processed!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No 
> external members, done(Thu Aug 11 15:05:26 2016) 
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] 
> [sdap_id_op_done] (0x4000): releasing operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bbc470
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd7a10
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bbc470 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd7a10 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bbc470 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done] 
> (0x4000): Searching for overrides in view [Default Trust View] with 
> filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))][cn=Default 
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 23
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 23 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 23 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): 
> No override found with filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb2d60
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bc91d0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb2d60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bc91d0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb2d60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb1f60
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bc93a0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb1f60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bc93a0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb1f60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x1004][FAST BE_REQ_NETGROUP][1][name=office]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_next_base] (0x0400): 
> Searching for netgroups with base 
> [cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(cn=office)(objectclass=ipaNisNetgroup))][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberUser]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberHost]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [externalHost]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [nisDomainName]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 24
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 24 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberHost]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [nisDomainName]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 24 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_netgroups_process] (0x0400): 
> Search for netgroups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(|(memberOf=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com))(objectclass=ipaHost))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 25
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 25 timeout 6
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=goddard-l.internal.emerlyn.com 
> <http://goddard-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=crashplan-master.internal.emerlyn.com 
> <http://crashplan-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=staging-app-2.internal.emerlyn.com 
> <http://staging-app-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=nagios-2.internal.emerlyn.com 
> <http://nagios-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=metrics-1.internal.emerlyn.com 
> <http://metrics-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=rundeck-master.internal.emerlyn.com 
> <http://rundeck-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=pairing-vm2.internal.emerlyn.com 
> <http://pairing-vm2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=mike-d.internal.emerlyn.com 
> <http://mike-d.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=jenkins.internal.emerlyn.com 
> <http://jenkins.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=sonar-01.internal.emerlyn.com 
> <http://sonar-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=emerlyn-loaner.internal.emerlyn.com 
> <http://emerlyn-loaner.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=graylog-01.internal.emerlyn.com 
> <http://graylog-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=utility-01.internal.emerlyn.com 
> <http://utility-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=lglassover-l.internal.emerlyn.com 
> <http://lglassover-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=docker-dev-02.internal.emerlyn.com 
> <http://docker-dev-02.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=docker-dev-03.internal.emerlyn.com 
> <http://docker-dev-03.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 25 finished
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_members_process] (0x2000): 
> Found 18 members in current search base
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000): 
> Extracting netgroup members of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000): 
> Extracted 0 netgroup members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x4000): 
> Extracting user members of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000): 
> Extracted 0 user members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x4000): 
> Extracting host members of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000): 
> Extracted 18 host members
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000): 
> Putting together triples of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x2000): Storing 
> netgroup office
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): Adding 
> original DN [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] to 
> attributes of [office].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No 
> original members for netgroup [office]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No 
> members for netgroup [office]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x0400): Storing 
> info for netgroup office
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c135f0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c136b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c135f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c136b0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c135f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c1d5b0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1d670
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c1d5b0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1d670 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c1d5b0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing 
> operation connection
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo 
> on path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got 
> request for [0x3][BE_REQ_INITGROUPS][1][name=jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb26f0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb27b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb26f0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb27b0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb26f0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb05e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0b70
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb05e0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bc8730
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bc87f0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0b70 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb05e0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bc8730 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb0b70
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bda750
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bc87f0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bc8730 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bda4d0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bc8670
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bda750 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb0b70 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bda4d0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bc8670 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bda4d0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_send] (0x4000): 
> Retrieving info for initgroups call
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_next_base] (0x0400): 
> Searching for users with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(uid=jgoddard)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [uid]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [uidNumber]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gecos]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [homeDirectory]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginShell]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [krbPrincipalName]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowLastChange]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowMin]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowMax]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowWarning]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowInactive]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowExpire]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [shadowFlag]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [krbLastPwdChange]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [krbPasswordExpiration]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [pwdAttribute]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [authorizedService]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [accountExpires]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userAccountControl]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [nsAccountLock]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [host]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginDisabled]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginExpirationTime]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [loginAllowedTimeMap]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaSshPubKey]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUserAuthType]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userCertificate;binary]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 26
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 26 timeout 6
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [uid]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [uidNumber]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gidNumber]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [gecos]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [homeDirectory]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [loginShell]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [krbPrincipalName]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [modifyTimestamp]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [entryUSN]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [krbLastPwdChange]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [krbPasswordExpiration]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [nsAccountLock]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaSshPubKey]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 26 finished
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): 
> Receiving info for the user
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): 
> Storing the user
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Processing 
> user jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000): Adding 
> originalDN 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to 
> attributes of [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding 
> original memberOf attributes to [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding original mod-Timestamp [20160811190153Z] to attributes of 
> [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding 
> user principal [jgoddard at INTERNAL.EMERLYN.COM 
> <mailto:jgoddard at INTERNAL.EMERLYN.COM>] to attributes of [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowLastChange is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowMin is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowMax is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowWarning is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowInactive is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowExpire is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> shadowFlag is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding krbPasswordExpiration [20170718194453Z] to attributes of 
> [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> pwdAttribute is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> authorizedService is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> adAccountExpires is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> adUserAccountControl is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding nsAccountLock [FALSE] to attributes of [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> authorizedHost is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> ndsLoginDisabled is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> ndsLoginExpirationTime is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> ndsLoginAllowedTimeMap is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> Adding sshPublicKey 
> [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=] 
> to attributes of [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> authType is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000): 
> userCertificate is not available for [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Storing 
> info for user jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2960
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf2a20
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2960 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf2a20 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2960 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c002a0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c00360
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c002a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c00360 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c002a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [userPassword] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c091e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd090
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c091e0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd090 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c091e0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowLastChange] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c02b70
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c02b70 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowMin] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf25f0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf25f0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowMax] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd2b0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowWarning] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c060e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c02320
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c060e0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c02320 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c060e0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowInactive] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c01a10
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c05b90
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c01a10 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c05b90 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c01a10 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowExpire] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c01a10
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c01a10 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfed00 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c01a10 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [shadowFlag] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c01a10
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c01a10 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [pwdAttribute] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd090
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd090 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [authorizedService] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c01a10
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c01a10 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [adAccountExpires] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd090
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd090 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [adUserAccountControl] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c09740
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c09740 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [authorizedHost] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf29a0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd090
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf29a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd090 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf29a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [ndsLoginDisabled] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf29a0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf29a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfed00 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf29a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [ndsLoginExpirationTime] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf29a0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf29a0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfd2b0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [ndsLoginAllowedTimeMap] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd2b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd2b0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [authType] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfd090
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfd090 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfed00 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000): 
> Removing attribute [userCertificate] from [jgoddard]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf29a0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf29a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfed00 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf29a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): 
> Commit change
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf1a80
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf1b40
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf1a80 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf1b40 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf1a80 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): 
> Process user's groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): 
> The server supports deref method OpenLDAP
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_deref_search_send] (0x2000): 
> Server supports OpenLDAP deref
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400): 
> Dereferencing entry 
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> using OpenLDAP deref
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send] (0x0400): 
> WARNING: Disabling paging because scope is set to base.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with [no 
> filter][uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [posixGroup]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userPassword]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [gidNumber]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaNTSecurityIdentifier]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [entryUSN]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 27
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 27 timeout 6
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> Got deref control
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: top
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: groupofnames
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: posixgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipausergroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaobject
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: nestedGroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaNTGroupAttrs
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found 
> map for objectclass 'posixgroup'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: objectClass
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: cn
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: admins
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: gidNumber
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 320000000
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: member
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaUniqueID
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 19821026-9d9b-11e4-8386-0050568354a7
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaNTSecurityIdentifier
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: S-1-5-21-711561063-4190233445-1602496204-512
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: modifyTimestamp
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 20160408185328Z
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: entryUSN
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 3382936
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: top
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: groupofnames
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: nestedgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipausergroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaobject
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found 
> map for objectclass 'ipausergroup'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: objectClass
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: cn
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: ipausers
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: member
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=mmasters,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=ntaylor,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=nagiosadmin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=rclay-storm,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=nagios,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=bandreoli,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=emerlyn,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=db-restore,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaUniqueID
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 198528d8-9d9b-11e4-a057-0050568354a7
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: modifyTimestamp
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 20160510140017Z
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: entryUSN
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 3855196
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaobject
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: top
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipausergroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: posixgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: groupofnames
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: nestedgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipantgroupattrs
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found 
> map for objectclass 'ipausergroup'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: objectClass
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: cn
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: developers
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: gidNumber
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 320000019
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: member
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaUniqueID
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: f047af7a-09fd-11e5-8827-0050568354a7
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaNTSecurityIdentifier
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> S-1-5-21-711561063-4190233445-1602496204-1019
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: modifyTimestamp
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 20160504191023Z
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: entryUSN
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 3757093
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipasudorule
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaassociation
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaobject
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: top
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipausergroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: posixgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: groupofnames
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: nestedgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipantgroupattrs
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found 
> map for objectclass 'ipausergroup'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: objectClass
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: cn
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: jira-administrators
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: gidNumber
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 320000031
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: member
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaUniqueID
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 48d1856c-3f73-11e5-94f7-0050568354a7
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaNTSecurityIdentifier
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> S-1-5-21-711561063-4190233445-1602496204-1031
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: modifyTimestamp
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 20160504191023Z
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: entryUSN
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 3757081
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> All deref results from a single control parsed
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 27 finished
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2480
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf2540
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2480 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf2540 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2480 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfcf30
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bffc10
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfcf30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bffc10 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfcf30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400): No 
> such entry
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] 
> (0x1000): Group #1 [ipausers][ipausers] is not cached, need to add a 
> fake entry
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfcf30
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf29e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfcf30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf29e0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfcf30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfcd70
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf8870
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfcd70 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf8870 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfcd70 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object admins
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object ipausers
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str] (0x1000): No 
> [objectSIDString] attribute. [0][Success]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] 
> (0x1000): The group ipausers gid was missing
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] 
> (0x0400): Marking group ipausers as non-posix and setting GID=0!
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] 
> (0x2000): Adding fake group ipausers to sysdb
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf7860
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd8ba0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf7860 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd8ba0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf7860 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf8870
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf24c0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf8870 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf24c0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf8870 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object admins
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000): 
> searching sysdb with filter 
> [(&(objectClass=group)(member=name=admins,cn=groups,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb))]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2920
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd9100
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2920 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd9100 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2920 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x1000): 
> admins is a member of 0 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up direct 
> parents for group 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): The group 
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0 
> direct parents
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_membership_diff] (0x1000): The group admins is 
> a direct member of 0 LDAP groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object ipausers
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000): 
> searching sysdb with filter 
> [(&(objectClass=group)(member=name=ipausers,cn=groups,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb))]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf24c0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd9100
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf24c0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd9100 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf24c0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x1000): 
> ipausers is a member of 0 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up direct 
> parents for group 
> [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): The group 
> [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 
> 0 direct parents
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_membership_diff] (0x1000): The group ipausers 
> is a direct member of 0 LDAP groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object developers
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000): 
> searching sysdb with filter 
> [(&(objectClass=group)(member=name=developers,cn=groups,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb))]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf24c0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf2920
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf24c0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf2920 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf24c0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x1000): 
> developers is a member of 0 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up direct 
> parents for group 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): The group 
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> has 0 direct parents
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_membership_diff] (0x1000): The group 
> developers is a direct member of 0 LDAP groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400): 
> Processing object jira-administrators
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000): 
> searching sysdb with filter 
> [(&(objectClass=group)(member=name=jira-administrators,cn=groups,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb))]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2920
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfed00
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2920 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfed00 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2920 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x1000): 
> jira-administrators is a member of 0 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up direct 
> parents for group 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_direct_parents] (0x4000): The group 
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> has 0 direct parents
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] 
> [sdap_initgr_nested_get_membership_diff] (0x1000): The group 
> jira-administrators is a direct member of 0 LDAP groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships] 
> (0x1000): The user jgoddard is a direct member of 4 LDAP groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000): 
> searching sysdb with filter 
> [(&(objectClass=group)(member=name=jgoddard,cn=users,cn=internal.emerlyn.com 
> <http://internal.emerlyn.com>,cn=sysdb))]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2920
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3b80
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2920 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3b80 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2920 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x1000): 
> jgoddard is a member of 3 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships] 
> (0x2000): Updating memberships for jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bfcf30
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf2a60
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bfcf30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c0b340
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf24c0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf2a60 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bfcf30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c0b340 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c15610
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c156d0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf24c0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c0b340 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c15610 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c16c30
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c16010
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c156d0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c15610 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c16c30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd9560
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c0c530
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c16010 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c16c30 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd9560 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c0c530 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd9560 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_done] (0x4000): 
> Initgroups done
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd3b80
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bfcf30
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd3b80 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bfcf30 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd3b80 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_done] (0x0400): 
> Primary group already cached, nothing to do.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing 
> operation connection
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2cd0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1380
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2cd0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1380 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2cd0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1baf710
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb26f0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1baf710 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb26f0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1baf710 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1baf710
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bb0eb0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1baf710 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bb0eb0 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1baf710 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done] 
> (0x4000): Searching for overrides in view [Default Trust View] with 
> filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default 
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 28
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 28 timeout 6
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 28 finished
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): 
> No override found with filter 
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd3b80
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9f130
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd3b80 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9f130 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd3b80 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_add_timeout] (0x2000): 0x1bb15e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000): 0x1bb15e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bc49b0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request 
> processed. Returned 0,0,Success
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler] (0x0100): Got 
> request with the following data
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command: 
> SSS_PAM_AUTHENTICATE
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): domain: 
> internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): user: jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): service: sudo
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): tty: 
> /dev/pts/0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): ruser: 
> jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): rhost:
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): authtok 
> type: 1
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): newauthtok 
> type: 0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): priv: 0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): cli_pid: 5477
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): logon 
> name: not set
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [krb5_auth_queue_send] (0x1000): Wait 
> queue of user [jgoddard] is empty, running request [0x1bb1ab0] 
> immediately.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [krb5_setup] (0x4000): No mapping 
> for: jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bc93a0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bc9460
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bc93a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bc9460 "ltdb_timeout"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bc93a0 "ltdb_callback"
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [krb5_auth_prepare_ccache_name] 
> (0x1000): No ccache file for user [jgoddard] found.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): 
> Trying to resolve service 'IPA'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'working'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port 
> status of port 389 for server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'working'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout] 
> (0x2000): Resolve timeout set to 6 seconds
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The 
> status of SRV lookup is resolved
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status 
> of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' is 'working'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000): 
> Saving the first resolved server
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200): 
> Found address for server id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400): 
> Constructed uri 'ldap://id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>'
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unique_filename_destructor] 
> (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [unlink_dbg] (0x2000): File already 
> removed: [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): 
> Setting up signal handler up for pid [5481]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): 
> Signal handler set up for pid [5481]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [write_pipe_handler] (0x0400): All 
> data has been sent!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [read_pipe_handler] (0x0400): EOF 
> received, client finished
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000): 
> child response [0][3][40].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000): 
> child response [0][-1073741822][30].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000): 
> child response [0][-1073741823][32].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000): 
> TGT times are [1470942330][1470942330][1471028729][0].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000): 
> child response [0][6][8].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): 
> Setting status: PORT_WORKING. Called from: 
> ../src/providers/krb5/krb5_auth.c: krb5_auth_done: 1039
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): 
> Marking port 389 of server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'working'
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100): 
> Marking server 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'working'
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): 
> Marking port 389 of duplicate server 
> 'id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>' as 'working'
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [krb5_mod_ccname] (0x4000): Save 
> ccname [KEYRING:persistent:320000001] for user [jgoddard].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1b9f970
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9fa30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1b9f970 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9fa30 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1b9f970 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bca1a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bca260
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bca1a0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bca260 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bca1a0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [check_wait_queue] (0x1000): Wait 
> queue for user [jgoddard] is empty.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [krb5_auth_queue_done] (0x1000): 
> krb5_auth_queue request [0x1bb1ab0] done.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Sent result [0][internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting 
> for child [5481].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child 
> [5481] finished successfully.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1bbfca0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler on 
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): 
> Changing request domain from [internal.emerlyn.com 
> <http://internal.emerlyn.com>] to [internal.emerlyn.com 
> <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler] (0x0100): Got 
> request with the following data
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command: 
> SSS_PAM_ACCT_MGMT
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): domain: 
> internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): user: jgoddard
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): service: sudo
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): tty: 
> /dev/pts/0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): ruser: 
> jgoddard
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): rhost:
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): authtok 
> type: 0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): newauthtok 
> type: 0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): priv: 0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): cli_pid: 5477
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): logon 
> name: not set
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_access_send] (0x0400): 
> Performing access check for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bb16d0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1b9f220
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bb16d0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1b9f220 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bb16d0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_account_expired_rhds] (0x0400): 
> Performing RHDS access check for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_account_expired_rhds] (0x4000): 
> Account for user [jgoddard] is not locked.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_retry] (0x4000): Connection 
> status is [online].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000): 
> reusing cached connection
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [fqdn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [serverHostname]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaSshPubKey]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 29
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 29 timeout 60
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectClass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [fqdn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serverHostname]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaUniqueID]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 29 finished
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): 
> The server supports deref method OpenLDAP
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_deref_search_send] (0x2000): 
> Server supports OpenLDAP deref
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400): 
> Dereferencing entry [fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com] 
> using OpenLDAP deref
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send] (0x0400): 
> WARNING: Disabling paging because scope is set to base.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with [no 
> filter][fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectClass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaUniqueID]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 30 timeout 60
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> Got deref control
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaobject
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipahostgroup
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: nestedGroup
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: groupOfNames
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: top
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: mepOriginEntry
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found 
> map for objectclass 'ipahostgroup'
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: objectClass
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: cn
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: office
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: memberOf
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: 
> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): 
> Dereferenced attribute: ipaUniqueID
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced attribute value: e91566cc-bb9f-11e4-b8b6-0050568354a7
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipanisnetgroup
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaobject
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: mepManagedEntry
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaAssociation
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: top
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): 
> Dereferenced DN: 
> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipasudorule
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): 
> Dereferenced objectClass value: ipaassociation
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): 
> All deref results from a single control parsed
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 30 finished
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hostgroup_info_done] (0x0200): 
> Dereferenced host group: office
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_service_info_next] 
> (0x0400): Sending request for next search base: 
> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACService)]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(objectClass=ipaHBACService)][cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 31
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 31 timeout 60
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=sshd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=ftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: [cn=su,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=login,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=su-l,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=sudo,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=sudo-i,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=gdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=gdm-password,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=kdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=proftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=vsftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=gssftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=crond,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 31 finished
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_servicegroup_info_next] 
> (0x0400): Sending request for next search base: 
> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACServiceGroup)]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [member]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberOf]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 32
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 32 timeout 60
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [member]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [member]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 32 finished
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_rule_info_next] (0x0400): 
> Sending request for next search base: 
> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): 
> Searching 10.72.100.16
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400): 
> calling ldap_search_ext with 
> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))][cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [ipaenabledflag]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [accessRuleType]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberUser]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [userCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberService]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [serviceCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sourceHost]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [sourceHostCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [externalHost]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [memberHost]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000): 
> Requesting attrs: [hostCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000): 
> ldap_search_ext called, msgid = 33
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 
> 33 timeout 60
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_ENTRY]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): 
> OriginalDN: 
> [ipaUniqueID=19e5fa5a-9d9b-11e4-9cb5-0050568354a7,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [objectclass]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [cn]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipauniqueid]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [ipaenabledflag]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [accessRuleType]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [userCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [serviceCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No 
> sub-attributes for [hostCategory]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): 
> Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x0400): Search result: Success(0), no errmsg set
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] 
> (0x2000): Total count [0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): 
> Operation 33 finished
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 0)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd42a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd4360
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd42a0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd4360 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd42a0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4f50
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf5010
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4f50 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf5010 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4f50 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08000
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c080c0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08000 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c080c0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08000 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [office].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd40b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd4170
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd40b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd4170 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd40b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c06c10
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c06cd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c06c10 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c06cd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c06c10 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf2950
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf2950 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf2950 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [sshd].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf2910
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf2910 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf5110
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf5110 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf44b0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf5110 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [ftp].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c16c90
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c14fc0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c16c90 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c14fc0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c16c90 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [su].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c15130
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c151f0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c15130 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c151f0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c15130 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [login].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c17470
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c17470 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf44b0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c17470 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4fd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c17470
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c17470 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [su-l].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf4fd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf4fd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4fd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c17470
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c17470 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [sudo].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c17470
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c17470 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08a30 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c17470 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf44b0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [sudo-i].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4fd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08a30 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4fd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c199f0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c199f0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [gdm].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4fd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08a30 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4fd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf44b0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [gdm-password].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1e850
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1e850 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c06aa0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c06aa0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [kdm].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1b3a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1b3a0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [proftpd].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf44b0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c1f350
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c199f0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c1f350 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c199f0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c1f350 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [vsftpd].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf44b0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1b3a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1b3a0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf44b0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c1b3a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c1b3a0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c1b3a0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [gssftp].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1b3a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1b3a0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08a30 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [pure-ftpd].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf2910
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf2910 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c1fc80
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c20950
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c1fc80 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c20950 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c1fc80 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [crond].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c20950
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1fc80
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c20950 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1fc80 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c20950 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c1b3a0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c1b3a0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1dd0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [Sudo].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c15070
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c15070 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c15070 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bf4570
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bf4630
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bf4570 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bf4630 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bf4570 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [ftp].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c13750
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c13750 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c26210
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08580
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c26210 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08580 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c26210 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c25c20
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd1dd0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c25c20 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd1dd0 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c25c20 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000): Object 
> name: [19e5fa5a-9d9b-11e4-9cb5-0050568354a7].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c08a30
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c15070
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c15070 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c08a30 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction 
> (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1c13c00
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1c08580
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1c13c00 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1c08580 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1c13c00 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 3)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 2)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 1)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb 
> transaction (nesting: 0)
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd3d80
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3e40
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd3d80 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3e40 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd3d80 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_attrs_to_rule] (0x1000): 
> Processing rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_user_attrs_to_rule] (0x1000): 
> Processing users for rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200): 
> Category is set to 'all'.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_service_attrs_to_rule] 
> (0x1000): Processing PAM services for rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200): 
> Category is set to 'all'.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_thost_attrs_to_rule] (0x1000): 
> Processing target hosts for rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200): 
> Category is set to 'all'.
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule] (0x0400): 
> Processing source hosts for rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule] (0x2000): 
> Source hosts disabled, setting ALL
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1da0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3d80
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1da0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3d80 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1da0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): 
> [22] groups for [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): 
> Added group [admins] for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Replication 
> Administrators,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Add Replication 
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Modify Replication 
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Remove Replication 
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Modify DNA 
> Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Modify PassSync Managers 
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Add Configuration 
> Sub-Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Read LDBM Database 
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Read PassSync Managers 
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Read DNA 
> Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=System: Read Replication 
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=Host 
> Enrollment,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=System: Add krbPrincipalName to a 
> Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=System: Enroll a 
> Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=System: Manage Host 
> Certificates,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=System: Manage Host Enrollment 
> Password,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf [cn=System: Manage Host 
> Keytab,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): 
> Added group [ipausers] for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): 
> Added group [developers] for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000): 
> Skipping non-group memberOf 
> [ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): 
> Added group [jira-administrators] for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1da0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3d80
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1da0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3d80 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1da0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_callback": 0x1bd1da0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event 
> "ltdb_timeout": 0x1bd3d80
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer event 
> 0x1bd1da0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer 
> event 0x1bd3d80 "ltdb_timeout"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event 
> 0x1bd1da0 "ltdb_callback"
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [ipa_hbac_evaluate_rules] (0x0080): 
> Access granted by HBAC rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): 
> releasing operation connection
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Backend returned: (0, 0, <NULL>) [Success]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): 
> Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Backend returned: (0, 0, Success) [Success]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): 
> Sent result [0][internal.emerlyn.com <http://internal.emerlyn.com>]
> (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.service.ping on path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.service.ping on path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
> (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn: 
> 0x1b6eac0
> (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): 
> Received SBUS method org.freedesktop.sssd.service.ping on path 
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com 
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): 
> Not a sysbus message, quit
>
> *
>
>
>
> On Thu, Aug 11, 2016 at 2:40 PM, Justin Stephenson 
> <jstephen at redhat.com <mailto:jstephen at redhat.com>> wrote:
>
>     Hello,
>
>     Could you increase the debug level to 9, restart sssd  + clear the
>     cache and reproduce the problem then provide the sssd_<domain>.log
>     as well as the sssd_sudo.log ?
>
>     Also you may want to rule out HBAC issues with the below command:
>
>          # ipa hbactest --user 'jgoddard' --host $(hostname) --service
>     sudo
>
>     Kind regards,
>
>     Justin Stephenson
>
>     On 08/11/2016 02:24 PM, Jeff Goddard wrote:
>>     Here is relevant configuration files:
>>
>>     *nsswitch.conf:*
>>
>>     passwd:         compat sss
>>     group:          compat sss
>>     shadow:         compat sss
>>     gshadow:        files
>>
>>     hosts:          files dns
>>     networks:       files
>>
>>     protocols:      db files
>>     services:       db files sss
>>     ethers:         db files
>>     rpc:            db files
>>
>>     netgroup:       nis sss
>>     sudoers: sss files
>>
>>     *sssd.conf:*
>>
>>     [domain/internal.emerlyn.com <http://internal.emerlyn.com>]
>>
>>     cache_credentials = True
>>     krb5_store_password_if_offline = True
>>     ipa_domain = internal.emerlyn.com <http://internal.emerlyn.com>
>>     id_provider = ipa
>>     auth_provider = ipa
>>     access_provider = ipa
>>     ipa_hostname = docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     chpass_provider = ipa
>>     ipa_server = _srv_, id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     ldap_tls_cacert = /etc/ipa/ca.crt
>>     sudo_provider=ipa
>>     ldap_uri=ldap://id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
>>     debug_level=7
>>
>>     [sssd]
>>     services = nss, pam, sudo, ssh
>>     debug_level=7
>>     domains = internal.emerlyn.com <http://internal.emerlyn.com>
>>
>>     [nss]
>>     homedir_substring = /home
>>
>>     [pam]
>>
>>     [sudo]
>>     debug_level=7
>>     [autofs]
>>
>>     [ssh]
>>     debug_level=7
>>     [pac]
>>
>>     [ifp]
>>
>>     *Log output - /var/log/sssd/sssd_sudo.log:
>>
>>     *(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [accept_fd_handler]
>>     (0x0400): Client connected!
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version]
>>     (0x0200): Received client version [1].
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version]
>>     (0x0200): Offered version [1].
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_cmd_parse_query_done] (0x0200): Requesting default
>>     options for [jgoddard] from [<ALL>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0200): Requesting info about [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0400): Returning info for user [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x0400): Retrieving default options for [jgoddard] from
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with [(&(objectClass=sudoRule)(|(name=defaults)))]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules
>>     for [<default options>@internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard*
>>     (*Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for
>>     [jgoddard] from [<ALL>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0200): Requesting info about [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0400): Returning info for user [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x0400): Retrieving rules for [jgoddard] from
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules]
>>     (0x0400): Sorting rules with higher-wins logic
>>     (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules
>>     for [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv] (0x0200):
>>     Client disconnected!
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler]
>>     (0x0400): Client connected!
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version]
>>     (0x0200): Received client version [1].
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version]
>>     (0x0200): Offered version [1].
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_cmd_parse_query_done] (0x0200): Requesting default
>>     options for [jgoddard] from [<ALL>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0200): Requesting info about [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0400): Returning info for user [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x0400): Retrieving default options for [jgoddard] from
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with [(&(objectClass=sudoRule)(|(name=defaults)))]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules
>>     for [<default options>@internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for
>>     [jgoddard] from [<ALL>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0200): Requesting info about [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0400): Returning info for user [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x0400): Retrieving rules for [jgoddard] from
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules]
>>     (0x0400): Sorting rules with higher-wins logic
>>     (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules
>>     for [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]*
>>
>>     *
>>
>>     On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden
>>     <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
>>
>>         Jeff Goddard wrote:
>>
>>             I've looked though these but not found anything helpful.
>>             It appears as
>>             though my previous statement about the 1 group being
>>             found was
>>             misleading as the sssd.$mydomain.com.log file reports
>>             that no sudo rules
>>             are found. Does this mean that the LDAP tree being
>>             searched is different
>>             on ubuntu vs centos?
>>
>>
>>         I find that extremely unlikely.
>>
>>         You may want to outline more what you've already checked.
>>
>>         For example, is sss in sudoers in /etc/nsswitch.conf?
>>
>>         You can check the 389-ds access log to see what, if any
>>         queries are being made. I'd clean the sssd cache in advance.
>>
>>         rob
>>
>>
>>             Jeff
>>
>>             On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden
>>             <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>             <mailto:rcritten at redhat.com
>>             <mailto:rcritten at redhat.com>>> wrote:
>>
>>                 Jeff Goddard wrote:
>>
>>                     Sean,
>>
>>                     Thanks for the reply. I don't think that's my
>>             problem but I'm
>>                     posting a
>>                     redacted copy of the sssd.conf file for review below.
>>
>>
>>                 I'd start here:
>>             https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>             <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>>                
>>             <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>             <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>>
>>
>>                 rob
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>     -- 
>>     Jeff Goddard
>>     Director of Information Technology
>>     Emerlyn Technology
>>
>>     Email: jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>
>>     Telephone: (603) 447-8571 <tel:%28603%29%20447-8571>
>>     Toll free: (888) 363-7596 ext. 108
>>     <tel:%28888%29%20363-7596%20ext.%20108>
>>     Fax: (603) 356-3346 <tel:%28603%29%20356-3346>
>>
>>
>>
>
>
>
>
> Thanks,
>
> Jeff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/1fd07020/attachment.htm>

From jgoddard at emerlyn.com  Thu Aug 11 20:26:43 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 11 Aug 2016 16:26:43 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
Message-ID: <CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>

Justin,

Thanks for confirming I'm not crazy. The error I get is:

jgoddard at docker-dev-01:~$ sudo -l
[sudo] password for jgoddard:
Sorry, user jgoddard may not run sudo on docker-dev-01.internal.emerlyn.com.

I read the wiki but there is no file /etc/sudo.conf on this system. Can
someone provide me with a pointer to the correct layout and syntax of what
the file contents shoudl be?

root at docker-dev-01:/home/jgoddard# find /etc -name sudo*
/etc/sudoers
/etc/pam.d/sudo
/etc/sudoers.d

Thanks,

Jeff

On Thu, Aug 11, 2016 at 4:14 PM, Justin Stephenson <jstephen at redhat.com>
wrote:

> I checked the logs but I don't see any problem the sssd processing of the
> sudo attempt, I will defer to others on the mailing list however in case I
> missed something.
>
> What is the exact error when sudo fails? I suppose the PAM stack could be
> misconfigured or strace may be useful to look at, you can also enable
> debugging for sudo itself in /etc/sudo.conf as the SSSD troubleshooting
> wiki mentions.
>
> ===================================
>
> I see in the logs that the client does a LDAP search finds the sudorule
> called 'All' which gets stored in the cache file
>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com]]]
> [sysdb_sudo_store_rule] (0x0400): Adding sudo rule All
>
> sssd finds the rule in the cache successfully for this user as part of the
> 'developers' group
>
>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>
> successful response here from the backend for the PAM auth and acct
> section of the sudo call
>
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler] (0x0100): Got request with the following data
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): domain: internal.emerlyn.com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): user: jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): service: sudo
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): tty: /dev/pts/0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): ruser: jgoddard
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): rhost:
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): authtok type: 1
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): priv: 0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): cli_pid: 5477
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): logon name: not set
> <snip>
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][
> internal.emerlyn.com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][internal.emerlyn.com]
>
>
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): domain: internal.emerlyn.com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): user: jgoddard
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): service: sudo
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): tty: /dev/pts/0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): ruser: jgoddard
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): rhost:
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): authtok type: 0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): newauthtok type: 0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): priv: 0
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): cli_pid: 5477
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [pam_print_data] (0x0100): logon name: not set
> <snip>
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[(nil)], ldap[0x1b977d0]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
> [Success]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Sending result [0][
> internal.emerlyn.com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
> [be_pam_handler_callback] (0x0100): Sent result [0][internal.emerlyn.com]
>
> Kind regards,
> Justin Stephenson
>
>
> On 08/11/2016 03:26 PM, Jeff Goddard wrote:
>
> Thanks you for the response. Here are the requested outputs. I did
> manually delete the cache via the command
>
> rm -rf /var/lib/sss/db/*
>
>
> prior to issues the sudo -l command as the jgoddard user
>
> [jgoddard at id-management-1 root]$ ipa hbactest --user 'jgoddard' --host
> docker-dev-01.internal.emerlyn.com --service sudo
> --------------------
> Access granted: True
> --------------------
>   Matched rules: allow_all
>
>
> */var/log/sssd/sssd_sudo.log: *(Thu Aug 11 15:05:26 2016) [sssd[sudo]]
> [ldb] (0x4000): Added timed event "ltdb_callback": 0x1b44dc0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b47310
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b44dc0 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b47310 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b44dc0 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%admins)(sudoUser=%developers)(
> sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=
> +*))(&(dataExpireTimestamp<=1470942326)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b57730
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4ade0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b57730 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4ade0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b57730 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51c90
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4ade0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51c90 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4ade0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51c90 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51990
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b44dc0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b44dc0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)
> (sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-
> administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51990
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b44dc0
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b44dc0 "ltdb_timeout"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51990 "ltdb_callback"
>
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
> Sorting rules with higher-wins logic
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client
> disconnected!
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000):
> Terminated client [0x1b51d80][18]
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> root at docker-dev-01:/home/jgoddard# cat /var/log/sssd/sssd_sudo.log|grep
> 15:05
> (Thu Aug 11 15:05:02 2016) [sssd[sudo]] [sss_responder_ctx_destructor]
> (0x0400): Responder is being shut down
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [server_setup] (0x0400): CONFDB:
> /var/lib/sss/db/config.ldb
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal]
> (0x0400): No enumeration for [internal.emerlyn.com]!
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal]
> (0x1000): pwd_expiration_warning is -1
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] (0x0400):
> Adding connection 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000):
> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
> (0x0400): Registering interface org.freedesktop.sssd.service with path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path]
> (0x0400): Registering object path /org/freedesktop/sssd/service with D-Bus
> connection
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
> (0x0400): Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
> (0x0400): Registering interface org.freedesktop.DBus.Introspectable with
> path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [monitor_common_send_id] (0x0100):
> Sending ID: (sudo,1)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
> 0x1b3d330
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_names_init_from_args]
> (0x0100): Using re [(((?P<domain>[^\\]+)\\(?P<
> name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_fqnames_init] (0x0100): Using
> fq format [%1$s@%2$s].
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] (0x0400):
> Adding connection 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000):
> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
> (0x0400): Registering interface org.freedesktop.sssd.dataprovider with
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path]
> (0x0400): Registering object path /org/freedesktop/sssd/dataprovider with
> D-Bus connection
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
> (0x0400): Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
> (0x0400): Registering interface org.freedesktop.DBus.Introspectable with
> path /org/freedesktop/sssd/dataprovider
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_common_send_id] (0x0100):
> Sending ID to DP: (1,SUDO)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
> 0x1b47b30
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sysdb_domain_init_internal]
> (0x0200): DB File for internal.emerlyn.com: /var/lib/sss/db/cache_
> internal.emerlyn.com.ldb
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4a1f0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4a2b0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4a1f0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4a2b0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4a1f0 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x0400): asq: Unable to
> register control with rootdse!
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4a230
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4a2f0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4a230 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4a2f0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4a230 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4a300
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4a3c0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4a3c0 "ltdb_timeout"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_process_init] (0x0400):
> Responder Initialization complete
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'root' matched without domain, user is root
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400):
> Adding [NCE/USER/internal.emerlyn.com/root] to negative cache permanently
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'root' matched without domain, user is root
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400):
> Adding [NCE/GROUP/internal.emerlyn.com/root] to negative cache permanently
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sudo_process_init] (0x0400): SUDO
> Initialization complete
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x40df50:domains at internal.emerlyn.com]
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_get_domains_msg] (0x0400):
> Sending get domains request for [internal.emerlyn.com][]
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
> 0x1b4bcb0
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_internal_get_send]
> (0x0400): Entering request [0x40df50:domains at internal.emerlyn.com]
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
> 0x1b47b30
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b46310
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_id_callback] (0x0100): Got id
> ack and version (1) from DP
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
> 0x1b3d330
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [id_callback] (0x0100): Got id ack
> and version (1) from Monitor
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
> 0x1b4bcb0
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b46310
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4ade0
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b47e60
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4ade0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b47e60 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4ade0 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4a300
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b51d80
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b51d80 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4a300 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b49350
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b456f0
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b49350 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b456f0 "ltdb_timeout"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b49350 "ltdb_callback"
> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x40df50:domains at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[5477].
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
> Client connected!
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
> protocol version [1]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4bb60
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4bc20
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4bc20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4bb60
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4bc20
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4bc20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4bb60 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b456f0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4f420
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4f420 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%admins)(sudoUser=%developers)(
> sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=
> +*))(&(dataExpireTimestamp<=1470942326)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b59070
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b47f20
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b59070 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b47f20 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b59070 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> name=defaults)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b456f0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b47310
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b47310 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b456f0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
> protocol version [1]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
> Requesting info about [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b4a580
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4a640
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b4a580 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4a640 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b4a580 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51c90
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4ade0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4ade0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b44dc0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b47310
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b44dc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b47310 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b44dc0 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#
> 320000001)(sudoUser=%admins)(sudoUser=%developers)(
> sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=
> +*))(&(dataExpireTimestamp<=1470942326)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b57730
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4ade0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b57730 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4ade0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b57730 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
> About to get sudo rules from cache
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51c90
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b4ade0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b4ade0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51c90 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51990
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b44dc0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b44dc0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(
> sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)
> (sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-
> administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b51990
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x1b44dc0
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
> event 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
> event 0x1b44dc0 "ltdb_timeout"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
> 0x1b51990 "ltdb_callback"
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
> Sorting rules with higher-wins logic
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x1b51d80][18]
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client
> disconnected!
> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000):
> Terminated client [0x1b51d80][18]
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
> conn: 0x1b42660
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send]
> (0x2000): Not a sysbus message, quit
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> */var/log/sssd/sssd_$domain: (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_remove_watch] (0x2000): 0x93cf00/0x93b9b0 (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_remove_watch] (0x2000): 0x93cf00/0x920410 (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [remove_krb5_info_files] (0x0200): Could not remove
> [/var/lib/sss/pubconf/kpasswdinfo.INTERNAL.EMERLYN.COM
> <http://kpasswdinfo.INTERNAL.EMERLYN.COM>], [2][No such file or directory]
> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400):
> Terminating periodic task [SUDO Smart Refresh] (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_ptask_destructor] (0x0400): Terminating periodic task [SUDO Full
> Refresh] (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000): Trace:
> sh[0x943830], connected[1], ops[(nil)], ldap[0x936580], destructor_lock[0],
> release_memory[0] (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [remove_connection_callback] (0x4000):
> Successfully removed connection callback. (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_remove_watch] (0x2000): 0x922860/0x9237a0 (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [remove_socket_symlink] (0x4000): The symlink points to
> [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
> <http://sbus-dp_internal.emerlyn.com>.5155] (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [remove_socket_symlink] (0x4000): The path including our pid is
> [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
> <http://sbus-dp_internal.emerlyn.com>.5155] (Thu Aug 11 15:05:02 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [remove_socket_symlink] (0x4000): Removed the symlink (Thu Aug 11 15:05:02
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_client_destructor] (0x0400): Removed SUDO client (Thu Aug 11 15:05:02
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_client_destructor] (0x0400): Removed SSH client (Thu Aug 11 15:05:02
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_client_destructor] (0x0400): Removed PAM client (Thu Aug 11 15:05:02
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_client_destructor] (0x0400): Removed NSS client (Thu Aug 11 15:05:02
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_client_destructor] (0x0400): Removed PAC client (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> lookup_family_order has value ipv4_first (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option dns_resolver_timeout has value 6 (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> dns_resolver_op_timeout has value 6 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option dns_discovery_domain has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_res_get_opts] (0x0100): Lookup order:
> ipv4_first (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [recreate_ares_channel] (0x0100):
> Initializing new c-ares channel (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_context_init] (0x0400): Created new fail over context, retry timeout is
> 30 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [confdb_get_domain_internal] (0x0400): No
> enumeration for [internal.emerlyn.com <http://internal.emerlyn.com>]! (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [confdb_get_domain_internal] (0x1000):
> pwd_expiration_warning is -1 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_domain_init_internal] (0x0200): DB File for internal.emerlyn.com
> <http://internal.emerlyn.com>:
> /var/lib/sss/db/cache_internal.emerlyn.com.ldb (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b83020 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b830e0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b83020 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b830e0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b83020 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x0400): asq: Unable to register control with rootdse! (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b82220 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b822e0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b82220 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b822e0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b82220 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b822e0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b6d8c0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b822e0 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b6d8c0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b822e0 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_init_connection] (0x0400): Adding connection 0x1b6eac0 (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
> 0x1b84310/0x1b6c3a0 (15), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3f0 (15), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.sssd.service with path
> /org/freedesktop/sssd/service (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_conn_register_path] (0x0400): Registering object path
> /org/freedesktop/sssd/service with D-Bus connection (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.DBus.Introspectable with path
> /org/freedesktop/sssd/service (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [monitor_common_send_id] (0x0100): Sending ID: (%BE_internal.emerlyn.com
> <http://BE_internal.emerlyn.com>,1) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_timeout] (0x2000): 0x1b6c560 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3f0 (15), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1b84310/0x1b6c3a0 (15), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sss_names_init_from_args] (0x0100): Using re
> [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sss_fqnames_init] (0x0100): Using fq
> format [%1$s@%2$s]. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [create_socket_symlink] (0x1000): Symlinking the dbus path
> /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
> <http://sbus-dp_internal.emerlyn.com>.5466 to a link
> /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
> <http://sbus-dp_internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_new_server] (0x0400): D-BUS Server listening on
> unix:path=/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466,guid=0bf360c8f774f978ad53dd4157accc6c
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
> 0x1b85860/0x1b867a0 (16), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [load_backend_module] (0x1000): Loading backend [ipa] with path
> [/usr/lib/x86_64-linux-gnu/sssd/libsss_ipa.so]. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_domain has value internal.emerlyn.com
> <http://internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_server has value _srv_,
> id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_backup_server has no value (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_hostname has value docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_hbac_search_base has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_host_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_selinux_search_base has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_subdomains_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_master_domain_search_base has no
> value (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_realm has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_hbac_refresh has value 5 (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_selinux_refresh has value 5 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_hbac_support_srchost is FALSE (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_automount_location has value default (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_ranges_search_base has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_enable_dns_sites is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ipa_server_mode is FALSE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ipa_views_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_confd_path has value
> /var/lib/sss/pubconf/krb5.include.d (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_new_service] (0x0400): Creating new service 'IPA' (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_add_srv_server] (0x0400): Adding new SRV server to service 'IPA' using
> 'tcp'. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added
> service lookup for service IPA (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_add_server_to_list] (0x0400): Inserted primary server
> 'id-management-1.internal.emerlyn.com:0
> <http://id-management-1.internal.emerlyn.com:0>' to service 'IPA' (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added Server
> id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_uri has value
> ldap://id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_backup_uri has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_default_bind_dn has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_default_authtok_type has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_default_authtok has no binary value.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_search_timeout has value 6 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_network_timeout has value 6 (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_opt_timeout has value 6 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_tls_reqcert has value hard (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_user_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_user_search_scope has value sub (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_user_search_filter has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_user_extra_attrs has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_group_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_group_search_scope has value sub
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_group_search_filter has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_service_search_base has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sudo_search_base has value ou=sudoers,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sudo_full_refresh_interval has value 21600 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has
> value 900 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sudo_use_host_filter is TRUE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_sudo_hostnames has no value (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sudo_ip has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_sudo_include_netgroups is TRUE (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sudo_include_regexp is TRUE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_autofs_search_base has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_autofs_map_master_name has value auto.master (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_schema has value ipa_v1 (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_offline_timeout has value 60 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_force_upper_case_realm is TRUE (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_enumeration_refresh_timeout has value 300 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 0 (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_tls_cacert has value /etc/ipa/ca.crt (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_tls_cacertdir has no value (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_tls_cert has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_tls_key has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_tls_cipher_suite has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_id_use_start_tls is FALSE (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_id_mapping is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_sasl_mech has value GSSAPI (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sasl_authid has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_sasl_realm has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_sasl_minssf has value 56 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_krb5_keytab has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_krb5_init_creds is TRUE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_server has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_backup_server has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_realm has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_canonicalize is TRUE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_use_kdcinfo is TRUE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_pwd_policy has value none (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_referrals is TRUE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> account_cache_expiration has value 0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_dns_service_name has value ldap (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_krb5_ticket_lifetime has value 86400 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_access_filter has no value (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_netgroup_search_base has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_group_nesting_level has value 2 (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_deref has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_account_expire_policy has value ipa
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_access_order has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_chpass_uri has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_chpass_backup_uri has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_chpass_dns_service_name has no value
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_chpass_update_last_change is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_enumeration_search_timeout has value
> 60 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_auth_disable_tls_never_use_in_production is FALSE (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_page_size has value 1000 (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_deref_threshold has value 10 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_sasl_canonicalize is FALSE (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_connection_expire_timeout has value 900 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_disable_paging is FALSE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_idmap_range_min has value 200000 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_idmap_range_max has value 2000200000
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_idmap_range_size has value 200000 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_idmap_autorid_compat is FALSE (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_idmap_default_domain has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_idmap_default_domain_sid has no
> value (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_idmap_helper_table_size has value 10 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_groups_use_matching_rule_in_chain is
> FALSE (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_initgroups_use_matching_rule_in_chain is FALSE (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_use_tokengroups is TRUE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_rfc2307_fallback_to_local_users is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_disable_range_retrieval is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_min_id has value 0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option ldap_max_id has value 0 (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> ldap_pwdlockout_dn has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option wildcard_limit has value 1000 (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
> ldap_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [DEFAULT][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
> krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_set_sasl_options] (0x0100): Will
> look for docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in default keytab
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] (0x0200):
> trying to select the most appropriate principal from keytab (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
> Trying to find principal
> docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in keytab. (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x0400): No
> principal matching docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> found in keytab.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
> Trying to find principal DOCKER-DEV-01$@INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM> in keytab. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [find_principal_in_keytab] (0x0400): No principal matching
> DOCKER-DEV-01$@INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> found in
> keytab. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
> Trying to find principal
> host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in keytab. (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [match_principal] (0x1000): Principal
> matched to the sample
> (host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>). (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] (0x0200):
> Selected primary: host/docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [select_principal_from_keytab] (0x0200): Selected realm:
> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to
> host/docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to
> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_get_id_options] (0x0400): Option ldap_user_search_base set to
> cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [common_parse_search_base] (0x0100): Search base added:
> [USER][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
> ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [GROUP][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
> ldap_netgroup_search_base set to cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [NETGROUP][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
> ipa_host_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [IPA_HOST][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
> ipa_hbac_search_base set to cn=hbac,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [IPA_HBAC][cn=hbac,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
> ipa_selinux_search_base set to cn=selinux,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [IPA_SELINUX][cn=selinux,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
> ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [SERVICE][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
> ipa_subdomains_search_base set to cn=trusts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [IPA_SUBDOMAINS][cn=trusts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
> ipa_master_domain_search_base set to
> cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [common_parse_search_base] (0x0100): Search base added:
> [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
> ipa_ranges_search_base set to
> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [common_parse_search_base] (0x0100): Search base added:
> [IPA_RANGES][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
> ipa_views_search_base set to
> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [common_parse_search_base] (0x0100): Search base added:
> [IPA_VIEWS][cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_entry_usn has value entryUSN (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_rootdse_last_usn has value lastUSN
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_object_class has value posixAccount (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_name has value uid (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_pwd has value userPassword (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_gid_number has value gidNumber (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_home_directory has value homeDirectory (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_principal has value krbPrincipalName (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_fullname has value cn (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_member_of has value memberOf (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_uuid has value ipaUniqueID (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_objectsid has value ipaNTSecurityIdentifier (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_primary_group has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_modify_timestamp has value modifyTimestamp (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_entry_usn has no value (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_shadow_last_change has value shadowLastChange (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_shadow_min has value shadowMin (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_shadow_max has value shadowMax
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_shadow_warning has value shadowWarning (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_shadow_inactive has value
> shadowInactive (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_shadow_expire has value shadowExpire (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_shadow_flag has value shadowFlag
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_krb_last_pwd_change has value krbLastPwdChange (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_krb_password_expiration has value krbPasswordExpiration (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_pwd_attribute has value pwdAttribute (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_authorized_service has value
> authorizedService (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_ad_account_expires has value accountExpires (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_ad_user_account_control has value
> userAccountControl (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_ns_account_lock has value nsAccountLock (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_authorized_host has value host
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_nds_login_disabled has value loginDisabled (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_nds_login_expiration_time has
> value loginExpirationTime (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_nds_login_allowed_time_map has
> value loginAllowedTimeMap (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has value
> ipaSshPubKey (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_auth_type has value ipaUserAuthType (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_certificate has value
> userCertificate;binary (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_object_class has value
> ipaUserGroup (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_object_class_alt has value posixGroup (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_name has value cn (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_pwd has value userPassword (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_member has value member (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_uuid has value ipaUniqueID (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_objectsid has value ipaNTSecurityIdentifier (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_modify_timestamp has value
> modifyTimestamp (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_entry_usn has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_type has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_external_member has value ipaExternalMember (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_netgroup_object_class has value
> ipaNisNetgroup (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_netgroup_name has value cn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_netgroup_member has value member (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_netgroup_member_of has value memberOf (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_netgroup_member_user has value
> memberUser (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_netgroup_member_host has value memberHost (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_netgroup_member_ext_host has value
> externalHost (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_netgroup_domain has value nisDomainName (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_netgroup_uuid has value ipaUniqueID
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_host_object_class has value ipaHost (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_host_name has value cn (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_host_fqdn has value fqdn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_host_serverhostname has value
> serverHostname (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_host_member_of has value memberOf (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_host_ssh_public_key has value
> ipaSshPubKey (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_host_uuid has value ipaUniqueID (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_hostgroup_objectclass has value
> ipaHostgroup (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_hostgroup_name has value cn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_hostgroup_memberof has value memberOf
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_hostgroup_uuid has value ipaUniqueID (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_service_object_class has value
> ipService (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_service_name has value cn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_service_port has value ipServicePort
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_service_proto has value ipServiceProtocol (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_object_class has value ipaselinuxusermap (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_name has value cn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_user has value
> memberUser (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_member_host has value memberHost (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_selinux_usermap_see_also has value
> seeAlso (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_selinux_user has value ipaSELinuxUser (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_enabled has value ipaEnabledFlag (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_selinux_usermap_user_category has value
> userCategory (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_host_category has value hostCategory (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_selinux_usermap_uuid has value ipaUniqueID (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_view_class has value nsContainer (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_view_name has value cn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_overide_object_class has value
> ipaOverrideAnchor (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_anchor_uuid has value ipaAnchorUUID (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ipa_user_override_object_class has value
> ipaUserOverride (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ipa_group_override_object_class has value ipaGroupOverride (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_name has value uid (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_gid_number has value gidNumber (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_home_directory has value homeDirectory (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_group_name has value cn (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_user_ssh_public_key has value ipaSshPubKey (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option dyndns_update is FALSE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> dyndns_refresh_interval has value 0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option dyndns_iface has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> dyndns_ttl has value 1200 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option dyndns_update_ptr is FALSE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> dyndns_force_tcp is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option dyndns_auth has value gss-tsig (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> dyndns_server has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b93620 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b97080 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b93620 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b97080 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b93620 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_setup_tasks] (0x0400): Setting up cleanup task for
> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b8fce0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b96770 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b8fce0 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b96770 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b8fce0 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sssm_ipa_id_init] (0x0020): Cannot find view name in the cache. Will do
> online lookup later. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to
> DNS (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin] (0x0400):
> SRV lookup plugin is now DNS (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_process_init] (0x2000): ID backend target successfully loaded from
> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_domain has value
> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_,
> id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_hostname has value docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value
> cn=hbac,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has value
> cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value
> cn=selinux,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value
> cn=trusts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has
> value cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option krb5_realm has value
> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_selinux_refresh has value 5 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_automount_location has value default (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value
> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_server_mode is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value
> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value
> /var/lib/sss/pubconf/krb5.include.d (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_server has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_backup_server has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_realm has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_ccachedir has value /tmp (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_ccname_template has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_auth_timeout has value 6 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_keytab has value /etc/krb5.keytab
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_validate is TRUE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_kpasswd has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_backup_kpasswd has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_store_password_if_offline is TRUE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_renewable_lifetime has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_lifetime has no value (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_renew_interval has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_use_fast has value try (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_fast_principal has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_canonicalize is TRUE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_use_enterprise_principal is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_get_options] (0x0400): Option krb5_use_kdcinfo is TRUE (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
> krb5_map_user has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy
> option (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0400): Option
> krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): Option
> krb5_fast_principal set to
> host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): Option
> krb5_use_kdcinfo set to true (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [check_and_export_lifetime] (0x0200): No lifetime configured. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [check_and_export_lifetime] (0x0200): No
> lifetime configured. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [check_and_export_options] (0x0100): No KDC explicitly configured, using
> defaults. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [check_and_export_options] (0x0100): No
> kpasswd server explicitly configured, using the KDC or defaults. (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [parse_krb5_map_user] (0x0200): Warning:
> krb5_map_user is empty! (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_process_init] (0x2000): AUTH backend target successfully loaded from
> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_domain has value
> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_,
> id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_hostname has value docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value
> cn=hbac,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has value
> cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value
> cn=selinux,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value
> cn=trusts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has
> value cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option krb5_realm has value
> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_selinux_refresh has value 5 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_automount_location has value default (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value
> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
> ipa_server_mode is FALSE (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value
> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value
> /var/lib/sss/pubconf/krb5.include.d (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_process_init] (0x2000): ACCESS backend target successfully loaded from
> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_process_init] (0x2000): CHPASS backend target successfully loaded from
> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sssm_ipa_sudo_init] (0x2000): Initializing IPA sudo handler (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x2000): Initializing IPA
> sudo back end (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x0400): Using LDAP
> schema for sudo (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_sudo_init] (0x2000): Initializing
> sudo LDAP back end (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
> Search base added:
> [SUDO][ou=sudoers,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_object_class has value sudoRole (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_sudorule_name has value cn (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_command has value sudoCommand (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_sudorule_host has value sudoHost (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_user has value sudoUser (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_sudorule_option has value sudoOption
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_runas has value sudoRunAs (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_sudorule_runasuser has value
> sudoRunAsUser (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_runasgroup has value sudoRunAsGroup (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_sudorule_notbefore has value
> sudoNotBefore (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_notafter has value sudoNotAfter (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_sudorule_order has value sudoOrder
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_sudorule_entry_usn has no value (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1ba05e0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9c740 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1ba05e0 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9c740 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1ba05e0 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_ptask_create] (0x0400): Periodic task [SUDO Full Refresh] was created
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400): Task [SUDO
> Full Refresh]: scheduling task 0 seconds from now [1470942316] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400): Periodic task
> [SUDO Smart Refresh] was created (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_ptask_schedule] (0x0400): Task [SUDO Smart Refresh]: scheduling task
> 900 seconds from now [1470943216] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_process_init] (0x2000): SUDO backend target successfully loaded from
> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
> name found in confdb, using [ipa]. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [load_backend_module] (0x1000): Backend [ipa] already loaded. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sssm_ipa_autofs_init] (0x2000):
> Initializing IPA autofs handler (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_autofs_init] (0x2000): Initializing autofs LDAP back end (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_autofs_options] (0x1000): Option
> ldap_autofs_search_base set to
> cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [common_parse_search_base] (0x0100): Search base added:
> [AUTOFS][cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_autofs_map_object_class has value automountMap (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_autofs_map_name has value
> automountMapName (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_autofs_entry_object_class has value automount (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_map] (0x0400): Option ldap_autofs_entry_key has value
> automountKey (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
> ldap_autofs_entry_value has value automountInformation (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_process_init] (0x2000): autofs backend target successfully loaded from
> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
> name found in confdb, using [ipa]. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [load_backend_module] (0x1000): Backend [ipa] already loaded. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): selinux
> backend target successfully loaded from provider [ipa]. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
> name found in confdb, using [ipa]. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [load_backend_module] (0x1000): Backend [ipa] already loaded. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): HOST backend
> target successfully loaded from provider [ipa]. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [load_backend_module] (0x0200): no module name found in confdb, using
> [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_config_status] (0x4000): IPA subdomain provider is configured
> implicit. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_subdom_reinit] (0x2000):
> Re-initializing domain internal.emerlyn.com <http://internal.emerlyn.com>
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sss_write_krb5_localauth_snippet]
> (0x0200): File for localauth plugin configuration is
> [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin] (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9e080 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1ba02b0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9e080 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1ba02b0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9e080 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1ba02b0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1ba0370 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1ba0370 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1ba15f0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9fae0 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1ba15f0 "ltdb_callback" (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9fae0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1ba15f0 "ltdb_callback" (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sss_write_domain_mappings] (0x0200): Mapping file for domain
> [internal.emerlyn.com <http://internal.emerlyn.com>] is
> [/var/lib/sss/pubconf/krb5.include.d/domain_realm_internal_emerlyn_com]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): Get-Subdomains
> backend target successfully loaded from provider [ipa]. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [become_user] (0x0200): Trying to become
> user [0][0]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [become_user] (0x0200): Already user [0].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [main] (0x0400): Backend provider
> (internal.emerlyn.com <http://internal.emerlyn.com>) started! (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1b6eac0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1b6eac0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_execute] (0x0400): Task [SUDO
> Full Refresh]: executing task, timeout 21600 seconds (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo
> rules (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000):
> beginning to connect (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
> port 0 for server '(no name)' is 'neutral' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The status of
> SRV lookup is neutral (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
> 'ldap'. Will use DNS discovery domain 'internal.emerlyn.com
> <http://internal.emerlyn.com>' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of
> '_ldap._tcp.internal.emerlyn.com <http://tcp.internal.emerlyn.com>' (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [schedule_request_timeout] (0x2000):
> Scheduling a timeout of 6 seconds (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1b84310/0x1b6c3f0 (15), R/- (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1b84310/0x1b6c3f0 (15), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1b84310/0x1b6c3f0 (15), R/- (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1b84310/0x1b6c3f0 (15), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000): 0x1b6c560
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1b6eac0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [id_callback] (0x0100): Got id ack and
> version (1) from Monitor (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_getsrv_done] (0x1000): Using TTL
> [86400] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
> Deleting request watch (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_discover_srv_done] (0x0400): Got answer. Processing... (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400): Got 3
> servers (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
> primary server 'idmfs-01.internal.emerlyn.com:389
> <http://idmfs-01.internal.emerlyn.com:389>' to service 'IPA' (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
> primary server 'id-management-1.internal.emerlyn.com:389
> <http://id-management-1.internal.emerlyn.com:389>' to service 'IPA' (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
> primary server 'id-management-2.internal.emerlyn.com:389
> <http://id-management-2.internal.emerlyn.com:389>' to service 'IPA' (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [set_srv_data_status] (0x0100): Marking
> SRV lookup of service 'IPA' as 'resolved' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_server_status] (0x1000): Status of server
> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' is
> 'name not resolved' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolv_is_address] (0x4000): [idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>] does not look like an IP address
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
> (0x0100): Trying to resolve A record of 'idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>' in files (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [set_server_common_status] (0x0100): Marking server
> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' as
> 'resolving name' (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
> (0x0100): Trying to resolve AAAA record of 'idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>' in files (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolv_gethostbyname_next] (0x0200): No more address families to retry
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
> Querying DNS (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query] (0x0100):
> Trying to resolve A record of 'idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>' in DNS (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000):
> Scheduling DNS timeout watcher (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] (0x1000):
> Parsing an A reply (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
> Deleting request watch (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [set_server_common_status] (0x0100): Marking server
> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' as
> 'name resolved' (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
> Saving the first resolved server (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_resolve_server_process] (0x0200): Found address for server
> idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>:
> [10.72.100.56] TTL 1200 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_resolve_callback] (0x0400): Constructed uri
> 'ldap://idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [unique_filename_destructor] (0x2000): Unlinking
> [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
> (0x2000): File already removed:
> [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sss_ldap_init_send] (0x4000): Using file descriptor [19] for LDAP
> connection. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): Setting 6
> seconds timeout for connecting (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_async_sys_connect_done] (0x0020): connect failed [113][No route to
> host]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sss_ldap_init_sys_connect_done] (0x0020):
> sdap_async_sys_connect request failed: [113]: No route to host. (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sss_ldap_init_state_destructor] (0x0400):
> closing socket [19] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed:
> [113]: No route to host. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_handle_release] (0x2000): Trace: sh[0x1b9e670], connected[0],
> ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory[0] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): Setting
> status: PORT_NOT_WORKING. Called from:
> ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done: 1567
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): Marking
> port 389 of server 'idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>' as 'not working' (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
> port 389 of duplicate server 'idmfs-01.internal.emerlyn.com
> <http://idmfs-01.internal.emerlyn.com>' as 'not working' (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
> to resolve service 'IPA' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_server_status] (0x1000): Status of server
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'name not resolved' (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
> port 389 for server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'neutral' (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
> (0x2000): Resolve timeout set to 6 seconds (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
> server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'name not resolved' (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000):
> [id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>] does not look like an IP
> address (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
> (0x0100): Trying to resolve A record of
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' in files (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
> Marking server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'resolving name' (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
> (0x0100): Trying to resolve AAAA record of
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' in files (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_next] (0x0200): No
> more address families to retry (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolv_gethostbyname_step] (0x2000): Querying DNS (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' in DNS (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000):
> Scheduling DNS timeout watcher (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] (0x1000):
> Parsing an A reply (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
> Deleting request watch (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [set_server_common_status] (0x0100): Marking server
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'name resolved' (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200):
> Found address for server id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200 (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
> Constructed uri 'ldap://id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [unique_filename_destructor] (0x2000): Unlinking
> [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
> (0x2000): File already removed:
> [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sss_ldap_init_send] (0x4000): Using file descriptor [19] for LDAP
> connection. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): Setting 6
> seconds timeout for connecting (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
> [ldap://id-management-1.internal.emerlyn.com:389/??base
> <http://id-management-1.internal.emerlyn.com:389/??base>] with fd [19].
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_rootdse_send] (0x4000): Getting
> rootdse (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with [(objectclass=*)][]. (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [altServer] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [supportedControl] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [supportedExtension] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [supportedLDAPVersion] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [supportedSASLMechanisms] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [domainControllerFunctionality] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [defaultNamingContext] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [highestCommittedUSN] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 1
> timeout 6 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1ba44e0], ldap[0x1b977d0] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> []. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [vendorName] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [vendorVersion] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [dataversion] (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [netscapemdsuffix] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [changeLog] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [firstchangenumber] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [lastchangenumber] (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [namingContexts] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl] (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [supportedExtension] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [supportedSASLMechanisms] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [lastUSN] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1ba44e0], ldap[0x1b977d0] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 1 finished (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_rootdse_done] (0x2000): Got rootdse (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_server_opts_from_rootdse]
> (0x4000): USN value: 5396286 (int: 5396286) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_kinit_send] (0x0400): Attempting kinit (default,
> host/docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>, INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>, 86400) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service IPA (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
> to resolve service 'IPA' (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_server_status] (0x1000): Status of server
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'name resolved' (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
> (0x2000): Resolve timeout set to 6 seconds (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
> server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'name resolved' (Thu Aug
> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
> Saving the first resolved server (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_resolve_server_process] (0x0200): Found address for server
> id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200 (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
> resolved, attempting to get TGT... (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [create_tgt_req_send_buffer] (0x0400): buffer size: 83 (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [5472]
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): Signal
> handler set up for pid [5472] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [write_pipe_handler] (0x0400): All data has been sent! (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bbb650.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
> connection 0x1bbb650 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_watch] (0x2000): 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
> ID timeout [0x1bbc470] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.sssd.dataprovider with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_conn_register_path] (0x0400): Registering object path
> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.DBus.Introspectable with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bbb650 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb2120 (21), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bbfca0.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
> connection 0x1bbfca0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_watch] (0x2000): 0x1bc0bc0/0x1bbd620 (23), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc0bc0/0x1bbd670 (23), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
> ID timeout [0x1bc0ea0] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.sssd.dataprovider with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_conn_register_path] (0x0400): Registering object path
> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.DBus.Introspectable with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb2120 (21), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc0bc0/0x1bbd620 (23), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bc2540.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
> connection 0x1bc2540 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_watch] (0x2000): 0x1bc3920/0x1bc2040 (24), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc3920/0x1bc2090 (24), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
> ID timeout [0x1bc3c00] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.sssd.dataprovider with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_conn_register_path] (0x0400): Registering object path
> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.DBus.Introspectable with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc2540 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bc49b0.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
> connection 0x1bc49b0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_watch] (0x2000): 0x1bc5a70/0x1bc3a20 (25), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
> ID timeout [0x1bc5d50] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.sssd.dataprovider with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_conn_register_path] (0x0400): Registering object path
> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.DBus.Introspectable with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a70 (25), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc5a70/0x1bc3a20 (25), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a70 (25), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc5a70/0x1bc3a20 (25), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc0bc0/0x1bbd620 (23), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2090 (24), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc3920/0x1bc2040 (24), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2090 (24), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc3920/0x1bc2040 (24), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.RegisterService on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
> ID timeout [0x1bc0ea0] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [client_registration] (0x0100): Added Frontend client [PAM] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bbfca0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Queue is
> empty, running request immediately. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_queue_request] (0x4000): Adding request to queue. (Thu Aug 11 15:05:16
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): waiting for connection to complete (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bbfca0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc3920/0x1bc2090 (24), R/- (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2040 (24), -/W (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc3920/0x1bc2090 (24), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2040 (24), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bbc1c0/0x1bb2120 (21), R/- (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bbb650 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
> ID timeout [0x1bbc470] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [client_registration] (0x0100): Added Frontend client [SUDO] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bbb650 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
> request to queue. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc2540 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
> ID timeout [0x1bc3c00] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [client_registration] (0x0100): Added Frontend client [SSH] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc2540 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
> request to queue. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection]
> (0x0200): Entering. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bcaa90.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
> connection 0x1bcaa90 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_watch] (0x2000): 0x1bcba00/0x1bca5c0 (26), -/W (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bcba00/0x1bca610 (26), R/- (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
> ID timeout [0x1bcbce0] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.sssd.dataprovider with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_conn_register_path] (0x0400): Registering object path
> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
> Registering interface org.freedesktop.DBus.Properties with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_opath_hash_add_iface] (0x0400): Registering interface
> org.freedesktop.DBus.Introspectable with path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bcaa90 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bcba00/0x1bca5c0 (26), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bcba00/0x1bca5c0 (26), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (disabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bcba00/0x1bca5c0 (26), -/W (enabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled) (Thu
> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bcba00/0x1bca5c0 (26), -/W (disabled) (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bcaa90 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.RegisterService on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
> ID timeout [0x1bcbce0] (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [client_registration] (0x0100): Added Frontend client [PAC] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bcaa90 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
> request to queue. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting for
> child [5472]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child [5472]
> finished successfully. (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [read_pipe_handler] (0x0400): EOF received, client finished (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_tgt_recv] (0x0400): Child
> responded: 0 [FILE:/var/lib/sss/db/ccache_INTERNAL.EMERLYN.COM
> <http://ccache_INTERNAL.EMERLYN.COM>], expired on [1471028716] (Thu Aug 11
> 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x0100): expire
> timeout is 900 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x1000): the
> connection will expire at 1470943216 (Thu Aug 11 15:05:16 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user:
> host/docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
> from: ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv:
> 2052 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): Marking
> port 389 of server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
> Marking server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
> port 389 of duplicate server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): notify
> connected to op #1 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_connect_done] (0x0400):
> SUDO LDAP connection successful (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [check_ipv4_addr] (0x0200): Loopback IPv4 address 127.0.0.1 (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] (0x2000):
> Found IP address: 10.72.100.66 in network 10.72.100.0/24
> <http://10.72.100.0/24> (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 172.17.0.1 in
> network 172.17.0.0/16 <http://172.17.0.0/16> (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [check_ipv6_addr] (0x0200): Loopback IPv6 address ::1 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
> fe80::250:56ff:fe9a:495f in network fe80::/64 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
> fe80::42:43ff:fe27:e955 in network fe80::/64 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
> fe80::ac23:29ff:fe04:bb1a in network fe80::/64 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
> fe80::c494:9dff:feed:a7d8 in network fe80::/64 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_hostnames_send] (0x2000): Found fqdn:
> docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_get_hostnames_send] (0x2000): Found hostname: docker-dev-01 (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): notify
> connected to op #2 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaBaseID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 5 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 5 timeout 6 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_done] (0x4000): caching successful connection after 2
> notifies (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_run_unconditional_online_cb] (0x0400):
> Running unconditional online callbacks. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_send] (0x0400):
> About to fetch sudo rules (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_search_bases_next_base] (0x0400): Issuing LDAP lookup with base
> [ou=sudoers,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>)(sudoHost=docker-dev-01)(sudoHost=10.72.100.66)(sudoHost=10.72.100.0/24)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=fe80::250:56ff:fe9a:495f)(sudoHost=fe80::/64)(sudoHost=fe80::42:43ff:fe27:e955)(sudoHost=fe80::/64)(sudoHost=fe80::ac23:29ff:fe04:bb1a)(sudoHost=fe80::/64)(sudoHost=fe80::c494:9dff:feed:a7d8)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=sudoers,dc=internal,dc=emerlyn,dc=com
> <http://10.72.100.0/24%29%28sudoHost=172.17.0.1%29%28sudoHost=172.17.0.0/16%29%28sudoHost=fe80::250:56ff:fe9a:495f%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::42:43ff:fe27:e955%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::ac23:29ff:fe04:bb1a%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::c494:9dff:feed:a7d8%29%28sudoHost=fe80::/64%29%28sudoHost=+*%29%28%7C%28sudoHost=*%5C%5C*%29%28sudoHost=*?*%29%28sudoHost=*%5C2A*%29%28sudoHost=*[*]*%29%29%29%29][ou=sudoers,dc=internal,dc=emerlyn,dc=com>].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sudoCommand] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoHost] (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sudoUser] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOption] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sudoRunAs] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoRunAsUser]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sudoRunAsGroup] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotBefore]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sudoNotAfter] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOrder] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 6
> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc5a70/0x1bc3a70 (25), R/- (disabled) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a20 (25), -/W (enabled) (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a20 (25), -/W (disabled) (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc49b0 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
> ID timeout [0x1bc5d50] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [client_registration] (0x0100): Added Frontend client [NSS] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc49b0 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
> subdomains [] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
> request to queue. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc49b0 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=All,ou=sudoers,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [sudoCommand] (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [sudoHost] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [sudoUser] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [sudoRunAsUser] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [sudoRunAsGroup] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 6 finished (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_search_bases_done] (0x0400): Receiving data from base
> [ou=sudoers,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_load_sudoers_done] (0x0040): Received 1 sudo rules (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_refresh_done] (0x0400): Received 1 rules (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb2300 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb23c0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2300 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb23c0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2300 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_sudo_store_rule] (0x0400): Adding sudo rule All (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb11b0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd63c0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb11b0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd63c0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb11b0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1be3710 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1be37d0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1be3710 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1be37d0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1be3710 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_refresh_done] (0x0400): Sudoers is successfuly stored in cache
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_sudo_set_usn] (0x0200): SUDO higher
> USN value: [2582737] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb31e0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb32a0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb31e0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb32a0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb31e0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb15d0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1690 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb15d0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1690 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb15d0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo
> rules (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_done] (0x0400): Task [SUDO Full
> Refresh]: finished successfully (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task
> 21600 seconds from last execution time [1470963916] (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bb0d50], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_subdom_reset_timeouts_cb] (0x4000):
> Resetting last_refreshed and disabled_until. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaBaseID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 7 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 7 timeout 6 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaBaseID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaRangeType] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 5 finished (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9eae0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9eba0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9eba0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_update_ranges] (0x0400): Adding range
> [INTERNAL.EMERLYN.COM_id_range]. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1be29e0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1be2aa0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1be29e0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1be2aa0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1be29e0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9eae0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9eba0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9eba0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9ea20 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9eae0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9ea20 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9eae0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9ea20 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 8
> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done]
> (0x4000): Checking master record.. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaBaseID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaRangeType] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 7 finished (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1ba02b0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1ba0370 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1ba0370 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1ba0370 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1ba0430 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1ba0370 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1ba0430 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1ba0370 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb2ad0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb2b90 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2ad0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb2b90 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2ad0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 9
> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done]
> (0x4000): Checking master record.. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN: [cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 8 finished (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb0f70 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1030 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1030 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb0f70 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1030 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1030 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd6910 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1040 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6910 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1040 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6910 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTTrustDirection] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 10
> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 9 finished (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTTrustDirection] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 11
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 11
> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd3e40], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 10 finished (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_deref_search_with_filter_send] (0x2000): Server supports OpenLDAP
> deref (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
> Dereferencing entry [cn=accounts,dc=internal,dc=emerlyn,dc=com] using
> OpenLDAP deref (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 12 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 12 timeout 6 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd6710], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 11 finished (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_deref_search_with_filter_send]
> (0x2000): Server supports OpenLDAP deref (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_search_send] (0x0400): Dereferencing entry
> [cn=accounts,dc=internal,dc=emerlyn,dc=com] using OpenLDAP deref (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 13 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 13 timeout 6 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
> control parsed (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 12 finished (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No view
> found, using default. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_get_view_name_done] (0x0400): Found view name [default]. (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): Found
> IPA default view name, replacing with sysdb default. (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_get_view_name_done] (0x4000): read_at_init [false] current view
> [(null)]. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd6870 (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd6930 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6870 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd6930 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6870 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd95b0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd9670 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd95b0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd9670 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd95b0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd04e0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd05a0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd05a0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1ba0500 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd95e0 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1ba0500 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd95e0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1ba0500 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1d60 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1e20 (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1d60 "ltdb_callback" (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1e20 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1d60 "ltdb_callback" (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
> request filed successfully. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
> request filed successfully. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
> request filed successfully. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
> request filed successfully. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Request
> queue is empty. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400): Back end is
> online (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task [SUDO
> Smart Refresh]: already enabled (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_ptask_online_cb] (0x0400): Back end is online (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_ptask_enable] (0x0080): Task [SUDO Full Refresh]: already enabled (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
> control parsed (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 13 finished (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No view
> found, using default. (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_get_view_name_done] (0x0400): Found view name [default]. (Thu Aug 11
> 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): Found
> IPA default view name, replacing with sysdb default. (Thu Aug 11 15:05:18
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_get_view_name_done] (0x4000): read_at_init [true] current view
> [default]. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[(nil)], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_sudo_online_cb] (0x0400): We are
> back online. SUDO host information will be renewed on next refresh. (Thu
> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [delayed_online_authentication_callback]
> (0x0200): Backend is online, starting delayed online authentication. (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc49b0 (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x1001][FAST BE_REQ_USER][1][idnumber=320000001] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb04f0 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb04f0 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb04f0 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_idmap_check_posix_child] (0x4000): Idmap of domain
> [S-1-5-21-711561063-4190233445-1602496204] already known, nothing to do.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000):
> reusing cached connection (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_search_user_next_base] (0x0400): Searching for users with base
> [cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(uidNumber=320000001)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userPassword] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [homeDirectory] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [krbPrincipalName] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [shadowMin] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [shadowWarning] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [shadowExpire] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [krbLastPwdChange] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [krbPasswordExpiration] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [authorizedService] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userAccountControl] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [host] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [loginExpirationTime] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [loginAllowedTimeMap] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUserAuthType] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userCertificate;binary] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 14
> timeout 6 (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [uid] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [uidNumber] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gecos] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory] (Thu Aug
> 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [loginShell] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange] (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [krbPasswordExpiration] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [nsAccountLock] (Thu Aug
> 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaSshPubKey] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 14 finished (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_search_user_process] (0x0400): Search for users, returned 1 results.
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_search_user_process] (0x4000):
> Retrieved total 1 users (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x0400): Save user (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jgoddard (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Processing user
> jgoddard (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000): Adding
> originalDN
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
> attributes of [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x0400): Adding original memberOf attributes to
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding original mod-Timestamp [20160811190153Z] to attributes of
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding user
> principal [jgoddard at INTERNAL.EMERLYN.COM <jgoddard at INTERNAL.EMERLYN.COM>]
> to attributes of [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> shadowMin is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> shadowWarning is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> shadowExpire is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard]. (Thu
> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding krbPasswordExpiration [20170718194453Z] to attributes of [jgoddard].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> pwdAttribute is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> adAccountExpires is not available for [jgoddard]. (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available
> for [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding nsAccountLock [FALSE] to attributes of [jgoddard]. (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> authorizedHost is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> ndsLoginExpirationTime is not available for [jgoddard]. (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> ndsLoginAllowedTimeMap is not available for [jgoddard]. (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding sshPublicKey
> [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
> to attributes of [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): authType is not available for
> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> userCertificate is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x0400): Storing info for user jgoddard (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfbbe0 (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfbca0 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfbbe0 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfbca0 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfbbe0 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfb6d0 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfaa10 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfb6d0 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfaa10 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfb6d0 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_user_by_uid] (0x0400): No such entry (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfebf0 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfecb0 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfebf0 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfecb0 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfebf0 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c09ca0 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c09d60 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c09ca0 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c09d60 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c09ca0 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c0af50 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bff180 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0af50 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bff180 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c0af50 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_users] (0x4000): User 0 processed! (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_users_done] (0x4000): Saving 1 Users - Done (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_done] (0x4000): releasing operation connection (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb27b0 (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb27b0 "ltdb_callback" (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb27b0 "ltdb_callback" (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
> (0x4000): Searching for overrides in view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:24 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 15 (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 15 timeout 6 (Thu Aug 11 15:05:24
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:24 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 15 finished (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
> override found with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb2060 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb2d60 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2060 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb2d60 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2060 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bc8780 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bc8780 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1ea0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bc8780 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000001] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(gidNumber=320000001)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 16 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 16 timeout 6 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gidNumber] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [modifyTimestamp] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 16 finished (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_groups_process] (0x0400): Search
> for groups, returned 1 results. (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_has_deref_support] (0x0400): The server supports deref method
> OpenLDAP (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [groups] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_process_send] (0x2000): About to process group
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 0 users
> found in the hash table (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str] (0x1000): No
> [objectSIDString] attribute. [0][Success] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x4000): objectSID: not available for group [(null)].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object jgoddard (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x0400): Processing group jgoddard (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x2000): This is a posix group (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
> attributes of [jgoddard]. (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20150116164416Z] to attributes of [jgoddard]. (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): The group has 0 members (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Group has 0 members (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x0400): Storing info for group jgoddard (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f70 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0f70 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_store_group] (0x1000): Group jgoddard does not exist. (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bae460 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9f970 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bae460 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9f970 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bae460 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd05a0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd0660 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd05a0 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd0660 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd05a0 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bca2c0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd6740 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bca2c0 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c011d0 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c01290 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bd6740 "ltdb_timeout" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bca2c0 "ltdb_callback" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c011d0 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c01290 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c011d0 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
> [0][Success] (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Failed to get
> group sid (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object jgoddard (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_grpmem] (0x0400): Processing group jgoddard (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_grpmem] (0x0400): No members for group [jgoddard] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd1280 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bae5c0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1280 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bae5c0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1280 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9f970 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bae5c0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bae5c0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
> members, done(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1baf710 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1baf710 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1ea0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1baf710 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
> (0x4000): Searching for overrides in view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))][cn=Default
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 17 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 17 timeout 6 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd3b80], ldap[0x1b977d0] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 17 finished (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
> override found with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1baf650 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1baf710 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1baf650 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1baf710 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1baf650 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb2290 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0 (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2290 "ltdb_callback" (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1ea0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2290 "ltdb_callback" (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000000] (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:25
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(gidNumber=320000000)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 18 (Thu Aug 11 15:05:25 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 18 timeout 6 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1b6eac0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): Not a
> sysbus message, quit (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gidNumber] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 18 finished (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
> table [groups] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> About to process group
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd6770 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd6830 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6770 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd6830 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6770 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bca3e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd67b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd67b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bca3e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd66b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd66b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd63c0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd6480 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd6480 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd6480 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd66c0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd66c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
> cache, skipping (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0f70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb12c0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7ae0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb12c0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7ae0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb12c0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb1210 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7ae0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb1210 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7ae0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb1210 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd04e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf14a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf14a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> Looking up 4/5 members of group
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> Members of group
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will be
> processed individually (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 4 users
> found in the hash table (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object jfifield (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): Search users with filter:
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb1160 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1220 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb1160 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1220 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb1160 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object admin (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b9f1e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd0a30 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9f1e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd0a30 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9f1e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object chunsicker (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b9fa30 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bcd910 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9fa30 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bcd910 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9fa30 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object test (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bcd910 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bae4d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bcd910 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bae4d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bcd910 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
> group admins (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a
> posix group (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding original DN
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
> attributes of [admins]. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20160408185328Z] to attributes of [admins]. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): The group has 5 members (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Group has 5 members (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [admin] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [chunsicker] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [jfifield] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [test] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x0400): Storing info for group admins (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd15f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd16b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd15f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd16b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd15f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_store_group] (0x1000): Group admins does not exist. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd07f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd15f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd07f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd15f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd07f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfd0a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd160 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd0a0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd160 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd0a0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfc820 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc8e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfc820 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c060a0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c06160 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bfc8e0 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bfc820 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c060a0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c06160 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c060a0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
> group admins (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c07c50 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc820 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c07c50 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfc820 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c07c50 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf94a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc820 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf94a0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfc820 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf94a0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_sids_of_members] (0x0400): No such entry (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
> or directory]. (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
> users to group [admins] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_find_entry_by_origDN] (0x4000): Searching cache for
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfc820 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf94a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfc820 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf94a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfc820 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_fill_memberships] (0x1000):     member #2
> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
> [name=jgoddard,cn=users,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfcd30 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd07f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfcd30 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd07f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfcd30 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd07f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf9880 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd07f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c060d0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c04a30 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bf9880 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bd07f0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c060d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c06fe0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c070a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c04a30 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c060d0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c06fe0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c0c5c0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c0c680 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c070a0 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c06fe0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0c5c0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c09ce0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c0d660 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c0c680 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c0c5c0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c09ce0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c0d660 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c09ce0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
> members, done(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb26f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb27b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb27b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
> (0x4000): Searching for overrides in view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))][cn=Default
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 19 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 19 timeout 6 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 19 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
> override found with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb26f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb26f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bc91d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bc9290 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bc91d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bc9290 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bc91d0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000019] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(gidNumber=320000019)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 20 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 20 timeout 6 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gidNumber] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 20 finished (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
> hash table [groups] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_process_send] (0x2000): About to process group
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd7900 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd79c0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd7900 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd79c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd7900 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd7bf0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf1780 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd7bf0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf1780 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd7bf0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0f70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf0c10 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf0cd0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf0c10 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf0cd0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf1780 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf1840 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf1840 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf1950 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0eb0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf1950 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0eb0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf1950 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf0c10 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf0cd0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf1780 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf1840 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf1840 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd7bc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7c80 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7c80 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd7bc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7c80 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7c80 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
> cache, skipping (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd63c0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd6480 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd6480 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bda620 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bda6e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bda620 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bda6e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bda620 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> Looking up 6/7 members of group
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> Members of group
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will be
> processed individually (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_recv] (0x0400): 6 users found in the hash table (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1
> groups found in the hash table (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jviger (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd7fb0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd8070 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd7fb0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd8070 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd7fb0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jfifield (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd82d0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd63c0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd82d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd63c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd82d0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object chunsicker (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf1d70 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd6e00 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf1d70 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd6e00 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf1d70 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object cperry (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd1520 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bda4d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1520 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bda4d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1520 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jodell (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bef750 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd82d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bef750 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd82d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bef750 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object lglassover (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd69e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bcda20 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd69e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bcda20 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd69e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object developers (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
> group developers (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a
> posix group (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding original DN
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
> attributes of [developers]. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20160504191023Z] to attributes of [developers]. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): The group has 7 members (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Group has 7 members (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [chunsicker] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [cperry] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [jfifield] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [jodell] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [lglassover] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [jviger] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x0400): Storing info for group developers (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bef790 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1befb90 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bef790 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1befb90 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bef790 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_store_group] (0x1000): Group developers does not exist. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bcda20 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bda7d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bcda20 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bda7d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bcda20 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfdba0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfdc60 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfdba0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfdc60 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfdba0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c064a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c06560 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c064a0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c068f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c069b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c06560 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c064a0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c068f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c069b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c068f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object developers (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
> group developers (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c053d0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf0a20 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c053d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf0a20 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c053d0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfe3e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd12d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd12d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_sids_of_members] (0x0400): No such entry (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
> or directory]. (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
> users to group [developers] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_find_entry_by_origDN] (0x4000): Searching cache for
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bda7d0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c074e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bda7d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c074e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bda7d0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_fill_memberships] (0x1000):     member #5
> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
> [name=jgoddard,cn=users,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfe3e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1befb90 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1befb90 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfe3e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c053d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c082f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c083b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c053d0 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bfe3e0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c082f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfddb0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfde70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c083b0 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c082f0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfddb0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c089f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c0c5a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bfde70 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bfddb0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c089f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c0c3e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c06d50 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c0c5a0 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c089f0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0c3e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c06d50 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c0c3e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
> members, done(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9f1f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb26f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9f1f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb26f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9f1f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
> (0x4000): Searching for overrides in view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))][cn=Default
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 21 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 21 timeout 6 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bef2c0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 21 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
> override found with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb05e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb16c0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb05e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb16c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb05e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd6aa0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1baf650 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6aa0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1baf650 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6aa0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000031] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(gidNumber=320000031)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 22 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 22 timeout 6 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gidNumber] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 22 finished (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [groups] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_process_send] (0x2000): About to process group
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd67e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd68a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd67e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd68a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd67e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb21d0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb2290 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb21d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb2290 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb21d0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd6720 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd67e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6720 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd67e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6720 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd6480 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf18b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf18b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd6480 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf18b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf18b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
> cache, skipping (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb0f70 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1030 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1030 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb2bc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd71c0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd71c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd71c0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7280 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd71c0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7280 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd71c0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb2bc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb1260 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb1260 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd0fc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0b70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb2bc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0b70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb11e0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb12a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb11e0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb12a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb11e0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd7f50 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd8010 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd7f50 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd8010 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd7f50 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd8010 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb11e0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd8010 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb11e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd8010 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): Search groups with filter:
> (&(objectclass=group)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd8210 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7f50 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd8210 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7f50 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd8210 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_split_members] (0x4000):
> [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> Looking up 7/8 members of group
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
> Members of group
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> will be processed individually (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_hash_insert] (0x4000): Inserting
> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting
> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
> Inserting [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> into hash table [users] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_nested_group_recv] (0x0400): 7 users found in the hash table (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1
> groups found in the hash table (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jviger (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd1de0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7c30 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1de0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7c30 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1de0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jfifield (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb23f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0b70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object mlibby (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfe660 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f30 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfe660 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0f30 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfe660 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object chunsicker (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd0fc0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfc150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object cperry (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfeb20 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd8450 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfeb20 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd8450 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfeb20 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jodell (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd8450 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf0af0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd8450 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf0af0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd8450 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object lglassover (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
> users with filter:
> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb23f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd0fc0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd0fc0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
> group jira-administrators (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x2000): This is a posix group (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> to attributes of [jira-administrators]. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
> [20160504191023Z] to attributes of [jira-administrators]. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400): The
> group has 8 members (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Group has 8 members (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [chunsicker] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [jfifield] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [cperry] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [jodell] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [jviger] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
> [lglassover] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
> Adding ghost member for group [mlibby] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_group] (0x0400): Storing info for group jira-administrators (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb2250 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb2310 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb2310 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_store_group] (0x1000): Group jira-administrators does not exist.
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb2250 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb2250 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfdee0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfdfa0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfdee0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfdfa0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfdee0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c07fd0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08090 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c07fd0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c08730 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c087f0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c08090 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c07fd0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08730 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c087f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08730 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jira-administrators
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
> group jira-administrators (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb2250 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08150 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfc150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_sids_of_members] (0x0400): No such entry (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
> or directory]. (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
> users to group [jira-administrators] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_find_entry_by_origDN] (0x4000): Searching cache for
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1b9f9f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9f9f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfc150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9f9f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_fill_memberships] (0x1000):     member #2
> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
> [name=jgoddard,cn=users,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c0a510 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd0fc0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0a510 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd0fc0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c0a510 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c0a0a0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfcd30 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bfc150 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0a0a0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c096d0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c09790 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bfcd30 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c0a0a0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c096d0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c0cb20 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c087a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c09790 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c096d0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0cb20 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c0bd80 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c0d9d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c087a0 "ltdb_timeout" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c0cb20 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0bd80 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c0d9d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c0bd80 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
> members, done(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bbc470 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd7a10 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bbc470 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd7a10 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bbc470 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
> (0x4000): Searching for overrides in view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))][cn=Default
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 23 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 23 timeout 6 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 23 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
> override found with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb2d60 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bc91d0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb2d60 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bc91d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb2d60 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb1f60 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bc93a0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb1f60 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bc93a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb1f60 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x1004][FAST BE_REQ_NETGROUP][1][name=office] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_netgr_next_base] (0x0400): Searching
> for netgroups with base [cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(cn=office)(objectclass=ipaNisNetgroup))][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [member] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberUser] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [externalHost] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nisDomainName]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 24
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 24
> timeout 6 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberHost] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [nisDomainName] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bb0a10], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 24 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_netgroups_process] (0x0400):
> Search for netgroups, returned 1 results. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(|(memberOf=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com))(objectclass=ipaHost))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 25
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 25
> timeout 6 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=goddard-l.internal.emerlyn.com
> <http://goddard-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=crashplan-master.internal.emerlyn.com
> <http://crashplan-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=staging-app-2.internal.emerlyn.com
> <http://staging-app-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=nagios-2.internal.emerlyn.com
> <http://nagios-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=metrics-1.internal.emerlyn.com
> <http://metrics-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=rundeck-master.internal.emerlyn.com
> <http://rundeck-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=pairing-vm2.internal.emerlyn.com
> <http://pairing-vm2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=mike-d.internal.emerlyn.com
> <http://mike-d.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN: [fqdn=jenkins.internal.emerlyn.com
> <http://jenkins.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=sonar-01.internal.emerlyn.com
> <http://sonar-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=emerlyn-loaner.internal.emerlyn.com
> <http://emerlyn-loaner.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=graylog-01.internal.emerlyn.com
> <http://graylog-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=utility-01.internal.emerlyn.com
> <http://utility-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=lglassover-l.internal.emerlyn.com
> <http://lglassover-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=docker-dev-02.internal.emerlyn.com
> <http://docker-dev-02.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=docker-dev-03.internal.emerlyn.com
> <http://docker-dev-03.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 25 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_netgr_members_process] (0x2000):
> Found 18 members in current search base (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_netgr_process_all] (0x2000): Extracting netgroup members of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
> Extracted 0 netgroup members (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_netgr_process_all] (0x4000): Extracting user members of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
> Extracted 0 user members (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_netgr_process_all] (0x4000): Extracting host members of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
> Extracted 18 host members (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_netgr_process_all] (0x2000): Putting together triples of netgroup 0
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x2000): Storing
> netgroup office (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): Adding
> original DN [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] to
> attributes of [office]. (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_save_netgroup] (0x1000): No original members for netgroup [office]
> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No members
> for netgroup [office] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_save_netgroup] (0x0400): Storing info for netgroup office (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c135f0 (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c136b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c135f0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c136b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c135f0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c1d5b0 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1d670 (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c1d5b0 "ltdb_callback" (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1d670 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c1d5b0 "ltdb_callback" (Thu Aug 11 15:05:26
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_done] (0x4000): releasing operation connection (Thu Aug 11
> 15:05:26 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request
> processed. Returned 0,0,Success (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[(nil)], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bbfca0 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
> request for [0x3][BE_REQ_INITGROUPS][1][name=jgoddard] (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_req_set_domain] (0x0400): Changing request domain from
> [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb26f0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb27b0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb27b0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bb05e0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb05e0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bc8730 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bc87f0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bb0b70 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bb05e0 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bc8730 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bda750 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bc87f0 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bc8730 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bda4d0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bc8670 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bda750 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bda4d0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bc8670 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bda4d0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_send] (0x4000):
> Retrieving info for initgroups call (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_initgr_next_base] (0x0400): Searching for users with base
> [cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(uid=jgoddard)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userPassword] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [homeDirectory] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [krbPrincipalName] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [shadowMin] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [shadowWarning] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [shadowExpire] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [krbLastPwdChange] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [krbPasswordExpiration] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [authorizedService] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userAccountControl] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [host] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [loginExpirationTime] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [loginAllowedTimeMap] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUserAuthType] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [userCertificate;binary] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 26
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 26
> timeout 6 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [uid] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [uidNumber] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [gecos] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory] (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [loginShell] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [cn] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [entryUSN] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [krbPasswordExpiration] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [nsAccountLock] (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipaSshPubKey] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bb15d0], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_destructor] (0x2000): Operation 26 finished (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_initgr_user] (0x4000): Receiving info for the user (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): Storing
> the user (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object jgoddard (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x0400): Processing user jgoddard (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x2000): Adding originalDN
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
> attributes of [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x0400): Adding original memberOf attributes to
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding original mod-Timestamp [20160811190153Z] to attributes of
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding user
> principal [jgoddard at INTERNAL.EMERLYN.COM <jgoddard at INTERNAL.EMERLYN.COM>]
> to attributes of [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> shadowMin is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> shadowWarning is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> shadowExpire is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard]. (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding krbPasswordExpiration [20170718194453Z] to attributes of [jgoddard].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> pwdAttribute is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> adAccountExpires is not available for [jgoddard]. (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available
> for [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding nsAccountLock [FALSE] to attributes of [jgoddard]. (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> authorizedHost is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> ndsLoginExpirationTime is not available for [jgoddard]. (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> ndsLoginAllowedTimeMap is not available for [jgoddard]. (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> Adding sshPublicKey
> [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
> to attributes of [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_add_ldap_attr] (0x2000): authType is not available for
> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
> userCertificate is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_save_user] (0x0400): Storing info for user jgoddard (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf2960 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf2a20 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2960 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf2a20 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2960 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c002a0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c00360 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c002a0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c00360 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c002a0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [userPassword] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c091e0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c091e0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c091e0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowLastChange] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c02b70 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c02b70 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMin] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf25f0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf25f0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMax] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd2b0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd2b0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowWarning] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c060e0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c02320 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c060e0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c02320 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c060e0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowInactive] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c01a10 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c05b90 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c05b90 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowExpire] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c01a10 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowFlag] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c01a10 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c01a10 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [pwdAttribute] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedService] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c01a10 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c01a10 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [adAccountExpires] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [adUserAccountControl]
> from [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c09740 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c09740 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedHost] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf29a0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginDisabled] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf29a0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginExpirationTime]
> from [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf29a0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf29a0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginAllowedTimeMap]
> from [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd2b0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd2b0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [authType] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_remove_attrs] (0x2000): Removing attribute [userCertificate] from
> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf29a0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_initgr_user] (0x4000): Commit change (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf1a80 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf1b40 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf1a80 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf1b40 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf1a80 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_initgr_user] (0x4000): Process user's groups (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object jgoddard (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
> Dereferencing entry
> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] using
> OpenLDAP deref (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send] (0x0400):
> WARNING: Disabling paging because scope is set to base. (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with [no
> filter][uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [cn] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 27 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 27 timeout 6 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bfed00], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x1000): Dereferenced DN:
> cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: top (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: groupofnames
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: posixgroup (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipausergroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: nestedGroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaNTGroupAttrs (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Found map for objectclass 'posixgroup' (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: objectClass (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: admins (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: gidNumber (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 320000000 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> 19821026-9d9b-11e4-8386-0050568354a7 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute:
> ipaNTSecurityIdentifier (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> S-1-5-21-711561063-4190233445-1602496204-512 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 20160408185328Z (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 3382936 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x1000): Dereferenced DN:
> cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: top (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: groupofnames
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: nestedgroup (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipausergroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup' (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: objectClass (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: ipausers (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=mmasters,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=ntaylor,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=nagiosadmin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=rclay-storm,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=nagios,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=bandreoli,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=emerlyn,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=db-restore,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> 198528d8-9d9b-11e4-a057-0050568354a7 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 20160510140017Z (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 3855196 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x1000): Dereferenced DN:
> cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipausergroup (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: posixgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: groupofnames (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: nestedgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipantgroupattrs (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup' (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: objectClass (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: developers (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: gidNumber (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 320000019 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> f047af7a-09fd-11e5-8827-0050568354a7 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute:
> ipaNTSecurityIdentifier (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> S-1-5-21-711561063-4190233445-1602496204-1019 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 20160504191023Z (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 3757093 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x1000): Dereferenced DN:
> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipasudorule (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipaassociation
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): Dereferenced
> DN:
> cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipausergroup (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: posixgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: groupofnames (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: nestedgroup
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipantgroupattrs (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup' (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: objectClass (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: jira-administrators (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: gidNumber (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 320000031 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> 48d1856c-3f73-11e5-94f7-0050568354a7 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute:
> ipaNTSecurityIdentifier (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> S-1-5-21-711561063-4190233445-1602496204-1031 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 20160504191023Z (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: 3757081 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
> control parsed (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 27 finished (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bf2480 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf2540 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2480 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf2540 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2480 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfcf30 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bffc10 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bffc10 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_add_incomplete_groups] (0x1000): Group #1 [ipausers][ipausers] is not
> cached, need to add a fake entry (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfcf30 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf29e0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf29e0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfcd70 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf8870 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfcd70 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf8870 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bfcd70 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object ipausers (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
> [0][Success] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] (0x1000): The
> group ipausers gid was missing (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_add_incomplete_groups] (0x0400): Marking group ipausers as non-posix
> and setting GID=0! (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] (0x2000):
> Adding fake group ipausers to sysdb (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf7860 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd8ba0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf7860 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd8ba0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf7860 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf8870 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf24c0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf8870 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf24c0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf8870 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000):
> searching sysdb with filter
> [(&(objectClass=group)(member=name=admins,cn=groups,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf2920 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd9100 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd9100 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x1000): admins is a member of 0 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): Looking up direct parents for group
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): The group
> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
> direct parents (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
> (0x1000): The group admins is a direct member of 0 LDAP groups (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object ipausers (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x2000): searching sysdb with filter
> [(&(objectClass=group)(member=name=ipausers,cn=groups,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf24c0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd9100 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd9100 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x1000): ipausers is a member of 0 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): Looking up direct parents for group
> [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): The group
> [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
> direct parents (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
> (0x1000): The group ipausers is a direct member of 0 LDAP groups (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object developers (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x2000): searching sysdb with filter
> [(&(objectClass=group)(member=name=developers,cn=groups,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf24c0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf2920 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf2920 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x1000): developers is a member of 0 sysdb
> groups (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): Looking up direct parents for group
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): The group
> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
> direct parents (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
> (0x1000): The group developers is a direct member of 0 LDAP groups (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
> Processing object jira-administrators (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x2000): searching sysdb with filter
> [(&(objectClass=group)(member=name=jira-administrators,cn=groups,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf2920 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x1000): jira-administrators is a member of 0
> sysdb groups (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): Looking up direct parents for group
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
> (0x4000): The group
> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> has 0 direct parents (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_initgr_nested_get_membership_diff] (0x1000): The group
> jira-administrators is a direct member of 0 LDAP groups (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships]
> (0x1000): The user jgoddard is a direct member of 4 LDAP groups (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000):
> searching sysdb with filter
> [(&(objectClass=group)(member=name=jgoddard,cn=users,cn=internal.emerlyn.com
> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf2920 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3b80 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3b80 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sysdb_get_direct_parents] (0x1000): jgoddard is a member of 3 sysdb groups
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships]
> (0x2000): Updating memberships for jgoddard (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bfcf30 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf2a60 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c0b340 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf24c0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bf2a60 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1bfcf30 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c0b340 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c15610 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c156d0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1bf24c0 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c0b340 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c15610 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c16c30 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c16010 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c156d0 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c15610 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c16c30 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd9560 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c0c530 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Destroying timer event 0x1c16010 "ltdb_timeout" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
> 0x1c16c30 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd9560 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c0c530 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd9560 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_initgr_done] (0x4000): Initgroups done (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd3b80 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bfcf30 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bfcf30 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to
> do. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf2cd0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1380 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2cd0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1380 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2cd0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1baf710 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb26f0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1baf710 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb26f0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1baf710 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1baf710 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bb0eb0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1baf710 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bb0eb0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1baf710 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
> (0x4000): Searching for overrides in view [Default Trust View] with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 28 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 28 timeout 6 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 28 finished (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
> override found with filter
> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd3b80 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9f130 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9f130 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_add_timeout] (0x2000): 0x1bb15e0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[(nil)], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000): 0x1bb15e0
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1bc49b0 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request
> processed. Returned 0,0,Success (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_pam_handler] (0x0100): Got request with the following data (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command:
> SSS_PAM_AUTHENTICATE (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): domain: internal.emerlyn.com
> <http://internal.emerlyn.com> (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): user: jgoddard (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): service: sudo (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): tty: /dev/pts/0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): ruser: jgoddard (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): rhost: (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): authtok type: 1 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): newauthtok type: 0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): priv: 0 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): cli_pid: 5477 (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): logon name: not set (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [jgoddard] is empty,
> running request [0x1bb1ab0] immediately. (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [krb5_setup]
> (0x4000): No mapping for: jgoddard (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bc93a0 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bc9460 (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bc93a0 "ltdb_callback" (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bc9460 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bc93a0 "ltdb_callback" (Thu Aug 11 15:05:29
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user
> [jgoddard] found. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
> to resolve service 'IPA' (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [get_server_status] (0x1000): Status of server
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'working' (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
> port 389 for server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'working' (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
> (0x2000): Resolve timeout set to 6 seconds (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Aug
> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
> server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' is 'working' (Thu Aug 11
> 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
> Saving the first resolved server (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_resolve_server_process] (0x0200): Found address for server
> id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200 (Thu
> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
> Constructed uri 'ldap://id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [unique_filename_destructor] (0x2000): Unlinking
> [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
> (0x2000): File already removed:
> [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [5481]
> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): Signal
> handler set up for pid [5481] (Thu Aug 11 15:05:29 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [write_pipe_handler] (0x0400): All data has been sent! (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [read_pipe_handler] (0x0400): EOF received, client finished (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000):
> child response [0][3][40]. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [parse_krb5_child_response] (0x1000): child response [0][-1073741822][30].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000):
> child response [0][-1073741823][32]. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [parse_krb5_child_response] (0x1000): TGT times are
> [1470942330][1470942330][1471028729][0]. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [parse_krb5_child_response] (0x1000): child response [0][6][8]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): Setting
> status: PORT_WORKING. Called from: ../src/providers/krb5/krb5_auth.c:
> krb5_auth_done: 1039 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server
> 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
> Marking server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
> port 389 of duplicate server 'id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [krb5_mod_ccname] (0x4000): Save ccname
> [KEYRING:persistent:320000001] for user [jgoddard]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1b9f970 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9fa30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9fa30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bca1a0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bca260 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bca1a0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bca260 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bca1a0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [check_wait_queue] (0x1000): Wait queue for user [jgoddard] is empty. (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [krb5_auth_queue_done] (0x1000):
> krb5_auth_queue request [0x1bb1ab0] done. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100):
> Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): Sent
> result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting for
> child [5481]. (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child [5481]
> finished successfully. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_message_handler] (0x2000): Received SBUS method
> org.freedesktop.sssd.dataprovider.pamHandler on path
> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_pam_handler] (0x0100): Got request with the following data (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command:
> SSS_PAM_ACCT_MGMT (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): domain:
> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): user: jgoddard (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): service: sudo (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): tty: /dev/pts/0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): ruser: jgoddard (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): rhost: (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): authtok type: 0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): newauthtok type: 0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): priv: 0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): cli_pid: 5477 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [pam_print_data] (0x0100): logon name: not set (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_access_send] (0x0400): Performing access check for user [jgoddard]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bb16d0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1b9f220 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bb16d0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1b9f220 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bb16d0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user
> [jgoddard] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_account_expired_rhds] (0x4000):
> Account for user [jgoddard] is not locked. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [hbac_retry]
> (0x4000): Connection status is [online]. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [fqdn] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 29
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 29
> timeout 60 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectClass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [fqdn] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [memberOf] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 29 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
> server supports deref method OpenLDAP (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
> Dereferencing entry [fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com]
> using OpenLDAP deref (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because
> scope is set to base. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
> filter][fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectClass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 30 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 30 timeout 60 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x1000): Dereferenced DN:
> cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaobject (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipahostgroup
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: nestedGroup (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: groupOfNames
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: top (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: mepOriginEntry
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found map for
> objectclass 'ipahostgroup' (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: objectClass (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: cn (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: office (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x2000): Dereferenced attribute: memberOf (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value: cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> attribute value:
> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
> attribute: ipaUniqueID (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
> e91566cc-bb9f-11e4-b8b6-0050568354a7 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x1000): Dereferenced DN:
> cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipanisnetgroup
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaobject (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value:
> mepManagedEntry (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipaAssociation (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): Dereferenced
> DN:
> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
> objectClass value: ipasudorule (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipaassociation
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): All
> deref results from a single control parsed (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 30 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_hostgroup_info_done] (0x0200):
> Dereferenced host group: office (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_service_info_next] (0x0400): Sending request for next search
> base:
> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACService)]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(objectClass=ipaHBACService)][cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 31
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 31
> timeout 60 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sshd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=ftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=su,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=login,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=su-l,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sudo,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=sudo-i,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=gdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=gdm-password,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=kdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=proftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=vsftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=gssftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=crond,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x2000): Total count [0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 31 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_hbac_servicegroup_info_next]
> (0x0400): Sending request for next search base:
> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACServiceGroup)]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 32
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 32
> timeout 60 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 32 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ipa_hbac_rule_info_next] (0x0400):
> Sending request for next search base:
> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
> calling ldap_search_ext with
> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))][cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaenabledflag]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [accessRuleType] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [userCategory] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [serviceCategory] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [sourceHostCategory] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
> Requesting attrs: [memberHost] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
> ldap_search_ext called, msgid = 33 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_op_add] (0x2000): New operation 33 timeout 60 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
> ops[0x1bd1dd0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_entry] (0x1000): OriginalDN:
> [ipaUniqueID=19e5fa5a-9d9b-11e4-9cb5-0050568354a7,cn=hbac,dc=internal,dc=emerlyn,dc=com].
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [ipaenabledflag] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [accessRuleType] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [userCategory] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
> sub-attributes for [serviceCategory] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
> Total count [0] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
> 33 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 0) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 1) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd42a0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd4360 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd42a0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd4360 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd42a0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name:
> [docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>]. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4f50 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf5010 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4f50 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf5010 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4f50 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08000 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c080c0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08000 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c080c0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08000 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [office]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd40b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd4170 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd40b0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd4170 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd40b0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c06c10 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c06cd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c06c10 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c06cd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c06c10 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf2950 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf2950 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf2950 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [sshd]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf2910 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf2910 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf5110 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf5110 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf5110 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c16c90 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c14fc0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c16c90 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c14fc0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c16c90 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [su]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c15130 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c151f0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c15130 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c151f0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c15130 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [login]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c17470 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c17470 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c17470 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c17470 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c17470 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [su-l]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf4fd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf4fd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c17470 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c17470 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [sudo]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c17470 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c17470 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c17470 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [sudo-i]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c199f0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c199f0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [gdm]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [gdm-password]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1e850 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1e850 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c06aa0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c06aa0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [kdm]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [proftpd]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c1f350 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c199f0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c1f350 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c199f0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c1f350 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [vsftpd]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c1b3a0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c1b3a0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c1b3a0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [gssftp]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [pure-ftpd]. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
> (nesting: 2) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf2910 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf2910 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c1fc80 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c20950 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c1fc80 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c20950 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c1fc80 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [crond]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c20950 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1fc80 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c20950 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1fc80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c20950 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [Sudo]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c15070 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c15070 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c15070 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bf4570 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bf4630 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bf4570 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bf4630 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bf4570 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c13750 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c13750 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c26210 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08580 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c26210 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08580 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c26210 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c25c20 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c25c20 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c25c20 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_save_list] (0x4000): Object name:
> [19e5fa5a-9d9b-11e4-9cb5-0050568354a7]. (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c15070 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c15070 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1c13c00 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1c08580 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1c13c00 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1c08580 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1c13c00 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd3d80 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3e40 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd3d80 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3e40 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd3d80 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_attrs_to_rule] (0x1000): Processing rule [allow_all] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_user_attrs_to_rule] (0x1000):
> Processing users for rule [allow_all] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_get_category] (0x0200): Category is set to 'all'. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_service_attrs_to_rule] (0x1000):
> Processing PAM services for rule [allow_all] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_get_category] (0x0200): Category is set to 'all'. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_thost_attrs_to_rule] (0x1000):
> Processing target hosts for rule [allow_all] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_get_category] (0x0200): Category is set to 'all'. (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule] (0x0400):
> Processing source hosts for rule [allow_all] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x1bd1da0 (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_eval_user_element] (0x1000): [22] groups for [jgoddard] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
> group [admins] for user [jgoddard] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
> [cn=Replication
> Administrators,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Add Replication
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Modify Replication
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Remove Replication
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Modify DNA
> Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Modify PassSync Managers
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Add Configuration
> Sub-Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Read LDBM Database
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Read PassSync Managers
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Read DNA
> Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=System: Read Replication
> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=Host
> Enrollment,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=System: Add krbPrincipalName to a
> Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=System: Enroll a
> Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=System: Manage Host
> Certificates,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=System: Manage Host Enrollment
> Password,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf [cn=System: Manage Host
> Keytab,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
> group [ipausers] for user [jgoddard] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [hbac_eval_user_element] (0x1000): Added group [developers] for user
> [jgoddard] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
> Skipping non-group memberOf
> [ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
> group [jira-administrators] for user [jgoddard] (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1da0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_callback": 0x1bd1da0 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Running timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
> (0x4000): Ending timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11 15:05:32
> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all]
> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
> operation connection (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
> [Success] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
> 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
> ldap_result found nothing! (Thu Aug 11 15:05:32 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
> [Success] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100):
> Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu
> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): Sent
> result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11
> 15:05:36 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1b6eac0 (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service (Thu Aug 11 15:05:36 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:46 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1b6eac0 (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service (Thu Aug 11 15:05:46 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
> 15:05:56 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
> 0x1b6eac0 (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
> SBUS method org.freedesktop.sssd.service.ping on path
> /org/freedesktop/sssd/service (Thu Aug 11 15:05:56 2016)
> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit *
>
>
>
> On Thu, Aug 11, 2016 at 2:40 PM, Justin Stephenson <jstephen at redhat.com>
> wrote:
>
>> Hello,
>>
>> Could you increase the debug level to 9, restart sssd  + clear the cache
>> and reproduce the problem then provide the sssd_<domain>.log as well as the
>> sssd_sudo.log ?
>>
>> Also you may want to rule out HBAC issues with the below command:
>>
>>      # ipa hbactest --user 'jgoddard' --host $(hostname) --service sudo
>>
>> Kind regards,
>>
>> Justin Stephenson
>> On 08/11/2016 02:24 PM, Jeff Goddard wrote:
>>
>> Here is relevant configuration files:
>>
>> *nsswitch.conf:*
>>
>> passwd:         compat sss
>> group:          compat sss
>> shadow:         compat sss
>> gshadow:        files
>>
>> hosts:          files dns
>> networks:       files
>>
>> protocols:      db files
>> services:       db files sss
>> ethers:         db files
>> rpc:            db files
>>
>> netgroup:       nis sss
>> sudoers: sss files
>>
>> *sssd.conf:*
>>
>> [domain/internal.emerlyn.com]
>>
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = internal.emerlyn.com
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ipa_hostname = docker-dev-01.internal.emerlyn.com
>> chpass_provider = ipa
>> ipa_server = _srv_, id-management-1.internal.emerlyn.com
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> sudo_provider=ipa
>> ldap_uri=ldap://id-management-1.internal.emerlyn.com
>> ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
>> debug_level=7
>>
>> [sssd]
>> services = nss, pam, sudo, ssh
>> debug_level=7
>> domains = internal.emerlyn.com
>>
>> [nss]
>> homedir_substring = /home
>>
>> [pam]
>>
>> [sudo]
>> debug_level=7
>> [autofs]
>>
>> [ssh]
>> debug_level=7
>> [pac]
>>
>> [ifp]
>>
>>
>>
>> *Log output - /var/log/sssd/sssd_sudo.log: *(Thu Aug 11 12:21:43 2016)
>> [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>> Requesting info about [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>> Returning info for user [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)
>> (sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(
>> sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(na
>> me=defaults)))]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> * (*Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>> Requesting info about [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>> Returning info for user [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)
>> (sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(
>> sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(
>> sudoUser=%developers)(sudoUser=%jira-administrators)(
>> sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
>> Sorting rules with higher-wins logic
>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv] (0x0200): Client
>> disconnected!
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
>> Client connected!
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>> Requesting info about [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>> Returning info for user [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)
>> (sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(
>> sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(na
>> me=defaults)))]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>> Requesting info about [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>> Returning info for user [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)
>> (sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(
>> sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(
>> sudoUser=%developers)(sudoUser=%jira-administrators)(
>> sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
>> Sorting rules with higher-wins logic
>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>>
>>
>> On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden <rcritten at redhat.com>
>> wrote:
>>
>>> Jeff Goddard wrote:
>>>
>>>> I've looked though these but not found anything helpful. It appears as
>>>> though my previous statement about the 1 group being found was
>>>> misleading as the sssd.$mydomain.com.log file reports that no sudo rules
>>>> are found. Does this mean that the LDAP tree being searched is different
>>>> on ubuntu vs centos?
>>>>
>>>
>>> I find that extremely unlikely.
>>>
>>> You may want to outline more what you've already checked.
>>>
>>> For example, is sss in sudoers in /etc/nsswitch.conf?
>>>
>>> You can check the 389-ds access log to see what, if any queries are
>>> being made. I'd clean the sssd cache in advance.
>>>
>>> rob
>>>
>>>
>>>> Jeff
>>>>
>>>> On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden <rcritten at redhat.com
>>>> <mailto:rcritten at redhat.com>> wrote:
>>>>
>>>>     Jeff Goddard wrote:
>>>>
>>>>         Sean,
>>>>
>>>>         Thanks for the reply. I don't think that's my problem but I'm
>>>>         posting a
>>>>         redacted copy of the sssd.conf file for review below.
>>>>
>>>>
>>>>     I'd start here:
>>>>     https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>>>     <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>>>>
>>>>     rob
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Jeff Goddard
>> Director of Information Technology
>> Emerlyn Technology
>>
>> Email: jgoddard at emerlyn.com
>> Telephone: (603) 447-8571 <%28603%29%20447-8571>
>> Toll free: (888) 363-7596 ext. 108 <%28888%29%20363-7596%20ext.%20108>
>> Fax: (603) 356-3346 <%28603%29%20356-3346>
>>
>>
>>
>>
>>
>
>
> Thanks,
>
> Jeff
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/b63dbc9d/attachment.htm>

From jstephen at redhat.com  Thu Aug 11 20:51:05 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Thu, 11 Aug 2016 16:51:05 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
Message-ID: <45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>

The file can be created manually with just the debug lines included, 
should not need anything else.

Kind regards,

Justin Stephenson

On 08/11/2016 04:26 PM, Jeff Goddard wrote:
> Justin,
>
> Thanks for confirming I'm not crazy. The error I get is:
>
> jgoddard at docker-dev-01:~$ sudo -l
> [sudo] password for jgoddard:
> Sorry, user jgoddard may not run sudo on 
> docker-dev-01.internal.emerlyn.com 
> <http://docker-dev-01.internal.emerlyn.com>.
>
> I read the wiki but there is no file /etc/sudo.conf on this system. 
> Can someone provide me with a pointer to the correct layout and syntax 
> of what the file contents shoudl be?
>
> root at docker-dev-01:/home/jgoddard# find /etc -name sudo*
> /etc/sudoers
> /etc/pam.d/sudo
> /etc/sudoers.d
>
> Thanks,
>
> Jeff
>
> On Thu, Aug 11, 2016 at 4:14 PM, Justin Stephenson 
> <jstephen at redhat.com <mailto:jstephen at redhat.com>> wrote:
>
>     I checked the logs but I don't see any problem the sssd processing
>     of the sudo attempt, I will defer to others on the mailing list
>     however in case I missed something.
>
>     What is the exact error when sudo fails? I suppose the PAM stack
>     could be misconfigured or strace may be useful to look at, you can
>     also enable debugging for sudo itself in /etc/sudo.conf as the
>     SSSD troubleshooting wiki mentions.
>
>     ===================================
>
>         I see in the logs that the client does a LDAP search finds the
>         sudorule called 'All' which gets stored in the cache file
>
>             (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>         <http://internal.emerlyn.com>]]] [sysdb_sudo_store_rule]
>         (0x0400): Adding sudo rule All
>
>         sssd finds the rule in the cache successfully for this user as
>         part of the 'developers' group
>
>             (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>         [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules
>         for [jgoddard at internal.emerlyn.com
>         <mailto:jgoddard at internal.emerlyn.com>]
>
>         successful response here from the backend for the PAM auth and
>         acct section of the sudo call
>
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler]
>             (0x0100): Got request with the following data
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): command: SSS_PAM_AUTHENTICATE
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): domain: internal.emerlyn.com
>             <http://internal.emerlyn.com>
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): user: jgoddard
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): service: sudo
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): tty: /dev/pts/0
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): ruser: jgoddard
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): rhost:
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): authtok type: 1
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): newauthtok type: 0
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): priv: 0
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): cli_pid: 5477
>             (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): logon name: not set
>             <snip>
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Backend returned: (0, 0, <NULL>) [Success]
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Sending result [0][internal.emerlyn.com
>             <http://internal.emerlyn.com>]
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Sent result [0][internal.emerlyn.com
>             <http://internal.emerlyn.com>]
>
>
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): command: SSS_PAM_ACCT_MGMT
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): domain: internal.emerlyn.com
>             <http://internal.emerlyn.com>
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): user: jgoddard
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): service: sudo
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): tty: /dev/pts/0
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): ruser: jgoddard
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): rhost:
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): authtok type: 0
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): newauthtok type: 0
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): priv: 0
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): cli_pid: 5477
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [pam_print_data]
>             (0x0100): logon name: not set
>             <snip>
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Backend returned: (0, 0, <NULL>) [Success]
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [sdap_process_result]
>             (0x2000): Trace: sh[0x1ba3f60], connected[1], ops[(nil)],
>             ldap[0x1b977d0]
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [sdap_process_result]
>             (0x2000): Trace: ldap_result found nothing!
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Backend returned: (0, 0, Success) [Success]
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Sending result [0][internal.emerlyn.com
>             <http://internal.emerlyn.com>]
>             (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>             <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>             (0x0100): Sent result [0][internal.emerlyn.com
>             <http://internal.emerlyn.com>]
>
>     Kind regards,
>     Justin Stephenson
>
>
>     On 08/11/2016 03:26 PM, Jeff Goddard wrote:
>>     Thanks you for the response. Here are the requested outputs. I
>>     did manually delete the cache via the command
>>     rm -rf /var/lib/sss/db/*
>>
>>     prior to issues the sudo -l command as the jgoddard user
>>     [jgoddard at id-management-1 root]$ ipa hbactest --user 'jgoddard'
>>     --host docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com> --service sudo
>>     --------------------
>>     Access granted: True
>>     --------------------
>>       Matched rules: allow_all
>>
>>     */var/log/sssd/sssd_sudo.log:
>>     *(Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b44dc0
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b47310
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b44dc0 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b47310 "ltdb_timeout"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b44dc0 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b57730
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4ade0
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b57730 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4ade0 "ltdb_timeout"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b57730 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x2000): About to get sudo rules from cache
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51c90
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4ade0
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51c90 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4ade0 "ltdb_timeout"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51c90 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51990
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b44dc0
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51990 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b44dc0 "ltdb_timeout"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51990 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51990
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b44dc0
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51990 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b44dc0 "ltdb_timeout"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51990 "ltdb_callback"
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules]
>>     (0x0400): Sorting rules with higher-wins logic
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules
>>     for [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200):
>>     Client disconnected!
>>     (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor]
>>     (0x2000): Terminated client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     root at docker-dev-01:/home/jgoddard# cat
>>     /var/log/sssd/sssd_sudo.log|grep 15:05
>>     (Thu Aug 11 15:05:02 2016) [sssd[sudo]]
>>     [sss_responder_ctx_destructor] (0x0400): Responder is being shut down
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [server_setup] (0x0400):
>>     CONFDB: /var/lib/sss/db/config.ldb
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [confdb_get_domain_internal] (0x0400): No enumeration for
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]!
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection]
>>     (0x0400): Adding connection 0x1b42660
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch]
>>     (0x2000): 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sbus_opath_hash_add_iface] (0x0400): Registering interface
>>     org.freedesktop.sssd.service with path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path]
>>     (0x0400): Registering object path /org/freedesktop/sssd/service
>>     with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sbus_opath_hash_add_iface] (0x0400): Registering interface
>>     org.freedesktop.DBus.Properties with path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sbus_opath_hash_add_iface] (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [monitor_common_send_id]
>>     (0x0100): Sending ID: (sudo,1)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout]
>>     (0x2000): 0x1b3d330
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sss_names_init_from_args] (0x0100): Using re
>>     [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_fqnames_init]
>>     (0x0100): Using fq format [%1$s@%2$s].
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection]
>>     (0x0400): Adding connection 0x1b46310
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch]
>>     (0x2000): 0x1b471b0/0x1b45e80 (14), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sbus_opath_hash_add_iface] (0x0400): Registering interface
>>     org.freedesktop.sssd.dataprovider with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path]
>>     (0x0400): Registering object path
>>     /org/freedesktop/sssd/dataprovider with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sbus_opath_hash_add_iface] (0x0400): Registering interface
>>     org.freedesktop.DBus.Properties with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sbus_opath_hash_add_iface] (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_common_send_id]
>>     (0x0100): Sending ID to DP: (1,SUDO)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout]
>>     (0x2000): 0x1b47b30
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45e80 (14), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sysdb_domain_init_internal] (0x0200): DB File for
>>     internal.emerlyn.com <http://internal.emerlyn.com>:
>>     /var/lib/sss/db/cache_internal.emerlyn.com.ldb
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4a1f0
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4a2b0
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4a1f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4a2b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4a1f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x0400): asq:
>>     Unable to register control with rootdse!
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4a230
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4a2f0
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4a230 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4a2f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4a230 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4a300
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4a3c0
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4a300 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4a3c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4a300 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_process_init]
>>     (0x0400): Responder Initialization complete
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'root' matched
>>     without domain, user is root
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str]
>>     (0x0400): Adding [NCE/USER/internal.emerlyn.com/root
>>     <http://internal.emerlyn.com/root>] to negative cache permanently
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'root' matched
>>     without domain, user is root
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str]
>>     (0x0400): Adding [NCE/GROUP/internal.emerlyn.com/root
>>     <http://internal.emerlyn.com/root>] to negative cache permanently
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sudo_process_init]
>>     (0x0400): SUDO Initialization complete
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_issue_request]
>>     (0x0400): Issuing request for
>>     [0x40df50:domains at internal.emerlyn.com
>>     <mailto:0x40df50%3Adomains at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_get_domains_msg]
>>     (0x0400): Sending get domains request for [internal.emerlyn.com
>>     <http://internal.emerlyn.com>][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout]
>>     (0x2000): 0x1b4bcb0
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45e80 (14), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]]
>>     [sss_dp_internal_get_send] (0x0400): Entering request
>>     [0x40df50:domains at internal.emerlyn.com
>>     <mailto:0x40df50%3Adomains at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b46310
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b46310
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b46310
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45e80 (14), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45e80 (14), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b471b0/0x1b45e80 (14), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch]
>>     (0x4000): 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout]
>>     (0x2000): 0x1b47b30
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b46310
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_id_callback]
>>     (0x0100): Got id ack and version (1) from DP
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout]
>>     (0x2000): 0x1b3d330
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [id_callback] (0x0100):
>>     Got id ack and version (1) from Monitor
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_remove_timeout]
>>     (0x2000): 0x1b4bcb0
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b46310
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_get_reply]
>>     (0x1000): Got reply from Data Provider - DP error code: 0 errno:
>>     0 error message: Success
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4ade0
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b47e60
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4ade0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b47e60 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4ade0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4a300
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b51d80
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4a300 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b51d80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4a300 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b49350
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b456f0
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b49350 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b456f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b49350 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_req_destructor]
>>     (0x0400): Deleting request:
>>     [0x40df50:domains at internal.emerlyn.com
>>     <mailto:0x40df50%3Adomains at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [get_client_cred]
>>     (0x4000): Client creds: euid[0] egid[0] pid[5477].
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [accept_fd_handler]
>>     (0x0400): Client connected!
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version]
>>     (0x0200): Received client version [1].
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version]
>>     (0x0200): Offered version [1].
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000):
>>     Using protocol version [1]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_cmd_parse_query_done] (0x0200): Requesting default
>>     options for [jgoddard] from [<ALL>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str]
>>     (0x2000): Checking negative cache for
>>     [NCE/USER/internal.emerlyn.com/jgoddard
>>     <http://internal.emerlyn.com/jgoddard>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0200): Requesting info about [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4bb60
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4bc20
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4bb60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4bc20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4bb60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0400): Returning info for user [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x0400): Retrieving default options for [jgoddard] from
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4bb60
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4bc20
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4bb60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4bc20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4bb60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b456f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4f420
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b456f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4f420 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b456f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b59070
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b47f20
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b59070 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b47f20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b59070 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x2000): About to get sudo rules from cache
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with [(&(objectClass=sudoRule)(|(name=defaults)))]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b456f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b47310
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b456f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b47310 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b456f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules
>>     for [<default options>@internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000):
>>     Using protocol version [1]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sss_parse_name_for_domains] (0x0200): name 'jgoddard' matched
>>     without domain, user is jgoddard
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for
>>     [jgoddard] from [<ALL>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str]
>>     (0x2000): Checking negative cache for
>>     [NCE/USER/internal.emerlyn.com/jgoddard
>>     <http://internal.emerlyn.com/jgoddard>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0200): Requesting info about [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b4a580
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4a640
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b4a580 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4a640 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b4a580 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user]
>>     (0x0400): Returning info for user [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x0400): Retrieving rules for [jgoddard] from
>>     [internal.emerlyn.com <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51c90
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4ade0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51c90 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4ade0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51c90 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b44dc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b47310
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b44dc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b47310 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b44dc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470942326)))]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b57730
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4ade0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b57730 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4ade0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b57730 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules]
>>     (0x2000): About to get sudo rules from cache
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51c90
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b4ade0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51c90 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b4ade0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51c90 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51990
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b44dc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51990 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b44dc0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51990 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb
>>     with
>>     [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_callback": 0x1b51990
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added
>>     timed event "ltdb_timeout": 0x1b44dc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running
>>     timer event 0x1b51990 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000):
>>     Destroying timer event 0x1b44dc0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending
>>     timer event 0x1b51990 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules]
>>     (0x0400): Sorting rules with higher-wins logic
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>>     [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules
>>     for [jgoddard at internal.emerlyn.com
>>     <mailto:jgoddard at internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer]
>>     (0x4000): Idle timer re-set for client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200):
>>     Client disconnected!
>>     (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor]
>>     (0x2000): Terminated client [0x1b51d80][18]
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     dbus conn: 0x1b42660
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler]
>>     (0x2000): Received SBUS method org.freedesktop.sssd.service.ping
>>     on path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>
>>     */var/log/sssd/sssd_$domain:
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_remove_watch] (0x2000):
>>     0x93cf00/0x93b9b0
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_remove_watch] (0x2000):
>>     0x93cf00/0x920410
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [remove_krb5_info_files]
>>     (0x0200): Could not remove
>>     [/var/lib/sss/pubconf/kpasswdinfo.INTERNAL.EMERLYN.COM
>>     <http://kpasswdinfo.INTERNAL.EMERLYN.COM>], [2][No such file or
>>     directory]
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400):
>>     Terminating periodic task [SUDO Smart Refresh]
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400):
>>     Terminating periodic task [SUDO Full Refresh]
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000):
>>     Trace: sh[0x943830], connected[1], ops[(nil)], ldap[0x936580],
>>     destructor_lock[0], release_memory[0]
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [remove_connection_callback]
>>     (0x4000): Successfully removed connection callback.
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_remove_watch] (0x2000):
>>     0x922860/0x9237a0
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [remove_socket_symlink]
>>     (0x4000): The symlink points to
>>     [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>>     <http://sbus-dp_internal.emerlyn.com>.5155]
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [remove_socket_symlink]
>>     (0x4000): The path including our pid is
>>     [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>>     <http://sbus-dp_internal.emerlyn.com>.5155]
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [remove_socket_symlink]
>>     (0x4000): Removed the symlink
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400):
>>     Removed SUDO client
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400):
>>     Removed SSH client
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400):
>>     Removed PAM client
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400):
>>     Removed NSS client
>>     (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_destructor] (0x0400):
>>     Removed PAC client
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [server_setup] (0x0400): CONFDB:
>>     /var/lib/sss/db/config.ldb
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option lookup_family_order has value ipv4_first
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dns_resolver_timeout has value 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dns_resolver_op_timeout has value 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dns_discovery_domain has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_res_get_opts] (0x0100):
>>     Lookup order: ipv4_first
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [recreate_ares_channel]
>>     (0x0100): Initializing new c-ares channel
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_context_init] (0x0400):
>>     Created new fail over context, retry timeout is 30
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [confdb_get_domain_internal]
>>     (0x0400): No enumeration for [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [confdb_get_domain_internal]
>>     (0x1000): pwd_expiration_warning is -1
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_domain_init_internal]
>>     (0x0200): DB File for internal.emerlyn.com
>>     <http://internal.emerlyn.com>:
>>     /var/lib/sss/db/cache_internal.emerlyn.com.ldb
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b83020
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b830e0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b83020 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b830e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b83020 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x0400): asq: Unable to
>>     register control with rootdse!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b82220
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b822e0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b82220 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b822e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b82220 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b822e0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b6d8c0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b822e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b6d8c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b822e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400):
>>     Adding connection 0x1b6eac0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1b84310/0x1b6c3a0 (15), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3f0 (15), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.sssd.service with
>>     path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_conn_register_path]
>>     (0x0400): Registering object path /org/freedesktop/sssd/service
>>     with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.DBus.Properties
>>     with path /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [monitor_common_send_id]
>>     (0x0100): Sending ID: (%BE_internal.emerlyn.com
>>     <http://BE_internal.emerlyn.com>,1)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_timeout] (0x2000):
>>     0x1b6c560
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3f0 (15), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3a0 (15), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_names_init_from_args]
>>     (0x0100): Using re
>>     [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_fqnames_init] (0x0100):
>>     Using fq format [%1$s@%2$s].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [create_socket_symlink]
>>     (0x1000): Symlinking the dbus path
>>     /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>>     <http://sbus-dp_internal.emerlyn.com>.5466 to a link
>>     /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>>     <http://sbus-dp_internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_new_server] (0x0400):
>>     D-BUS Server listening on
>>     unix:path=/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466,guid=0bf360c8f774f978ad53dd4157accc6c
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1b85860/0x1b867a0 (16), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Loading backend [ipa] with path
>>     [/usr/lib/x86_64-linux-gnu/sssd/libsss_ipa.so].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_domain has value internal.emerlyn.com
>>     <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_server has value _srv_,
>>     id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_backup_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_hostname has value docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_hbac_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_host_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_selinux_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_subdomains_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_master_domain_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_realm has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_hbac_refresh has value 5
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_selinux_refresh has value 5
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_hbac_support_srchost is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_automount_location has value default
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_ranges_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_enable_dns_sites is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_server_mode is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ipa_views_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_new_service] (0x0400):
>>     Creating new service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_add_srv_server] (0x0400):
>>     Adding new SRV server to service 'IPA' using 'tcp'.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400):
>>     Added service lookup for service IPA
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_add_server_to_list]
>>     (0x0400): Inserted primary server
>>     'id-management-1.internal.emerlyn.com:0
>>     <http://id-management-1.internal.emerlyn.com:0>' to service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400):
>>     Added Server id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_uri has value
>>     ldap://id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_backup_uri has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_default_bind_dn has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_default_authtok_type has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_default_authtok has no binary value.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_search_timeout has value 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_network_timeout has value 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_opt_timeout has value 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_tls_reqcert has value hard
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_user_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_user_search_scope has value sub
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_user_search_filter has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_user_extra_attrs has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_group_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_group_search_scope has value sub
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_group_search_filter has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_service_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_search_base has value
>>     ou=sudoers,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_full_refresh_interval has value 21600
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_smart_refresh_interval has value 900
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_use_host_filter is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_hostnames has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_ip has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_include_netgroups is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sudo_include_regexp is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_autofs_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_autofs_map_master_name has value auto.master
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_schema has value ipa_v1
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_offline_timeout has value 60
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_force_upper_case_realm is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_enumeration_refresh_timeout has value 300
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_purge_cache_timeout has value 0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_tls_cacert has value /etc/ipa/ca.crt
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_tls_cacertdir has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_tls_cert has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_tls_key has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_tls_cipher_suite has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_id_use_start_tls is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_id_mapping is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sasl_mech has value GSSAPI
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sasl_authid has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sasl_realm has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sasl_minssf has value 56
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_krb5_keytab has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_krb5_init_creds is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_backup_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_realm has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_canonicalize is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_use_kdcinfo is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_pwd_policy has value none
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_referrals is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option account_cache_expiration has value 0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_dns_service_name has value ldap
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_krb5_ticket_lifetime has value 86400
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_access_filter has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_netgroup_search_base has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_group_nesting_level has value 2
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_deref has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_account_expire_policy has value ipa
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_access_order has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_chpass_uri has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_chpass_backup_uri has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_chpass_dns_service_name has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_chpass_update_last_change is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_enumeration_search_timeout has value 60
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_auth_disable_tls_never_use_in_production is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_page_size has value 1000
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_deref_threshold has value 10
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_sasl_canonicalize is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_connection_expire_timeout has value 900
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_disable_paging is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_range_min has value 200000
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_range_max has value 2000200000
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_range_size has value 200000
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_autorid_compat is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_default_domain has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_default_domain_sid has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_idmap_helper_table_size has value 10
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_groups_use_matching_rule_in_chain is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_initgroups_use_matching_rule_in_chain is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_use_tokengroups is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_rfc2307_fallback_to_local_users is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_disable_range_retrieval is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_min_id has value 0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_max_id has value 0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option ldap_pwdlockout_dn has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option wildcard_limit has value 1000
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option ldap_search_base set to
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [DEFAULT][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option krb5_realm set to INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_set_sasl_options]
>>     (0x0100): Will look for
>>     docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>     in default keytab
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [select_principal_from_keytab]
>>     (0x0200): trying to select the most appropriate principal from keytab
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [find_principal_in_keytab]
>>     (0x4000): Trying to find principal
>>     docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>     in keytab.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [find_principal_in_keytab]
>>     (0x0400): No principal matching
>>     docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>     found in keytab.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [find_principal_in_keytab]
>>     (0x4000): Trying to find principal
>>     DOCKER-DEV-01$@INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>
>>     in keytab.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [find_principal_in_keytab]
>>     (0x0400): No principal matching
>>     DOCKER-DEV-01$@INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM>
>>     found in keytab.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [find_principal_in_keytab]
>>     (0x4000): Trying to find principal
>>     host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>     in keytab.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [match_principal] (0x1000):
>>     Principal matched to the sample
>>     (host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>).
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [select_principal_from_keytab]
>>     (0x0200): Selected primary:
>>     host/docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [select_principal_from_keytab]
>>     (0x0200): Selected realm: INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_set_sasl_options]
>>     (0x0100): Option ldap_sasl_authid set to
>>     host/docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_set_sasl_options]
>>     (0x0100): Option ldap_sasl_realm set to INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option ldap_user_search_base set to
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [USER][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option ldap_group_search_base set to
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [GROUP][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option ldap_netgroup_search_base set to
>>     cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [NETGROUP][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100):
>>     Option ipa_host_search_base set to
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_HOST][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option ipa_hbac_search_base set to
>>     cn=hbac,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_HBAC][cn=hbac,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100):
>>     Option ipa_selinux_search_base set to
>>     cn=selinux,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_SELINUX][cn=selinux,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400):
>>     Option ldap_group_search_base set to
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [SERVICE][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100):
>>     Option ipa_subdomains_search_base set to
>>     cn=trusts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_SUBDOMAINS][cn=trusts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100):
>>     Option ipa_master_domain_search_base set to
>>     cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100):
>>     Option ipa_ranges_search_base set to
>>     cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_RANGES][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100):
>>     Option ipa_views_search_base set to
>>     cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [IPA_VIEWS][cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_entry_usn has value entryUSN
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_rootdse_last_usn has value lastUSN
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_object_class has value posixAccount
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_name has value uid
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_pwd has value userPassword
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_uid_number has value uidNumber
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_gid_number has value gidNumber
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_gecos has value gecos
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_home_directory has value homeDirectory
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shell has value loginShell
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_principal has value krbPrincipalName
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_fullname has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_member_of has value memberOf
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_uuid has value ipaUniqueID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_objectsid has value ipaNTSecurityIdentifier
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_primary_group has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_modify_timestamp has value modifyTimestamp
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_entry_usn has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_last_change has value shadowLastChange
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_min has value shadowMin
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_max has value shadowMax
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_warning has value shadowWarning
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_inactive has value shadowInactive
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_expire has value shadowExpire
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shadow_flag has value shadowFlag
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_krb_last_pwd_change has value krbLastPwdChange
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_krb_password_expiration has value krbPasswordExpiration
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_pwd_attribute has value pwdAttribute
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_authorized_service has value authorizedService
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_ad_account_expires has value accountExpires
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_ad_user_account_control has value userAccountControl
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_ns_account_lock has value nsAccountLock
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_authorized_host has value host
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_nds_login_disabled has value loginDisabled
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_nds_login_expiration_time has value loginExpirationTime
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_nds_login_allowed_time_map has value loginAllowedTimeMap
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_ssh_public_key has value ipaSshPubKey
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_auth_type has value ipaUserAuthType
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_certificate has value userCertificate;binary
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_object_class has value ipaUserGroup
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_object_class_alt has value posixGroup
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_pwd has value userPassword
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_gid_number has value gidNumber
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_member has value member
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_uuid has value ipaUniqueID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_objectsid has value ipaNTSecurityIdentifier
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_modify_timestamp has value modifyTimestamp
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_entry_usn has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_type has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_external_member has value ipaExternalMember
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_object_class has value ipaNisNetgroup
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_member has value member
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_member_of has value memberOf
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_member_user has value memberUser
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_member_host has value memberHost
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_member_ext_host has value externalHost
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_domain has value nisDomainName
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_netgroup_uuid has value ipaUniqueID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_object_class has value ipaHost
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_fqdn has value fqdn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_serverhostname has value serverHostname
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_member_of has value memberOf
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_ssh_public_key has value ipaSshPubKey
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_host_uuid has value ipaUniqueID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_hostgroup_objectclass has value ipaHostgroup
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_hostgroup_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_hostgroup_memberof has value memberOf
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_hostgroup_uuid has value ipaUniqueID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_service_object_class has value ipService
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_service_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_service_port has value ipServicePort
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_service_proto has value ipServiceProtocol
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_service_entry_usn has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_object_class has value ipaselinuxusermap
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_member_user has value memberUser
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_member_host has value memberHost
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_see_also has value seeAlso
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_selinux_user has value ipaSELinuxUser
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_enabled has value ipaEnabledFlag
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_user_category has value userCategory
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_host_category has value hostCategory
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_selinux_usermap_uuid has value ipaUniqueID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_view_class has value nsContainer
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_view_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_overide_object_class has value ipaOverrideAnchor
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_anchor_uuid has value ipaAnchorUUID
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_user_override_object_class has value ipaUserOverride
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ipa_group_override_object_class has value ipaGroupOverride
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_name has value uid
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_uid_number has value uidNumber
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_gid_number has value gidNumber
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_gecos has value gecos
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_home_directory has value homeDirectory
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_shell has value loginShell
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_group_gid_number has value gidNumber
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_user_ssh_public_key has value ipaSshPubKey
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_update is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_refresh_interval has value 0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_iface has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_ttl has value 1200
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_update_ptr is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_force_tcp is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_auth has value gss-tsig
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option dyndns_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b93620
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b97080
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b93620 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b97080 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b93620 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_setup_tasks] (0x0400):
>>     Setting up cleanup task for internal.emerlyn.com
>>     <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b8fce0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b96770
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b8fce0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b96770 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b8fce0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sssm_ipa_id_init] (0x0020):
>>     Cannot find view name in the cache. Will do online lookup later.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin]
>>     (0x0400): Trying to set SRV lookup plugin to DNS
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin]
>>     (0x0400): SRV lookup plugin is now DNS
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): ID
>>     backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_domain has value internal.emerlyn.com
>>     <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_server has value _srv_,
>>     id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_backup_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hostname has value docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hbac_search_base has value
>>     cn=hbac,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_host_search_base has value
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_selinux_search_base has value
>>     cn=selinux,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_subdomains_search_base has value
>>     cn=trusts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_master_domain_search_base has value
>>     cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option krb5_realm has value INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hbac_refresh has value 5
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_selinux_refresh has value 5
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hbac_support_srchost is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_automount_location has value default
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_ranges_search_base has value
>>     cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_enable_dns_sites is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_server_mode is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_views_search_base has value
>>     cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_backup_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_realm has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_ccachedir has value /tmp
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_ccname_template has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_auth_timeout has value 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_keytab has value /etc/krb5.keytab
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_validate is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_kpasswd has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_backup_kpasswd has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_store_password_if_offline is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_renewable_lifetime has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_lifetime has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_renew_interval has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_use_fast has value try
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_fast_principal has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_canonicalize is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_use_enterprise_principal is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_use_kdcinfo is TRUE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400):
>>     Option krb5_map_user has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [krb5_try_kdcip] (0x0100): No
>>     KDC found in configuration, trying legacy option
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0400):
>>     Option krb5_realm set to INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100):
>>     Option krb5_fast_principal set to
>>     host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100):
>>     Option krb5_use_kdcinfo set to true
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_and_export_lifetime]
>>     (0x0200): No lifetime configured.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_and_export_lifetime]
>>     (0x0200): No lifetime configured.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_and_export_options]
>>     (0x0100): No KDC explicitly configured, using defaults.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_and_export_options]
>>     (0x0100): No kpasswd server explicitly configured, using the KDC
>>     or defaults.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [parse_krb5_map_user] (0x0200):
>>     Warning: krb5_map_user is empty!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): AUTH
>>     backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_domain has value internal.emerlyn.com
>>     <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_server has value _srv_,
>>     id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_backup_server has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hostname has value docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hbac_search_base has value
>>     cn=hbac,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_host_search_base has value
>>     cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_selinux_search_base has value
>>     cn=selinux,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_subdomains_search_base has value
>>     cn=trusts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_master_domain_search_base has value
>>     cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option krb5_realm has value INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hbac_refresh has value 5
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_selinux_refresh has value 5
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_hbac_support_srchost is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_automount_location has value default
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_ranges_search_base has value
>>     cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_enable_dns_sites is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_server_mode is FALSE
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option ipa_views_search_base has value
>>     cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400):
>>     Option krb5_confd_path has value /var/lib/sss/pubconf/krb5.include.d
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x2000):
>>     ACCESS backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x2000):
>>     CHPASS backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sssm_ipa_sudo_init] (0x2000):
>>     Initializing IPA sudo handler
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x2000):
>>     Initializing IPA sudo back end
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x0400): Using
>>     LDAP schema for sudo
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_init] (0x2000):
>>     Initializing sudo LDAP back end
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [SUDO][ou=sudoers,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_object_class has value sudoRole
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_name has value cn
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_command has value sudoCommand
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_host has value sudoHost
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_user has value sudoUser
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_option has value sudoOption
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_runas has value sudoRunAs
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_runasuser has value sudoRunAsUser
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_runasgroup has value sudoRunAsGroup
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_notbefore has value sudoNotBefore
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_notafter has value sudoNotAfter
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_order has value sudoOrder
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_sudorule_entry_usn has no value
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1ba05e0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9c740
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1ba05e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9c740 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1ba05e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400):
>>     Periodic task [SUDO Full Refresh] was created
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400):
>>     Task [SUDO Full Refresh]: scheduling task 0 seconds from now
>>     [1470942316]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400):
>>     Periodic task [SUDO Smart Refresh] was created
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400):
>>     Task [SUDO Smart Refresh]: scheduling task 900 seconds from now
>>     [1470943216]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x2000): SUDO
>>     backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200):
>>     no module name found in confdb, using [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sssm_ipa_autofs_init] (0x2000):
>>     Initializing IPA autofs handler
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_autofs_init] (0x2000):
>>     Initializing autofs LDAP back end
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_autofs_options]
>>     (0x1000): Option ldap_autofs_search_base set to
>>     cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [common_parse_search_base]
>>     (0x0100): Search base added:
>>     [AUTOFS][cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_autofs_map_object_class has value automountMap
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_autofs_map_name has value automountMapName
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_autofs_entry_object_class has value automount
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_autofs_entry_key has value automountKey
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>>     ldap_autofs_entry_value has value automountInformation
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x2000):
>>     autofs backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200):
>>     no module name found in confdb, using [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x4000):
>>     selinux backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200):
>>     no module name found in confdb, using [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): HOST
>>     backend target successfully loaded from provider [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200):
>>     no module name found in confdb, using [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000):
>>     Backend [ipa] already loaded.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_config_status] (0x4000):
>>     IPA subdomain provider is configured implicit.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_subdom_reinit] (0x2000):
>>     Re-initializing domain internal.emerlyn.com
>>     <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sss_write_krb5_localauth_snippet] (0x0200): File for localauth
>>     plugin configuration is
>>     [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9e080
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1ba02b0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9e080 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1ba02b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9e080 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1ba02b0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1ba0370
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1ba02b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1ba0370 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1ba02b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1ba15f0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9fae0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1ba15f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9fae0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1ba15f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_write_domain_mappings]
>>     (0x0200): Mapping file for domain [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] is
>>     [/var/lib/sss/pubconf/krb5.include.d/domain_realm_internal_emerlyn_com]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_process_init] (0x4000):
>>     Get-Subdomains backend target successfully loaded from provider
>>     [ipa].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [become_user] (0x0200): Trying
>>     to become user [0][0].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [become_user] (0x0200): Already
>>     user [0].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [main] (0x0400): Backend
>>     provider (internal.emerlyn.com <http://internal.emerlyn.com>)
>>     started!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_execute] (0x0400):
>>     Task [SUDO Full Refresh]: executing task, timeout 21600 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_full_refresh_send]
>>     (0x0400): Issuing a full refresh of sudo rules
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): beginning to connect
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_resolve_service_send]
>>     (0x0100): Trying to resolve service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port
>>     status of port 0 for server '(no name)' is 'neutral'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout
>>     set to 6 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The
>>     status of SRV lookup is neutral
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [resolv_discover_srv_next_domain] (0x0400): SRV resolution of
>>     service 'ldap'. Will use DNS discovery domain
>>     'internal.emerlyn.com <http://internal.emerlyn.com>'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_getsrv_send] (0x0100):
>>     Trying to resolve SRV record of '_ldap._tcp.internal.emerlyn.com
>>     <http://tcp.internal.emerlyn.com>'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [schedule_request_timeout]
>>     (0x2000): Scheduling a timeout of 6 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [schedule_timeout_watcher]
>>     (0x2000): Scheduling DNS timeout watcher
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3f0 (15), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3a0 (15), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3f0 (15), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3a0 (15), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3f0 (15), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3a0 (15), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3f0 (15), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1b84310/0x1b6c3a0 (15), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000):
>>     0x1b6c560
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [id_callback] (0x0100): Got id
>>     ack and version (1) from Monitor
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unschedule_timeout_watcher]
>>     (0x4000): Unscheduling DNS timeout watcher
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_getsrv_done] (0x1000):
>>     Using TTL [86400]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [request_watch_destructor]
>>     (0x0400): Deleting request watch
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400):
>>     Got answer. Processing...
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400):
>>     Got 3 servers
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_add_server_to_list]
>>     (0x0400): Inserted primary server
>>     'idmfs-01.internal.emerlyn.com:389
>>     <http://idmfs-01.internal.emerlyn.com:389>' to service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_add_server_to_list]
>>     (0x0400): Inserted primary server
>>     'id-management-1.internal.emerlyn.com:389
>>     <http://id-management-1.internal.emerlyn.com:389>' to service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_add_server_to_list]
>>     (0x0400): Inserted primary server
>>     'id-management-2.internal.emerlyn.com:389
>>     <http://id-management-2.internal.emerlyn.com:389>' to service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_srv_data_status] (0x0100):
>>     Marking SRV lookup of service 'IPA' as 'resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' is 'name not resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000):
>>     [idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>] does not look like an IP
>>     address
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step]
>>     (0x2000): Querying files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A
>>     record of 'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' in files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_server_common_status]
>>     (0x0100): Marking server 'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' as 'resolving name'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step]
>>     (0x2000): Querying files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [resolv_gethostbyname_files_send] (0x0100): Trying to resolve
>>     AAAA record of 'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' in files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_next]
>>     (0x0200): No more address families to retry
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step]
>>     (0x2000): Querying DNS
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query]
>>     (0x0100): Trying to resolve A record of
>>     'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' in DNS
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [schedule_request_timeout]
>>     (0x2000): Scheduling a timeout of 6 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [schedule_timeout_watcher]
>>     (0x2000): Scheduling DNS timeout watcher
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unschedule_timeout_watcher]
>>     (0x4000): Unscheduling DNS timeout watcher
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse]
>>     (0x1000): Parsing an A reply
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [request_watch_destructor]
>>     (0x0400): Deleting request watch
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_server_common_status]
>>     (0x0100): Marking server 'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' as 'name resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x1000): Saving the first resolved server
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x0200): Found address for server idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>: [10.72.100.56] TTL 1200
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
>>     Constructed uri 'ldap://idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unique_filename_destructor]
>>     (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unlink_dbg] (0x2000): File
>>     already removed: [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x4000):
>>     Using file descriptor [19] for LDAP connection.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400):
>>     Setting 6 seconds timeout for connecting
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_async_sys_connect_done]
>>     (0x0020): connect failed [113][No route to host].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_ldap_init_sys_connect_done]
>>     (0x0020): sdap_async_sys_connect request failed: [113]: No route
>>     to host.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_ldap_init_state_destructor]
>>     (0x0400): closing socket [19]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sys_connect_done]
>>     (0x0020): sdap_async_connect_call request failed: [113]: No route
>>     to host.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000):
>>     Trace: sh[0x1b9e670], connected[0], ops[(nil)], ldap[(nil)],
>>     destructor_lock[0], release_memory[0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [_be_fo_set_port_status]
>>     (0x8000): Setting status: PORT_NOT_WORKING. Called from:
>>     ../src/providers/ldap/sdap_async_connection.c:
>>     sdap_cli_connect_done: 1567
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100):
>>     Marking port 389 of server 'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' as 'not working'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400):
>>     Marking port 389 of duplicate server
>>     'idmfs-01.internal.emerlyn.com
>>     <http://idmfs-01.internal.emerlyn.com>' as 'not working'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_resolve_service_send]
>>     (0x0100): Trying to resolve service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'name not resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port
>>     status of port 389 for server
>>     'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'neutral'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout
>>     set to 6 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The
>>     status of SRV lookup is resolved
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'name not resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000):
>>     [id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>] does not look like
>>     an IP address
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step]
>>     (0x2000): Querying files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A
>>     record of 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' in files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_server_common_status]
>>     (0x0100): Marking server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'resolving name'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step]
>>     (0x2000): Querying files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [resolv_gethostbyname_files_send] (0x0100): Trying to resolve
>>     AAAA record of 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' in files
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_next]
>>     (0x0200): No more address families to retry
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step]
>>     (0x2000): Querying DNS
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query]
>>     (0x0100): Trying to resolve A record of
>>     'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' in DNS
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [schedule_request_timeout]
>>     (0x2000): Scheduling a timeout of 6 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [schedule_timeout_watcher]
>>     (0x2000): Scheduling DNS timeout watcher
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unschedule_timeout_watcher]
>>     (0x4000): Unscheduling DNS timeout watcher
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse]
>>     (0x1000): Parsing an A reply
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [request_watch_destructor]
>>     (0x0400): Deleting request watch
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_server_common_status]
>>     (0x0100): Marking server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'name resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x0200): Found address for server
>>     id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL
>>     1200
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
>>     Constructed uri 'ldap://id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unique_filename_destructor]
>>     (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unlink_dbg] (0x2000): File
>>     already removed: [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x4000):
>>     Using file descriptor [19] for LDAP connection.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400):
>>     Setting 6 seconds timeout for connecting
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_ldap_connect_callback_add]
>>     (0x1000): New LDAP connection to
>>     [ldap://id-management-1.internal.emerlyn.com:389/??base
>>     <http://id-management-1.internal.emerlyn.com:389/??base>] with fd
>>     [19].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_rootdse_send]
>>     (0x4000): Getting rootdse
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with [(objectclass=*)][].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [*]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [altServer]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [namingContexts]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [supportedControl]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [supportedExtension]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [supportedFeatures]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [supportedLDAPVersion]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [supportedSASLMechanisms]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [domainControllerFunctionality]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [defaultNamingContext]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [lastUSN]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [highestCommittedUSN]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 1
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 1 timeout 6
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [vendorName]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [vendorVersion]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [dataversion]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [netscapemdsuffix]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [changeLog]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [firstchangenumber]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [lastchangenumber]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [namingContexts]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [supportedControl]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [supportedExtension]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [supportedLDAPVersion]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [supportedSASLMechanisms]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [defaultNamingContext]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [lastUSN]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 1 finished
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_rootdse_done]
>>     (0x2000): Got rootdse
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_rootdse_done]
>>     (0x2000): Skipping auto-detection of match rule
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_get_server_opts_from_rootdse] (0x4000): USN value: 5396286
>>     (int: 5396286)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_kinit_send] (0x0400):
>>     Attempting kinit (default,
>>     host/docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>, INTERNAL.EMERLYN.COM
>>     <http://INTERNAL.EMERLYN.COM>, 86400)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_kinit_next_kdc] (0x1000):
>>     Resolving next KDC for service IPA
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_resolve_service_send]
>>     (0x0100): Trying to resolve service 'IPA'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'name resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout
>>     set to 6 seconds
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The
>>     status of SRV lookup is resolved
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'name resolved'
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x1000): Saving the first resolved server
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x0200): Found address for server
>>     id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL
>>     1200
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_kinit_kdc_resolved]
>>     (0x1000): KDC resolved, attempting to get TGT...
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [create_tgt_req_send_buffer]
>>     (0x0400): buffer size: 83
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000):
>>     Setting up signal handler up for pid [5472]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000):
>>     Signal handler set up for pid [5472]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_tgt_child_timeout]
>>     (0x0400): Setting 6 seconds timeout for tgt child
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [write_pipe_handler] (0x0400):
>>     All data has been sent!
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Entering.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Adding connection
>>     0x1bbb650.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400):
>>     Adding connection 0x1bbb650
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb2120 (21), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Got a connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_init] (0x0100):
>>     Set-up Backend ID timeout [0x1bbc470]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.sssd.dataprovider
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_conn_register_path]
>>     (0x0400): Registering object path
>>     /org/freedesktop/sssd/dataprovider with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.DBus.Properties
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbb650
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb2120 (21), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb0e00 (21), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Entering.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Adding connection
>>     0x1bbfca0.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400):
>>     Adding connection 0x1bbfca0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1bc0bc0/0x1bbd620 (23), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd670 (23), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Got a connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_init] (0x0100):
>>     Set-up Backend ID timeout [0x1bc0ea0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.sssd.dataprovider
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_conn_register_path]
>>     (0x0400): Registering object path
>>     /org/freedesktop/sssd/dataprovider with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.DBus.Properties
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb2120 (21), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd670 (23), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd620 (23), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd670 (23), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd620 (23), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Entering.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Adding connection
>>     0x1bc2540.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400):
>>     Adding connection 0x1bc2540
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1bc3920/0x1bc2040 (24), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2090 (24), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Got a connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_init] (0x0100):
>>     Set-up Backend ID timeout [0x1bc3c00]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.sssd.dataprovider
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_conn_register_path]
>>     (0x0400): Registering object path
>>     /org/freedesktop/sssd/dataprovider with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.DBus.Properties
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc2540
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Entering.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Adding connection
>>     0x1bc49b0.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400):
>>     Adding connection 0x1bc49b0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1bc5a70/0x1bc3a20 (25), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a70 (25), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Got a connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_init] (0x0100):
>>     Set-up Backend ID timeout [0x1bc5d50]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.sssd.dataprovider
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_conn_register_path]
>>     (0x0400): Registering object path
>>     /org/freedesktop/sssd/dataprovider with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.DBus.Properties
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a70 (25), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a20 (25), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a70 (25), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a20 (25), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd670 (23), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd620 (23), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd670 (23), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc0bc0/0x1bbd620 (23), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2090 (24), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2040 (24), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2090 (24), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2040 (24), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.RegisterService on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Cancel DP ID timeout [0x1bc0ea0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Added Frontend client [PAM]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.getDomains
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400):
>>     Got get subdomains []
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000):
>>     Queue is empty, running request immediately.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000):
>>     Adding request to queue.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): waiting for connection to complete
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2090 (24), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2040 (24), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2090 (24), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc3920/0x1bc2040 (24), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb2120 (21), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb0e00 (21), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb2120 (21), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bbc1c0/0x1bb0e00 (21), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbb650
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.RegisterService on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Cancel DP ID timeout [0x1bbc470]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Added Frontend client [SUDO]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbb650
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.getDomains
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400):
>>     Got get subdomains []
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000):
>>     Adding request to queue.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc2540
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.RegisterService on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Cancel DP ID timeout [0x1bc3c00]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Added Frontend client [SSH]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc2540
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.getDomains
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400):
>>     Got get subdomains []
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000):
>>     Adding request to queue.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Entering.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Adding connection
>>     0x1bcaa90.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400):
>>     Adding connection 0x1bcaa90
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>>     0x1bcba00/0x1bca5c0 (26), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca610 (26), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sbus_server_init_new_connection] (0x0200): Got a connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_client_init] (0x0100):
>>     Set-up Backend ID timeout [0x1bcbce0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.sssd.dataprovider
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_conn_register_path]
>>     (0x0400): Registering object path
>>     /org/freedesktop/sssd/dataprovider with D-Bus connection
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface org.freedesktop.DBus.Properties
>>     with path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface]
>>     (0x0400): Registering interface
>>     org.freedesktop.DBus.Introspectable with path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bcaa90
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca610 (26), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca5c0 (26), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca610 (26), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca5c0 (26), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca610 (26), R/- (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca5c0 (26), -/W (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca610 (26), R/- (enabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bcba00/0x1bca5c0 (26), -/W (disabled)
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bcaa90
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.RegisterService on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Cancel DP ID timeout [0x1bcbce0]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Added Frontend client [PAC]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bcaa90
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.getDomains
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400):
>>     Got get subdomains []
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000):
>>     Adding request to queue.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000):
>>     Waiting for child [5472].
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100):
>>     child [5472] finished successfully.
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [read_pipe_handler] (0x0400):
>>     EOF received, client finished
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_tgt_recv] (0x0400):
>>     Child responded: 0
>>     [FILE:/var/lib/sss/db/ccache_INTERNAL.EMERLYN.COM
>>     <http://ccache_INTERNAL.EMERLYN.COM>], expired on [1471028716]
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x0100):
>>     expire timeout is 900
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x1000):
>>     the connection will expire at 1470943216
>>     (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sasl_bind_send] (0x0100):
>>     Executing sasl bind mech: GSSAPI, user:
>>     host/docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [_be_fo_set_port_status]
>>     (0x8000): Setting status: PORT_WORKING. Called from:
>>     ../src/providers/ldap/sdap_async_connection.c:
>>     sdap_cli_connect_recv: 2052
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100):
>>     Marking port 389 of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'working'
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_server_common_status]
>>     (0x0100): Marking server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'working'
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400):
>>     Marking port 389 of duplicate server
>>     'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'working'
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done]
>>     (0x4000): notify connected to op #1
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_connect_done]
>>     (0x0400): SUDO LDAP connection successful
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_ipv4_addr] (0x0200):
>>     Loopback IPv4 address 127.0.0.1
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses]
>>     (0x2000): Found IP address: 10.72.100.66 in network
>>     10.72.100.0/24 <http://10.72.100.0/24>
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses]
>>     (0x2000): Found IP address: 172.17.0.1 in network 172.17.0.0/16
>>     <http://172.17.0.0/16>
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_ipv6_addr] (0x0200):
>>     Loopback IPv6 address ::1
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses]
>>     (0x2000): Found IP address: fe80::250:56ff:fe9a:495f in network
>>     fe80::/64
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses]
>>     (0x2000): Found IP address: fe80::42:43ff:fe27:e955 in network
>>     fe80::/64
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses]
>>     (0x2000): Found IP address: fe80::ac23:29ff:fe04:bb1a in network
>>     fe80::/64
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses]
>>     (0x2000): Found IP address: fe80::c494:9dff:feed:a7d8 in network
>>     fe80::/64
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_hostnames_send]
>>     (0x2000): Found fqdn: docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_get_hostnames_send]
>>     (0x2000): Found hostname: docker-dev-01
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done]
>>     (0x4000): notify connected to op #2
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaBaseID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaSecondaryBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaIDRangeSize]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaRangeType]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 5
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 5 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done]
>>     (0x4000): caching successful connection after 2 notifies
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_run_unconditional_online_cb]
>>     (0x0400): Running unconditional online callbacks.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_run_online_cb] (0x0080):
>>     Going online. Running callbacks.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_send]
>>     (0x0400): About to fetch sudo rules
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_search_bases_next_base]
>>     (0x0400): Issuing LDAP lookup with base
>>     [ou=sudoers,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>)(sudoHost=docker-dev-01)(sudoHost=10.72.100.66)(sudoHost=10.72.100.0/24)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=fe80::250:56ff:fe9a:495f)(sudoHost=fe80::/64)(sudoHost=fe80::42:43ff:fe27:e955)(sudoHost=fe80::/64)(sudoHost=fe80::ac23:29ff:fe04:bb1a)(sudoHost=fe80::/64)(sudoHost=fe80::c494:9dff:feed:a7d8)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=sudoers,dc=internal,dc=emerlyn,dc=com
>>     <http://10.72.100.0/24%29%28sudoHost=172.17.0.1%29%28sudoHost=172.17.0.0/16%29%28sudoHost=fe80::250:56ff:fe9a:495f%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::42:43ff:fe27:e955%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::ac23:29ff:fe04:bb1a%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::c494:9dff:feed:a7d8%29%28sudoHost=fe80::/64%29%28sudoHost=+*%29%28%7C%28sudoHost=*%5C%5C*%29%28sudoHost=*?*%29%28sudoHost=*%5C2A*%29%28sudoHost=*[*]*%29%29%29%29][ou=sudoers,dc=internal,dc=emerlyn,dc=com>].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoCommand]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoHost]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoUser]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoOption]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoRunAs]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoRunAsUser]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoRunAsGroup]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoNotBefore]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoNotAfter]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sudoOrder]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 6 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a70 (25), R/- (disabled)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a20 (25), -/W (enabled)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a70 (25), R/- (enabled)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>>     0x1bc5a70/0x1bc3a20 (25), -/W (disabled)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.RegisterService on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Cancel DP ID timeout [0x1bc5d50]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [client_registration] (0x0100):
>>     Added Frontend client [NSS]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.getDomains
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400):
>>     Got get subdomains []
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000):
>>     Adding request to queue.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [cn=All,ou=sudoers,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [sudoCommand]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [sudoHost]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [sudoUser]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [sudoRunAsUser]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [sudoRunAsGroup]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 6 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_search_bases_done]
>>     (0x0400): Receiving data from base
>>     [ou=sudoers,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_done]
>>     (0x0040): Received 1 sudo rules
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_done]
>>     (0x0400): Received 1 rules
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_sudo_purge_all] (0x0400):
>>     Deleting all cached sudo rules
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2300
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb23c0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2300 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb23c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2300 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_sudo_store_rule]
>>     (0x0400): Adding sudo rule All
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb11b0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd63c0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb11b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd63c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb11b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1be3710
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1be37d0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1be3710 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1be37d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1be3710 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_done]
>>     (0x0400): Sudoers is successfuly stored in cache
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_set_usn] (0x0200):
>>     SUDO higher USN value: [2582737]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb31e0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb32a0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb31e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb32a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb31e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb15d0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1690
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb15d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1690 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb15d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_full_refresh_done]
>>     (0x0400): Successful full refresh of sudo rules
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_done] (0x0400): Task
>>     [SUDO Full Refresh]: finished successfully
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400):
>>     Task [SUDO Full Refresh]: scheduling task 21600 seconds from last
>>     execution time [1470963916]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb0d50], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_subdom_reset_timeouts_cb]
>>     (0x4000): Resetting last_refreshed and disabled_until.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaBaseID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaSecondaryBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaIDRangeSize]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaRangeType]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 7
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 7 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaBaseID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSecondaryBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaIDRangeSize]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaRangeType]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 5 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9eae0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9eba0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9eae0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9eba0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9eae0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_update_ranges] (0x0400):
>>     Adding range [INTERNAL.EMERLYN.COM_id_range].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1be29e0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1be2aa0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1be29e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1be2aa0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1be29e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9eae0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9eba0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9eae0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9eba0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9eae0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9ea20
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9eae0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9ea20 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9eae0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9ea20 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTFlatName]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 8
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 8 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_subdomains_handler_ranges_done] (0x4000): Checking master
>>     record..
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaBaseID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSecondaryBaseRID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaIDRangeSize]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaRangeType]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 7 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1ba02b0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1ba0370
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1ba02b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1ba0370 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1ba02b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1ba0370
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1ba0430
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1ba0370 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1ba0430 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1ba0370 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2ad0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb2b90
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2ad0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb2b90 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2ad0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTFlatName]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 9
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 9 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_subdomains_handler_ranges_done] (0x4000): Checking master
>>     record..
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTFlatName]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 8 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0f70
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1030
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0f70 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1030 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0f70 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0f70
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1030
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0f70 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1030 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0f70 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6910
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1040
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6910 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1040 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6910 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTFlatName]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTTrustDirection]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 10
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 10 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTFlatName]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 9 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTFlatName]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTTrustDirection]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 11
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 11 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 10 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_deref_search_with_filter_send] (0x2000): Server supports
>>     OpenLDAP deref
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send]
>>     (0x0400): Dereferencing entry
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com] using OpenLDAP deref
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 12
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 12 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 11 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_deref_search_with_filter_send] (0x2000): Server supports
>>     OpenLDAP deref
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send]
>>     (0x0400): Dereferencing entry
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com] using OpenLDAP deref
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 13
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 13 timeout 6
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): Got deref control
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): All deref results from a single control parsed
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 12 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x0400): No view found, using default.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x0400): Found view name [default].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x4000): Found IPA default view name, replacing with sysdb default.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x4000): read_at_init [false] current view  [(null)].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6870
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd6930
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6870 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd6930 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6870 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd95b0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd9670
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd95b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd9670 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd95b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd04e0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd05a0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd04e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd05a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd04e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1ba0500
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd95e0
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1ba0500 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd95e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1ba0500 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1d60
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1e20
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1d60 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1e20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1d60 "ltdb_callback"
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_subdomains_callback]
>>     (0x0400): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_next_request]
>>     (0x4000): Queued request filed successfully.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_subdomains_callback]
>>     (0x0400): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_next_request]
>>     (0x4000): Queued request filed successfully.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_subdomains_callback]
>>     (0x0400): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_next_request]
>>     (0x4000): Queued request filed successfully.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_subdomains_callback]
>>     (0x0400): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_next_request]
>>     (0x4000): Queued request filed successfully.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_subdomains_callback]
>>     (0x0400): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_queue_next_request]
>>     (0x4000): Request queue is empty.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400):
>>     Back end is online
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task
>>     [SUDO Smart Refresh]: already enabled
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400):
>>     Back end is online
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task
>>     [SUDO Full Refresh]: already enabled
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): Got deref control
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): All deref results from a single control parsed
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 13 finished
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x0400): No view found, using default.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x0400): Found view name [default].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x4000): Found IPA default view name, replacing with sysdb default.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_view_name_done]
>>     (0x4000): read_at_init [true] current view  [default].
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_sudo_online_cb] (0x0400):
>>     We are back online. SUDO host information will be renewed on next
>>     refresh.
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [delayed_online_authentication_callback] (0x0200): Backend is
>>     online, starting delayed online authentication.
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x1001][FAST BE_REQ_USER][1][idnumber=320000001]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb04f0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3d80
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb04f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3d80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb04f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_idmap_check_posix_child]
>>     (0x4000): Idmap of domain
>>     [S-1-5-21-711561063-4190233445-1602496204] already known, nothing
>>     to do.
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_search_user_next_base]
>>     (0x0400): Searching for users with base
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(uidNumber=320000001)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [uid]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [uidNumber]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gecos]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [homeDirectory]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginShell]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [krbPrincipalName]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowLastChange]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowMin]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowMax]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowWarning]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowInactive]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowExpire]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowFlag]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [krbLastPwdChange]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [krbPasswordExpiration]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [pwdAttribute]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [authorizedService]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [accountExpires]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userAccountControl]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [nsAccountLock]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [host]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginDisabled]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginExpirationTime]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginAllowedTimeMap]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaSshPubKey]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUserAuthType]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userCertificate;binary]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 14
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 14 timeout 6
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [uid]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [uidNumber]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gidNumber]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gecos]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [homeDirectory]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [loginShell]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [krbPrincipalName]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [modifyTimestamp]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [krbLastPwdChange]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [krbPasswordExpiration]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [nsAccountLock]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 14 finished
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_search_user_process]
>>     (0x0400): Search for users, returned 1 results.
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_search_user_process]
>>     (0x4000): Retrieved total 1 users
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jgoddard
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Processing user jgoddard
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000):
>>     Adding originalDN
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Adding original memberOf attributes to [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original mod-Timestamp [20160811190153Z] to
>>     attributes of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Adding user principal [jgoddard at INTERNAL.EMERLYN.COM
>>     <mailto:jgoddard at INTERNAL.EMERLYN.COM>] to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowLastChange is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowMin is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowMax is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowWarning is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowInactive is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowExpire is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowFlag is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding krbLastPwdChange [20160718194453Z] to attributes
>>     of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding krbPasswordExpiration [20170718194453Z] to
>>     attributes of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): pwdAttribute is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): authorizedService is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): adAccountExpires is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): adUserAccountControl is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding nsAccountLock [FALSE] to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): authorizedHost is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): ndsLoginDisabled is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): ndsLoginExpirationTime is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): ndsLoginAllowedTimeMap is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding sshPublicKey
>>     [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
>>     to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): authType is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): userCertificate is not available for [jgoddard].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Storing info for user jgoddard
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfbbe0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfbca0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfbbe0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfbca0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfbbe0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400):
>>     No such entry
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfb6d0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfaa10
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfb6d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfaa10 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfb6d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_user_by_uid]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfebf0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfecb0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfebf0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfecb0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfebf0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c09ca0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c09d60
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c09ca0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c09d60 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c09ca0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0af50
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bff180
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0af50 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bff180 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0af50 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_users] (0x4000): User
>>     0 processed!
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_users_done] (0x4000):
>>     Saving 1 Users - Done
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb27b0
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3d80
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb27b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3d80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb27b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_get_ad_override_connect_done] (0x4000): Searching for
>>     overrides in view [Default Trust View] with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
>>     Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 15
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 15 timeout 6
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 15 finished
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done]
>>     (0x4000): No override found with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2060
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb2d60
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2060 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb2d60 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2060 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bc8780
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1ea0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bc8780 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1ea0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bc8780 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000001]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base]
>>     (0x0400): Searching for groups with base
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(gidNumber=320000001)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [posixGroup]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaExternalMember]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 16
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 16 timeout 6
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gidNumber]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [modifyTimestamp]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 16 finished
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_process]
>>     (0x0400): Search for groups, returned 1 results.
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_has_deref_support]
>>     (0x0400): The server supports deref method OpenLDAP
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [groups]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): About to process group
>>     [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 0 users found in the hash table
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 1 groups found in the hash table
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str]
>>     (0x1000): No [objectSIDString] attribute. [0][Success]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x4000):
>>     objectSID: not available for group [(null)].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jgoddard
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Processing group jgoddard
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This
>>     is a posix group
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original DN
>>     [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original mod-Timestamp [20150116164416Z] to
>>     attributes of [jgoddard].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): The group has 0 members
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Group has 0 members
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Storing info for group jgoddard
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0eb0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0f70
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0f70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400):
>>     No such entry
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000):
>>     Group jgoddard does not exist.
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bae460
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9f970
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bae460 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9f970 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bae460 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd05a0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd0660
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd05a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd0660 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd05a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bca2c0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd6740
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bca2c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c011d0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c01290
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd6740 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bca2c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c011d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c01290 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c011d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 processed!
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str]
>>     (0x1000): No [objectSIDString] attribute. [0][Success]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Failed to get group sid
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jgoddard
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Processing group jgoddard
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): No
>>     members for group [jgoddard]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1280
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bae5c0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1280 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bae5c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1280 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9f970
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bae5c0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9f970 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bae5c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9f970 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 members processed!
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No
>>     external members, done(Thu Aug 11 15:05:25 2016)
>>     [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>>     [sdap_id_op_done] (0x4000): releasing operation connection
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1baf710
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1ea0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1baf710 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1ea0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1baf710 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_get_ad_override_connect_done] (0x4000): Searching for
>>     overrides in view [Default Trust View] with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))][cn=Default
>>     Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 17
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 17 timeout 6
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 17 finished
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done]
>>     (0x4000): No override found with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1baf650
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1baf710
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1baf650 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1baf710 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1baf650 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2290
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1ea0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2290 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1ea0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2290 "ltdb_callback"
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000000]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base]
>>     (0x0400): Searching for groups with base
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(gidNumber=320000000)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [posixGroup]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaExternalMember]
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 18
>>     (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 18 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.service.ping on path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gidNumber]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [member]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [modifyTimestamp]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 18 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_process]
>>     (0x0400): Search for groups, returned 1 results.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_has_deref_support]
>>     (0x0400): The server supports deref method OpenLDAP
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [groups]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): About to process group
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6770
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd6830
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6770 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd6830 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6770 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bca3e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd67b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bca3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd67b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bca3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>>     unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bca3e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd66b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bca3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd66b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bca3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd63c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd6480
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd63c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd6480 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd63c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6480
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd66c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6480 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd66c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6480 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     found in cache, skipping
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0eb0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0f70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0f70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb12c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7ae0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb12c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7ae0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb12c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb1210
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7ae0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb1210 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7ae0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb1210 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd04e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf14a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd04e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf14a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd04e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>>     unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): Looking up 4/5 members of group
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): Members of group
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     will be processed individually
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 4 users found in the hash table
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 1 groups found in the hash table
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jfifield
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb1160
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1220
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb1160 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1220 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb1160 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object admin
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9f1e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd0a30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9f1e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd0a30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9f1e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object chunsicker
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9fa30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bcd910
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9fa30 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bcd910 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9fa30 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object test
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bcd910
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bae4d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bcd910 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bae4d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bcd910 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object admins
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Processing group admins
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This
>>     is a posix group
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original DN
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     to attributes of [admins].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original mod-Timestamp [20160408185328Z] to
>>     attributes of [admins].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): The group has 5 members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Group has 5 members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [admin]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [chunsicker]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jfifield]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [test]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Storing info for group admins
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd15f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd16b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd15f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd16b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd15f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000):
>>     Group admins does not exist.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd07f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd15f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd07f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd15f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd07f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd0a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd160
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd0a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd160 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd0a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfc820
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc8e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfc820 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c060a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c06160
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc8e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfc820 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c060a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c06160 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c060a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 processed!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object admins
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Processing group admins
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c07c50
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc820
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c07c50 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc820 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c07c50 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf94a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc820
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf94a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc820 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf94a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_sids_of_members]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x2000):
>>     retain_extern_members failed: 2:[No such file or directory].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Adding member users to group [admins]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_find_entry_by_origDN]
>>     (0x4000): Searching cache for
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfc820
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf94a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfc820 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf94a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfc820 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_fill_memberships]
>>     (0x1000):     member #2
>>     (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
>>     [name=jgoddard,cn=users,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfcd30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd07f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfcd30 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd07f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfcd30 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd07f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf9880
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd07f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c060d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c04a30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf9880 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd07f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c060d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c06fe0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c070a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c04a30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c060d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c06fe0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0c5c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c0c680
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c070a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c06fe0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0c5c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c09ce0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c0d660
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c0c680 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0c5c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c09ce0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c0d660 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c09ce0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 members processed!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No
>>     external members, done(Thu Aug 11 15:05:26 2016)
>>     [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>>     [sdap_id_op_done] (0x4000): releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb26f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb27b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb26f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb27b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb26f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_get_ad_override_connect_done] (0x4000): Searching for
>>     overrides in view [Default Trust View] with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))][cn=Default
>>     Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 19
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 19 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 19 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done]
>>     (0x4000): No override found with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0b70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb26f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb26f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bc91d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bc9290
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bc91d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bc9290 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bc91d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000019]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base]
>>     (0x0400): Searching for groups with base
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(gidNumber=320000019)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [posixGroup]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaExternalMember]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 20
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 20 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gidNumber]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [member]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [modifyTimestamp]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 20 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_process]
>>     (0x0400): Search for groups, returned 1 results.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_has_deref_support]
>>     (0x0400): The server supports deref method OpenLDAP
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [groups]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): About to process group
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd7900
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd79c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd7900 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd79c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd7900 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd7bf0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf1780
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd7bf0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf1780 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd7bf0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0eb0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0f70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0f70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf0c10
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf0cd0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf0c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf0cd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf0c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf0c10
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf0cd0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf0c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf0cd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf0c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf1780
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf1840
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf1780 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf1840 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf1780 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf1950
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0eb0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf1950 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0eb0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf1950 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf0c10
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf0cd0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf0c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf0cd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf0c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf1780
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf1840
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf1780 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf1840 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf1780 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd7bc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7c80
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd7bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7c80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd7bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd7bc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7c80
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd7bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7c80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd7bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     found in cache, skipping
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd63c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd6480
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd63c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd6480 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd63c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bda620
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bda6e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bda620 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bda6e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bda620 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): Looking up 6/7 members of group
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): Members of group
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     will be processed individually
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 6 users found in the hash table
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 1 groups found in the hash table
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jviger
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd7fb0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd8070
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd7fb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd8070 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd7fb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jfifield
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd82d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd63c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd82d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd63c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd82d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object chunsicker
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf1d70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd6e00
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf1d70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd6e00 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf1d70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object cperry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1520
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bda4d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1520 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bda4d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1520 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jodell
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bef750
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd82d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bef750 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd82d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bef750 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object lglassover
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd69e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bcda20
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd69e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bcda20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd69e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object developers
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Processing group developers
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This
>>     is a posix group
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original DN
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     to attributes of [developers].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original mod-Timestamp [20160504191023Z] to
>>     attributes of [developers].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): The group has 7 members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Group has 7 members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [chunsicker]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [cperry]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jfifield]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jodell]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [lglassover]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jviger]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Storing info for group developers
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bef790
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1befb90
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bef790 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1befb90 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bef790 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000):
>>     Group developers does not exist.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bcda20
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bda7d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bcda20 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bda7d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bcda20 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfdba0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfdc60
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfdba0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfdc60 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfdba0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c064a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c06560
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c064a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c068f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c069b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c06560 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c064a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c068f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c069b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c068f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 processed!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object developers
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Processing group developers
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c053d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf0a20
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c053d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf0a20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c053d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfe3e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd12d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfe3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd12d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfe3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_sids_of_members]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x2000):
>>     retain_extern_members failed: 2:[No such file or directory].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Adding member users to group [developers]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_find_entry_by_origDN]
>>     (0x4000): Searching cache for
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bda7d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c074e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bda7d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c074e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bda7d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_fill_memberships]
>>     (0x1000):     member #5
>>     (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
>>     [name=jgoddard,cn=users,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfe3e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1befb90
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfe3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1befb90 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfe3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfe3e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c053d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfe3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c082f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c083b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c053d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfe3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c082f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfddb0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfde70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c083b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c082f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfddb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c089f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c0c5a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfde70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfddb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c089f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0c3e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c06d50
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c0c5a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c089f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0c3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c06d50 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0c3e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 members processed!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No
>>     external members, done(Thu Aug 11 15:05:26 2016)
>>     [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>>     [sdap_id_op_done] (0x4000): releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9f1f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb26f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9f1f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb26f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9f1f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_get_ad_override_connect_done] (0x4000): Searching for
>>     overrides in view [Default Trust View] with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))][cn=Default
>>     Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 21
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 21 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 21 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done]
>>     (0x4000): No override found with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb05e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb16c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb05e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb16c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb05e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6aa0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1baf650
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6aa0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1baf650 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6aa0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000031]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base]
>>     (0x0400): Searching for groups with base
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(gidNumber=320000031)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [posixGroup]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaExternalMember]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 22
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 22 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gidNumber]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [member]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [modifyTimestamp]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 22 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_groups_process]
>>     (0x0400): Search for groups, returned 1 results.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_has_deref_support]
>>     (0x0400): The server supports deref method OpenLDAP
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [groups]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): About to process group
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd67e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd68a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd67e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd68a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd67e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb21d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb2290
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb21d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb2290 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb21d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6720
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd67e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6720 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd67e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6720 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6480
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf18b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6480 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf18b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6480 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd6480
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf18b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd6480 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf18b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd6480 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     found in cache, skipping
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0f70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1030
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0f70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1030 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0f70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2bc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd71c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd71c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd71c0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7280
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd71c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7280 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd71c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2bc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb1260
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb1260 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd0fc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0b70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd0fc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0b70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd0fc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2bc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0b70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0b70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2bc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb11e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb12a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb11e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb12a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb11e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd7f50
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd8010
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd7f50 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd8010 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd7f50 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd8010
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb11e0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd8010 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb11e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd8010 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     Search groups with filter:
>>     (&(objectclass=group)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd8210
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7f50
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd8210 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7f50 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd8210 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_groups] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_nested_group_split_members] (0x4000):
>>     [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     is unknown object
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): Looking up 7/8 members of group
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send]
>>     (0x2000): Members of group
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     will be processed individually
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert]
>>     (0x4000): Inserting
>>     [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     into hash table [users]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 7 users found in the hash table
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_group_recv]
>>     (0x0400): 1 groups found in the hash table
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jviger
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1de0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7c30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1de0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7c30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1de0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jfifield
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb23f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0b70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb23f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0b70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb23f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object mlibby
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfe660
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0f30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfe660 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0f30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfe660 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object chunsicker
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd0fc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc150
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd0fc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc150 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd0fc0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object cperry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfeb20
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd8450
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfeb20 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd8450 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfeb20 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jodell
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd8450
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf0af0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd8450 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf0af0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd8450 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object lglassover
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     Search users with filter:
>>     (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb23f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd0fc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb23f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd0fc0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb23f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jira-administrators
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Processing group jira-administrators
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This
>>     is a posix group
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original DN
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     to attributes of [jira-administrators].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original mod-Timestamp [20160504191023Z] to
>>     attributes of [jira-administrators].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): The group has 8 members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Group has 8 members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [chunsicker]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jfifield]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [cperry]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jodell]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [jviger]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [lglassover]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_ghost_members]
>>     (0x0400): Adding ghost member for group [mlibby]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400):
>>     Storing info for group jira-administrators
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2250
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb2310
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2250 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb2310 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2250 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400):
>>     No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_store_group] (0x1000):
>>     Group jira-administrators does not exist.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0eb0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb2250
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb2250 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0eb0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_group_by_gid]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfdee0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfdfa0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfdee0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfdfa0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfdee0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c07fd0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08090
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c07fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08730
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c087f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08090 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c07fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08730 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c087f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08730 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 processed!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jira-administrators
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Processing group jira-administrators
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2250
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08150
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2250 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08150 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2250 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0b70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc150
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc150 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_sids_of_members]
>>     (0x0400): No such entry
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x2000):
>>     retain_extern_members failed: 2:[No such file or directory].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400):
>>     Adding member users to group [jira-administrators]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_find_entry_by_origDN]
>>     (0x4000): Searching cache for
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9f9f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc150
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9f9f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc150 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9f9f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_fill_memberships]
>>     (0x1000):     member #2
>>     (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
>>     [name=jgoddard,cn=users,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0a510
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd0fc0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0a510 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd0fc0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0a510 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0b70
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfc150
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0a0a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfcd30
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfc150 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0a0a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c096d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c09790
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfcd30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0a0a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c096d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0cb20
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c087a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c09790 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c096d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0cb20 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0bd80
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c0d9d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c087a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0cb20 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0bd80 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c0d9d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0bd80 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_groups] (0x4000):
>>     Group 0 members processed!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No
>>     external members, done(Thu Aug 11 15:05:26 2016)
>>     [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>>     [sdap_id_op_done] (0x4000): releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bbc470
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd7a10
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bbc470 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd7a10 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bbc470 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_get_ad_override_connect_done] (0x4000): Searching for
>>     overrides in view [Default Trust View] with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))][cn=Default
>>     Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 23
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 23 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 23 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done]
>>     (0x4000): No override found with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb2d60
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bc91d0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb2d60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bc91d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb2d60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb1f60
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bc93a0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb1f60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bc93a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb1f60 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x1004][FAST BE_REQ_NETGROUP][1][name=office]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_next_base] (0x0400):
>>     Searching for netgroups with base
>>     [cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(cn=office)(objectclass=ipaNisNetgroup))][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberUser]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberHost]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [externalHost]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [nisDomainName]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 24
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 24 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberHost]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [nisDomainName]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 24 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_netgroups_process]
>>     (0x0400): Search for netgroups, returned 1 results.
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(|(memberOf=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com))(objectclass=ipaHost))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 25
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 25 timeout 6
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=goddard-l.internal.emerlyn.com
>>     <http://goddard-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=crashplan-master.internal.emerlyn.com
>>     <http://crashplan-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=staging-app-2.internal.emerlyn.com
>>     <http://staging-app-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=nagios-2.internal.emerlyn.com
>>     <http://nagios-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=metrics-1.internal.emerlyn.com
>>     <http://metrics-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=rundeck-master.internal.emerlyn.com
>>     <http://rundeck-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=pairing-vm2.internal.emerlyn.com
>>     <http://pairing-vm2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=mike-d.internal.emerlyn.com
>>     <http://mike-d.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=jenkins.internal.emerlyn.com
>>     <http://jenkins.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=sonar-01.internal.emerlyn.com
>>     <http://sonar-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=emerlyn-loaner.internal.emerlyn.com
>>     <http://emerlyn-loaner.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=graylog-01.internal.emerlyn.com
>>     <http://graylog-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=utility-01.internal.emerlyn.com
>>     <http://utility-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=lglassover-l.internal.emerlyn.com
>>     <http://lglassover-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=docker-dev-02.internal.emerlyn.com
>>     <http://docker-dev-02.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=docker-dev-03.internal.emerlyn.com
>>     <http://docker-dev-03.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 25 finished
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_members_process]
>>     (0x2000): Found 18 members in current search base
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x2000): Extracting netgroup members of netgroup 0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x2000): Extracted 0 netgroup members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x4000): Extracting user members of netgroup 0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x2000): Extracted 0 user members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x4000): Extracting host members of netgroup 0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x2000): Extracted 18 host members
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_netgr_process_all]
>>     (0x2000): Putting together triples of netgroup 0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x2000):
>>     Storing netgroup office
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000):
>>     Adding original DN
>>     [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] to
>>     attributes of [office].
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No
>>     original members for netgroup [office]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No
>>     members for netgroup [office]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x0400):
>>     Storing info for netgroup office
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c135f0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c136b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c135f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c136b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c135f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c1d5b0
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1d670
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c1d5b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1d670 "ltdb_timeout"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c1d5b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method
>>     org.freedesktop.sssd.dataprovider.getAccountInfo on path
>>     /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200):
>>     Got request for [0x3][BE_REQ_INITGROUPS][1][name=jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb26f0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb27b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb26f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb27b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb26f0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb05e0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0b70
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb05e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bc8730
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bc87f0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0b70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb05e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bc8730 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb0b70
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bda750
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bc87f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bc8730 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bda4d0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bc8670
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bda750 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb0b70 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bda4d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bc8670 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bda4d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_send] (0x4000):
>>     Retrieving info for initgroups call
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_next_base]
>>     (0x0400): Searching for users with base
>>     [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(uid=jgoddard)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [uid]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [uidNumber]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gecos]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [homeDirectory]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginShell]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [krbPrincipalName]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowLastChange]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowMin]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowMax]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowWarning]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowInactive]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowExpire]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [shadowFlag]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [krbLastPwdChange]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [krbPasswordExpiration]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [pwdAttribute]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [authorizedService]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [accountExpires]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userAccountControl]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [nsAccountLock]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [host]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginDisabled]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginExpirationTime]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [loginAllowedTimeMap]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaSshPubKey]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUserAuthType]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userCertificate;binary]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 26
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 26 timeout 6
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [uid]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [uidNumber]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gidNumber]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [gecos]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [homeDirectory]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [loginShell]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [krbPrincipalName]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [modifyTimestamp]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [entryUSN]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [krbLastPwdChange]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [krbPasswordExpiration]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [nsAccountLock]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaSshPubKey]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 26 finished
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000):
>>     Receiving info for the user
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000):
>>     Storing the user
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Processing user jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000):
>>     Adding originalDN
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Adding original memberOf attributes to [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding original mod-Timestamp [20160811190153Z] to
>>     attributes of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Adding user principal [jgoddard at INTERNAL.EMERLYN.COM
>>     <mailto:jgoddard at INTERNAL.EMERLYN.COM>] to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowLastChange is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowMin is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowMax is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowWarning is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowInactive is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowExpire is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): shadowFlag is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding krbLastPwdChange [20160718194453Z] to attributes
>>     of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding krbPasswordExpiration [20170718194453Z] to
>>     attributes of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): pwdAttribute is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): authorizedService is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): adAccountExpires is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): adUserAccountControl is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding nsAccountLock [FALSE] to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): authorizedHost is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): ndsLoginDisabled is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): ndsLoginExpirationTime is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): ndsLoginAllowedTimeMap is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): Adding sshPublicKey
>>     [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
>>     to attributes of [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): authType is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr]
>>     (0x2000): userCertificate is not available for [jgoddard].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400):
>>     Storing info for user jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2960
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf2a20
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2960 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf2a20 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2960 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c002a0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c00360
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c002a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c00360 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c002a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [userPassword] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c091e0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd090
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c091e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd090 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c091e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowLastChange] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c02b70
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c02b70 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowMin] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf25f0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf25f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowMax] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd2b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowWarning] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c060e0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c02320
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c060e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c02320 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c060e0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowInactive] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c01a10
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c05b90
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c01a10 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c05b90 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c01a10 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowExpire] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c01a10
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c01a10 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfed00 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c01a10 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [shadowFlag] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c01a10
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c01a10 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [pwdAttribute] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd090
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd090 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [authorizedService] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c01a10
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c01a10 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [adAccountExpires] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd090
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd090 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [adUserAccountControl] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c09740
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c09740 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [authorizedHost] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf29a0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd090
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf29a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd090 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf29a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [ndsLoginDisabled] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf29a0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf29a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfed00 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf29a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [ndsLoginExpirationTime] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf29a0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf29a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfd2b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [ndsLoginAllowedTimeMap] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd2b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd2b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [authType] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfd090
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfd090 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfed00 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_remove_attrs] (0x2000):
>>     Removing attribute [userCertificate] from [jgoddard]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf29a0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf29a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfed00 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf29a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): cancel ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000):
>>     Commit change
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf1a80
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf1b40
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf1a80 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf1b40 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf1a80 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000):
>>     Process user's groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_has_deref_support]
>>     (0x0400): The server supports deref method OpenLDAP
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_deref_search_send]
>>     (0x2000): Server supports OpenLDAP deref
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send]
>>     (0x0400): Dereferencing entry
>>     [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     using OpenLDAP deref
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send]
>>     (0x0400): WARNING: Disabling paging because scope is set to base.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with [no
>>     filter][uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [posixGroup]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userPassword]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [gidNumber]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaNTSecurityIdentifier]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [modifyTimestamp]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [entryUSN]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaExternalMember]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 27
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 27 timeout 6
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): Got deref control
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: top
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: groupofnames
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: posixgroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipausergroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaobject
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: nestedGroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaNTGroupAttrs
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Found map for objectclass 'posixgroup'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: objectClass
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: cn
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: admins
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: gidNumber
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 320000000
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: member
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaUniqueID
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 19821026-9d9b-11e4-8386-0050568354a7
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaNTSecurityIdentifier
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     S-1-5-21-711561063-4190233445-1602496204-512
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: modifyTimestamp
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 20160408185328Z
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: entryUSN
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 3382936
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: top
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: groupofnames
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: nestedgroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipausergroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaobject
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Found map for objectclass 'ipausergroup'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: objectClass
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: cn
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: ipausers
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: member
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=mmasters,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=ntaylor,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=nagiosadmin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=rclay-storm,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=nagios,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=bandreoli,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=emerlyn,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=db-restore,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaUniqueID
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 198528d8-9d9b-11e4-a057-0050568354a7
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: modifyTimestamp
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 20160510140017Z
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: entryUSN
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 3855196
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaobject
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: top
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipausergroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: posixgroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: groupofnames
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: nestedgroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipantgroupattrs
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Found map for objectclass 'ipausergroup'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: objectClass
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: cn
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: developers
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: gidNumber
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 320000019
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: member
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaUniqueID
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: f047af7a-09fd-11e5-8827-0050568354a7
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaNTSecurityIdentifier
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     S-1-5-21-711561063-4190233445-1602496204-1019
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: modifyTimestamp
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 20160504191023Z
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: entryUSN
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 3757093
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipasudorule
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaassociation
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaobject
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: top
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipausergroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: posixgroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: groupofnames
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: nestedgroup
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipantgroupattrs
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Found map for objectclass 'ipausergroup'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: objectClass
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: cn
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: jira-administrators
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: gidNumber
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 320000031
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: member
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaUniqueID
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 48d1856c-3f73-11e5-94f7-0050568354a7
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaNTSecurityIdentifier
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     S-1-5-21-711561063-4190233445-1602496204-1031
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: modifyTimestamp
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 20160504191023Z
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: entryUSN
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: 3757081
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): All deref results from a single control parsed
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 27 finished
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2480
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf2540
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2480 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf2540 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2480 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfcf30
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bffc10
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfcf30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bffc10 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfcf30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_search_by_name] (0x0400):
>>     No such entry
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups]
>>     (0x1000): Group #1 [ipausers][ipausers] is not cached, need to
>>     add a fake entry
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfcf30
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf29e0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfcf30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf29e0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfcf30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfcd70
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf8870
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfcd70 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf8870 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfcd70 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object admins
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object ipausers
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str]
>>     (0x1000): No [objectSIDString] attribute. [0][Success]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups]
>>     (0x1000): The group ipausers gid was missing
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups]
>>     (0x0400): Marking group ipausers as non-posix and setting GID=0!
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups]
>>     (0x2000): Adding fake group ipausers to sysdb
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf7860
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd8ba0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf7860 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd8ba0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf7860 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf8870
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf24c0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf8870 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf24c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf8870 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object admins
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x2000): searching sysdb with filter
>>     [(&(objectClass=group)(member=name=admins,cn=groups,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb))]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2920
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd9100
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2920 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd9100 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2920 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x1000): admins is a member of 0 sysdb groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up
>>     direct parents for group
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): The group
>>     [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     has 0 direct parents
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_membership_diff] (0x1000): The group
>>     admins is a direct member of 0 LDAP groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object ipausers
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x2000): searching sysdb with filter
>>     [(&(objectClass=group)(member=name=ipausers,cn=groups,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb))]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf24c0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd9100
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf24c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd9100 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf24c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x1000): ipausers is a member of 0 sysdb groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up
>>     direct parents for group
>>     [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): The group
>>     [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     has 0 direct parents
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_membership_diff] (0x1000): The group
>>     ipausers is a direct member of 0 LDAP groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object developers
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x2000): searching sysdb with filter
>>     [(&(objectClass=group)(member=name=developers,cn=groups,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb))]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf24c0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf2920
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf24c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf2920 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf24c0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x1000): developers is a member of 0 sysdb groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up
>>     direct parents for group
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): The group
>>     [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     has 0 direct parents
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_membership_diff] (0x1000): The group
>>     developers is a direct member of 0 LDAP groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_primary_name]
>>     (0x0400): Processing object jira-administrators
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x2000): searching sysdb with filter
>>     [(&(objectClass=group)(member=name=jira-administrators,cn=groups,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb))]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2920
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfed00
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2920 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfed00 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2920 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x1000): jira-administrators is a member of 0 sysdb groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): Looking up
>>     direct parents for group
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_direct_parents] (0x4000): The group
>>     [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     has 0 direct parents
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_nested_get_membership_diff] (0x1000): The group
>>     jira-administrators is a direct member of 0 LDAP groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_store_user_memberships] (0x1000): The user jgoddard
>>     is a direct member of 4 LDAP groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x2000): searching sysdb with filter
>>     [(&(objectClass=group)(member=name=jgoddard,cn=users,cn=internal.emerlyn.com
>>     <http://internal.emerlyn.com>,cn=sysdb))]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2920
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3b80
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2920 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3b80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2920 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents]
>>     (0x1000): jgoddard is a member of 3 sysdb groups
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [sdap_initgr_store_user_memberships] (0x2000): Updating
>>     memberships for jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bfcf30
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf2a60
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bfcf30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c0b340
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf24c0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf2a60 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bfcf30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c0b340 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c15610
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c156d0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf24c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c0b340 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c15610 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c16c30
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c16010
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c156d0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c15610 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c16c30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd9560
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c0c530
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c16010 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c16c30 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd9560 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c0c530 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd9560 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_done] (0x4000):
>>     Initgroups done
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd3b80
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bfcf30
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd3b80 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bfcf30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd3b80 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_initgr_done] (0x0400):
>>     Primary group already cached, nothing to do.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2cd0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1380
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2cd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1380 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2cd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1baf710
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb26f0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1baf710 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb26f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1baf710 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1baf710
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bb0eb0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1baf710 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bb0eb0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1baf710 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_get_ad_override_connect_done] (0x4000): Searching for
>>     overrides in view [Default Trust View] with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
>>     Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 28
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 28 timeout 6
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 28 finished
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done]
>>     (0x4000): No override found with filter
>>     [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd3b80
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9f130
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd3b80 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9f130 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd3b80 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_add_timeout] (0x2000):
>>     0x1bb15e0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000):
>>     0x1bb15e0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bc49b0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100):
>>     Request processed. Returned 0,0,Success
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler] (0x0100): Got
>>     request with the following data
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     command: SSS_PAM_AUTHENTICATE
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     domain: internal.emerlyn.com <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): user:
>>     jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     service: sudo
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): tty:
>>     /dev/pts/0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     ruser: jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): rhost:
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     authtok type: 1
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     newauthtok type: 0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): priv: 0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     cli_pid: 5477
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): logon
>>     name: not set
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [krb5_auth_queue_send] (0x1000):
>>     Wait queue of user [jgoddard] is empty, running request
>>     [0x1bb1ab0] immediately.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [krb5_setup] (0x4000): No
>>     mapping for: jgoddard
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bc93a0
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bc9460
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bc93a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bc9460 "ltdb_timeout"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bc93a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [krb5_auth_prepare_ccache_name]
>>     (0x1000): No ccache file for user [jgoddard] found.
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_resolve_service_send]
>>     (0x0100): Trying to resolve service 'IPA'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'working'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port
>>     status of port 389 for server
>>     'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'working'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout
>>     set to 6 seconds
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The
>>     status of SRV lookup is resolved
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [get_server_status] (0x1000):
>>     Status of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' is 'working'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x1000): Saving the first resolved server
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_resolve_server_process]
>>     (0x0200): Found address for server
>>     id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL
>>     1200
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
>>     Constructed uri 'ldap://id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>'
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unique_filename_destructor]
>>     (0x2000): Unlinking [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [unlink_dbg] (0x2000): File
>>     already removed: [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000):
>>     Setting up signal handler up for pid [5481]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000):
>>     Signal handler set up for pid [5481]
>>     (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [write_pipe_handler] (0x0400):
>>     All data has been sent!
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [read_pipe_handler] (0x0400):
>>     EOF received, client finished
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [parse_krb5_child_response]
>>     (0x1000): child response [0][3][40].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [parse_krb5_child_response]
>>     (0x1000): child response [0][-1073741822][30].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [parse_krb5_child_response]
>>     (0x1000): child response [0][-1073741823][32].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [parse_krb5_child_response]
>>     (0x1000): TGT times are [1470942330][1470942330][1471028729][0].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [parse_krb5_child_response]
>>     (0x1000): child response [0][6][8].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [_be_fo_set_port_status]
>>     (0x8000): Setting status: PORT_WORKING. Called from:
>>     ../src/providers/krb5/krb5_auth.c: krb5_auth_done: 1039
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100):
>>     Marking port 389 of server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'working'
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [set_server_common_status]
>>     (0x0100): Marking server 'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'working'
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400):
>>     Marking port 389 of duplicate server
>>     'id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>' as 'working'
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [krb5_mod_ccname] (0x4000): Save
>>     ccname [KEYRING:persistent:320000001] for user [jgoddard].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1b9f970
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9fa30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1b9f970 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9fa30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1b9f970 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bca1a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bca260
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bca1a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bca260 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bca1a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [check_wait_queue] (0x1000):
>>     Wait queue for user [jgoddard] is empty.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [krb5_auth_queue_done] (0x1000):
>>     krb5_auth_queue request [0x1bb1ab0] done.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Sending result [0][internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Sent result [0][internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000):
>>     Waiting for child [5481].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100):
>>     child [5481] finished successfully.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1bbfca0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
>>     on path /org/freedesktop/sssd/dataprovider
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400):
>>     Changing request domain from [internal.emerlyn.com
>>     <http://internal.emerlyn.com>] to [internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler] (0x0100): Got
>>     request with the following data
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     command: SSS_PAM_ACCT_MGMT
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     domain: internal.emerlyn.com <http://internal.emerlyn.com>
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): user:
>>     jgoddard
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     service: sudo
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): tty:
>>     /dev/pts/0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     ruser: jgoddard
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): rhost:
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     authtok type: 0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     newauthtok type: 0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): priv: 0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100):
>>     cli_pid: 5477
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): logon
>>     name: not set
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_access_send] (0x0400):
>>     Performing access check for user [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bb16d0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1b9f220
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bb16d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1b9f220 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bb16d0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_account_expired_rhds]
>>     (0x0400): Performing RHDS access check for user [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_account_expired_rhds]
>>     (0x4000): Account for user [jgoddard] is not locked.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_retry] (0x4000):
>>     Connection status is [online].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step]
>>     (0x4000): reusing cached connection
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [fqdn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [serverHostname]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaSshPubKey]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 29
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 29 timeout 60
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN: [fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectClass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [fqdn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serverHostname]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaUniqueID]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 29 finished
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_has_deref_support]
>>     (0x0400): The server supports deref method OpenLDAP
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_deref_search_send]
>>     (0x2000): Server supports OpenLDAP deref
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send]
>>     (0x0400): Dereferencing entry
>>     [fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>>     using OpenLDAP deref
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send]
>>     (0x0400): WARNING: Disabling paging because scope is set to base.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with [no
>>     filter][fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectClass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaUniqueID]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 30 timeout 60
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): Got deref control
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaobject
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipahostgroup
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: nestedGroup
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: groupOfNames
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: top
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: mepOriginEntry
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Found map for objectclass 'ipahostgroup'
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: objectClass
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: cn
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: office
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: memberOf
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value:
>>     ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000):
>>     Dereferenced attribute: ipaUniqueID
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced attribute value: e91566cc-bb9f-11e4-b8b6-0050568354a7
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN: cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipanisnetgroup
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaobject
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: mepManagedEntry
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaAssociation
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: top
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000):
>>     Dereferenced DN:
>>     ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipasudorule
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000):
>>     Dereferenced objectClass value: ipaassociation
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry]
>>     (0x0400): All deref results from a single control parsed
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 30 finished
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hostgroup_info_done]
>>     (0x0200): Dereferenced host group: office
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_service_info_next]
>>     (0x0400): Sending request for next search base:
>>     [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACService)]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(objectClass=ipaHBACService)][cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 31
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 31 timeout 60
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=sshd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=ftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=su,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=login,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=su-l,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=sudo,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=sudo-i,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=gdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=gdm-password,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=kdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=proftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=vsftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=gssftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=crond,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 31 finished
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]]
>>     [ipa_hbac_servicegroup_info_next] (0x0400): Sending request for
>>     next search base:
>>     [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACServiceGroup)]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [member]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberOf]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 32
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 32 timeout 60
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [member]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [member]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 32 finished
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_rule_info_next]
>>     (0x0400): Sending request for next search base:
>>     [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000):
>>     Searching 10.72.100.16
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x0400): calling ldap_search_ext with
>>     [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))][cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [ipaenabledflag]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [accessRuleType]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberUser]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [userCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberService]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [serviceCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sourceHost]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [sourceHostCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [externalHost]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [memberHost]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x1000): Requesting attrs: [hostCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step]
>>     (0x2000): ldap_search_ext called, msgid = 33
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New
>>     operation 33 timeout 60
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_ENTRY]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000):
>>     OriginalDN:
>>     [ipaUniqueID=19e5fa5a-9d9b-11e4-9cb5-0050568354a7,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [objectclass]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [cn]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipauniqueid]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [ipaenabledflag]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [accessRuleType]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [userCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [serviceCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>>     sub-attributes for [hostCategory]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000):
>>     Message type: [LDAP_RES_SEARCH_RESULT]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x0400): Search result: Success(0), no errmsg set
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished]
>>     (0x2000): Total count [0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000):
>>     Operation 33 finished
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd42a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd4360
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd42a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd4360 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd42a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [docker-dev-01.internal.emerlyn.com
>>     <http://docker-dev-01.internal.emerlyn.com>].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4f50
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf5010
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4f50 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf5010 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4f50 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08000
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c080c0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08000 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c080c0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08000 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [office].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd40b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd4170
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd40b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd4170 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd40b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c06c10
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c06cd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c06c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c06cd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c06c10 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf2950
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf2950 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf2950 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [sshd].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf2910
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf2910 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf5110
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf5110 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf44b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf5110 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [ftp].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c16c90
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c14fc0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c16c90 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c14fc0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c16c90 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [su].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c15130
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c151f0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c15130 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c151f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c15130 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [login].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c17470
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c17470 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf44b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c17470 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4fd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c17470
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c17470 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [su-l].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf4fd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf4fd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4fd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c17470
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c17470 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [sudo].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c17470
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c17470 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08a30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c17470 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf44b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [sudo-i].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4fd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08a30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4fd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c199f0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c199f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [gdm].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4fd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08a30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4fd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf44b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [gdm-password].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1e850
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1e850 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c06aa0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c06aa0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [kdm].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1b3a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1b3a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [proftpd].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf44b0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c1f350
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c199f0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c1f350 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c199f0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c1f350 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [vsftpd].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf44b0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1b3a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1b3a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf44b0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c1b3a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c1b3a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c1b3a0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [gssftp].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1b3a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1b3a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08a30 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [pure-ftpd].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf2910
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf2910 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c1fc80
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c20950
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c1fc80 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c20950 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c1fc80 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [crond].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c20950
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1fc80
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c20950 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1fc80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c20950 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c1b3a0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c1b3a0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1dd0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [Sudo].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c15070
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c15070 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c15070 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bf4570
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bf4630
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bf4570 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bf4630 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bf4570 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [ftp].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c13750
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c13750 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c26210
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08580
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c26210 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08580 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c26210 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c25c20
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd1dd0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c25c20 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd1dd0 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c25c20 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_save_list] (0x4000):
>>     Object name: [19e5fa5a-9d9b-11e4-9cb5-0050568354a7].
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c08a30
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c15070
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c15070 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c08a30 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1c13c00
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1c08580
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1c13c00 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1c08580 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1c13c00 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 3)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 2)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 1)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb
>>     transaction (nesting: 0)
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd3d80
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3e40
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd3d80 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3e40 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd3d80 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_attrs_to_rule] (0x1000):
>>     Processing rule [allow_all]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_user_attrs_to_rule]
>>     (0x1000): Processing users for rule [allow_all]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200):
>>     Category is set to 'all'.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_service_attrs_to_rule]
>>     (0x1000): Processing PAM services for rule [allow_all]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200):
>>     Category is set to 'all'.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_thost_attrs_to_rule]
>>     (0x1000): Processing target hosts for rule [allow_all]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_get_category] (0x0200):
>>     Category is set to 'all'.
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule]
>>     (0x0400): Processing source hosts for rule [allow_all]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule]
>>     (0x2000): Source hosts disabled, setting ALL
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1da0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3d80
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1da0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3d80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1da0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x1000): [22] groups for [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x1000): Added group [admins] for user [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Replication
>>     Administrators,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Add Replication
>>     Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Modify Replication
>>     Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Remove Replication
>>     Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Modify DNA
>>     Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Modify PassSync
>>     Managers
>>     Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Add Configuration
>>     Sub-Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Read LDBM Database
>>     Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Read PassSync Managers
>>     Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Read DNA
>>     Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=System: Read
>>     Replication
>>     Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=Host
>>     Enrollment,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=System: Add
>>     krbPrincipalName to a
>>     Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=System: Enroll a
>>     Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=System: Manage Host
>>     Certificates,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=System: Manage Host
>>     Enrollment
>>     Password,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf [cn=System: Manage Host
>>     Keytab,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x1000): Added group [ipausers] for user [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x1000): Added group [developers] for user [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x2000): Skipping non-group memberOf
>>     [ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [hbac_eval_user_element]
>>     (0x1000): Added group [jira-administrators] for user [jgoddard]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1da0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3d80
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1da0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3d80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1da0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_callback": 0x1bd1da0
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed
>>     event "ltdb_timeout": 0x1bd3d80
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Running timer
>>     event 0x1bd1da0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer
>>     event 0x1bd3d80 "ltdb_timeout"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer
>>     event 0x1bd1da0 "ltdb_callback"
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [ipa_hbac_evaluate_rules]
>>     (0x0080): Access granted by HBAC rule [allow_all]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000):
>>     releasing operation connection
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Backend returned: (0, 0, <NULL>) [Success]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000):
>>     Trace: ldap_result found nothing!
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Backend returned: (0, 0, Success) [Success]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Sending result [0][internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [be_pam_handler_callback]
>>     (0x0100): Sent result [0][internal.emerlyn.com
>>     <http://internal.emerlyn.com>]
>>     (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.service.ping on path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.service.ping on path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>     (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus
>>     conn: 0x1b6eac0
>>     (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000):
>>     Dispatching.
>>     (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000):
>>     Received SBUS method org.freedesktop.sssd.service.ping on path
>>     /org/freedesktop/sssd/service
>>     (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
>>     <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send]
>>     (0x2000): Not a sysbus message, quit
>>
>>     *
>>
>>
>>
>>     On Thu, Aug 11, 2016 at 2:40 PM, Justin Stephenson
>>     <jstephen at redhat.com <mailto:jstephen at redhat.com>> wrote:
>>
>>         Hello,
>>
>>         Could you increase the debug level to 9, restart sssd  +
>>         clear the cache and reproduce the problem then provide the
>>         sssd_<domain>.log as well as the sssd_sudo.log ?
>>
>>         Also you may want to rule out HBAC issues with the below command:
>>
>>              # ipa hbactest --user 'jgoddard' --host $(hostname)
>>         --service sudo
>>
>>         Kind regards,
>>
>>         Justin Stephenson
>>
>>         On 08/11/2016 02:24 PM, Jeff Goddard wrote:
>>>         Here is relevant configuration files:
>>>
>>>         *nsswitch.conf:*
>>>
>>>         passwd:         compat sss
>>>         group:          compat sss
>>>         shadow:         compat sss
>>>         gshadow:        files
>>>
>>>         hosts:          files dns
>>>         networks:       files
>>>
>>>         protocols:      db files
>>>         services:       db files sss
>>>         ethers:         db files
>>>         rpc:            db files
>>>
>>>         netgroup:       nis sss
>>>         sudoers: sss files
>>>
>>>         *sssd.conf:*
>>>
>>>         [domain/internal.emerlyn.com <http://internal.emerlyn.com>]
>>>
>>>         cache_credentials = True
>>>         krb5_store_password_if_offline = True
>>>         ipa_domain = internal.emerlyn.com <http://internal.emerlyn.com>
>>>         id_provider = ipa
>>>         auth_provider = ipa
>>>         access_provider = ipa
>>>         ipa_hostname = docker-dev-01.internal.emerlyn.com
>>>         <http://docker-dev-01.internal.emerlyn.com>
>>>         chpass_provider = ipa
>>>         ipa_server = _srv_, id-management-1.internal.emerlyn.com
>>>         <http://id-management-1.internal.emerlyn.com>
>>>         ldap_tls_cacert = /etc/ipa/ca.crt
>>>         sudo_provider=ipa
>>>         ldap_uri=ldap://id-management-1.internal.emerlyn.com
>>>         <http://id-management-1.internal.emerlyn.com>
>>>         ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
>>>         debug_level=7
>>>
>>>         [sssd]
>>>         services = nss, pam, sudo, ssh
>>>         debug_level=7
>>>         domains = internal.emerlyn.com <http://internal.emerlyn.com>
>>>
>>>         [nss]
>>>         homedir_substring = /home
>>>
>>>         [pam]
>>>
>>>         [sudo]
>>>         debug_level=7
>>>         [autofs]
>>>
>>>         [ssh]
>>>         debug_level=7
>>>         [pac]
>>>
>>>         [ifp]
>>>
>>>         *Log output - /var/log/sssd/sssd_sudo.log:
>>>
>>>         *(Thu Aug 11 12:21:43 2016) [sssd[sudo]] [accept_fd_handler]
>>>         (0x0400): Client connected!
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sss_cmd_get_version] (0x0200): Received client version [1].
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sss_cmd_get_version] (0x0200): Offered version [1].
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_cmd_parse_query_done] (0x0200): Requesting default
>>>         options for [jgoddard] from [<ALL>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0200): Requesting info about
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0400): Returning info for user
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules]
>>>         (0x0400): Retrieving default options for [jgoddard] from
>>>         [internal.emerlyn.com <http://internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with
>>>         [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0
>>>         rules for [<default options>@internal.emerlyn.com
>>>         <http://internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard*
>>>         (*Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules
>>>         for [jgoddard] from [<ALL>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0200): Requesting info about
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0400): Returning info for user
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules]
>>>         (0x0400): Retrieving rules for [jgoddard] from
>>>         [internal.emerlyn.com <http://internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with
>>>         [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with
>>>         [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules]
>>>         (0x0400): Sorting rules with higher-wins logic
>>>         (Thu Aug 11 12:21:43 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1
>>>         rules for [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv]
>>>         (0x0200): Client disconnected!
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler]
>>>         (0x0400): Client connected!
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sss_cmd_get_version] (0x0200): Received client version [1].
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sss_cmd_get_version] (0x0200): Offered version [1].
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_cmd_parse_query_done] (0x0200): Requesting default
>>>         options for [jgoddard] from [<ALL>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0200): Requesting info about
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0400): Returning info for user
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules]
>>>         (0x0400): Retrieving default options for [jgoddard] from
>>>         [internal.emerlyn.com <http://internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with
>>>         [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0
>>>         rules for [<default options>@internal.emerlyn.com
>>>         <http://internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sss_parse_name_for_domains] (0x0200): name 'jgoddard'
>>>         matched without domain, user is jgoddard
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules
>>>         for [jgoddard] from [<ALL>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0200): Requesting info about
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user]
>>>         (0x0400): Returning info for user
>>>         [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules]
>>>         (0x0400): Retrieving rules for [jgoddard] from
>>>         [internal.emerlyn.com <http://internal.emerlyn.com>]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with
>>>         [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_query_cache] (0x0200): Searching
>>>         sysdb with
>>>         [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules]
>>>         (0x0400): Sorting rules with higher-wins logic
>>>         (Thu Aug 11 12:22:12 2016) [sssd[sudo]]
>>>         [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1
>>>         rules for [jgoddard at internal.emerlyn.com
>>>         <mailto:jgoddard at internal.emerlyn.com>]*
>>>
>>>         *
>>>
>>>         On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden
>>>         <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
>>>
>>>             Jeff Goddard wrote:
>>>
>>>                 I've looked though these but not found anything
>>>                 helpful. It appears as
>>>                 though my previous statement about the 1 group being
>>>                 found was
>>>                 misleading as the sssd.$mydomain.com.log file
>>>                 reports that no sudo rules
>>>                 are found. Does this mean that the LDAP tree being
>>>                 searched is different
>>>                 on ubuntu vs centos?
>>>
>>>
>>>             I find that extremely unlikely.
>>>
>>>             You may want to outline more what you've already checked.
>>>
>>>             For example, is sss in sudoers in /etc/nsswitch.conf?
>>>
>>>             You can check the 389-ds access log to see what, if any
>>>             queries are being made. I'd clean the sssd cache in advance.
>>>
>>>             rob
>>>
>>>
>>>                 Jeff
>>>
>>>                 On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden
>>>                 <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>>                 <mailto:rcritten at redhat.com
>>>                 <mailto:rcritten at redhat.com>>> wrote:
>>>
>>>                     Jeff Goddard wrote:
>>>
>>>                         Sean,
>>>
>>>                         Thanks for the reply. I don't think that's
>>>                 my problem but I'm
>>>                         posting a
>>>                         redacted copy of the sssd.conf file for
>>>                 review below.
>>>
>>>
>>>                     I'd start here:
>>>                 https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>>                 <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>>>                    
>>>                 <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>>                 <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>>
>>>
>>>                     rob
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>         -- 
>>>         Jeff Goddard
>>>         Director of Information Technology
>>>         Emerlyn Technology
>>>
>>>         Email: jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>
>>>         Telephone: (603) 447-8571 <tel:%28603%29%20447-8571>
>>>         Toll free: (888) 363-7596 ext. 108
>>>         <tel:%28888%29%20363-7596%20ext.%20108>
>>>         Fax: (603) 356-3346 <tel:%28603%29%20356-3346>
>>>
>>>
>>>
>>
>>
>>
>>
>>     Thanks,
>>
>>     Jeff
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/f8fd2ee6/attachment.htm>

From jgoddard at emerlyn.com  Thu Aug 11 21:02:49 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 11 Aug 2016 17:02:49 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
References: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
	<OFB6FEBEB8.A6AE1EF6-ON0725800B.0063003F-0725800B.00634645@notes.na.collabserv.com>
	<CA+No-6GzftWJVEeZug8YyVGrSvAYjo_d3XtfzUVHDODqSEmtNA@mail.gmail.com>
	<57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
Message-ID: <CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>

Manually creating the file and then restarting the service and performing
the user test results in the log entries from /var/log/sssd_sudo.log below:

(Thu Aug 11 16:58:00 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x6d3660
(Thu Aug 11 16:58:00 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 16:58:00 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 16:58:00 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 16:58:10 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x6d3660
(Thu Aug 11 16:58:10 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 16:58:10 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 16:58:10 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 16:58:20 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x6d3660
(Thu Aug 11 16:58:20 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 16:58:20 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 16:58:20 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[14332].
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
Client connected!
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
protocol version [1]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting default options for [jgoddard] from [<ALL>]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6d90a0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6d9160

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6d90a0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6d9160 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6d90a0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving default options for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6e9b70

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6e6ce0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6e9b70 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6e6ce0 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6e9b70 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6e8430

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6dca80

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6e8430 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6dca80 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6e8430 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470949109)))]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6db4c0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6e4a20

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6db4c0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6e4a20 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6db4c0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6dc2b0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6db4c0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6dc2b0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6db4c0 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6dc2b0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
protocol version [1]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_parse_name_for_domains]
(0x0200): name 'jgoddard' matched without domain, user is jgoddard
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
(0x0200): Requesting rules for [jgoddard] from [<ALL>]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
Requesting info about [jgoddard at internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6d9120

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6dca80

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6d9120 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6dca80 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6d9120 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
Returning info for user [jgoddard at internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
Retrieving rules for [jgoddard] from [internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6dbce0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6e9b70

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6dbce0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6e9b70 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6dbce0 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6d8310

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6dcd30

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6d8310 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6dcd30 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6d8310 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*))(&(dataExpireTimestamp<=1470949109)))]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6db300

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6ea550

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6db300 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6ea550 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6db300 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About
to get sudo rules from cache
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6d8310

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6da4b0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6d8310 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6da4b0 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6d8310 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6d8310

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6e83d0

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6d8310 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6e83d0 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6d8310 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
[(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-administrators)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x6e8f60

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x6d8310

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Running timer event
0x6e8f60 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
event 0x6d8310 "ltdb_timeout"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer event
0x6e8f60 "ltdb_callback"

(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
rules with higher-wins logic
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
(Thu Aug 11 16:58:29 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:30 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x6d3660
(Thu Aug 11 16:58:30 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 16:58:30 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 16:58:30 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Thu Aug 11 16:58:37 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x6db800][18]
(Thu Aug 11 16:58:37 2016) [sssd[sudo]] [client_recv] (0x0200): Client
disconnected!
(Thu Aug 11 16:58:37 2016) [sssd[sudo]] [client_destructor] (0x2000):
Terminated client [0x6db800][18]
(Thu Aug 11 16:58:40 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
conn: 0x6d3660
(Thu Aug 11 16:58:40 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
Dispatching.
(Thu Aug 11 16:58:40 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.service.ping on path
/org/freedesktop/sssd/service
(Thu Aug 11 16:58:40 2016) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
root at docker-dev-01:/home/jgoddard#


On Thu, Aug 11, 2016 at 4:51 PM, Justin Stephenson <jstephen at redhat.com>
wrote:

> The file can be created manually with just the debug lines included,
> should not need anything else.
>
> Kind regards,
>
> Justin Stephenson
> On 08/11/2016 04:26 PM, Jeff Goddard wrote:
>
> Justin,
>
> Thanks for confirming I'm not crazy. The error I get is:
>
> jgoddard at docker-dev-01:~$ sudo -l
> [sudo] password for jgoddard:
> Sorry, user jgoddard may not run sudo on docker-dev-01.internal.
> emerlyn.com.
>
> I read the wiki but there is no file /etc/sudo.conf on this system. Can
> someone provide me with a pointer to the correct layout and syntax of what
> the file contents shoudl be?
>
> root at docker-dev-01:/home/jgoddard# find /etc -name sudo*
> /etc/sudoers
> /etc/pam.d/sudo
> /etc/sudoers.d
>
> Thanks,
>
> Jeff
>
> On Thu, Aug 11, 2016 at 4:14 PM, Justin Stephenson <jstephen at redhat.com>
> wrote:
>
>> I checked the logs but I don't see any problem the sssd processing of the
>> sudo attempt, I will defer to others on the mailing list however in case I
>> missed something.
>>
>> What is the exact error when sudo fails? I suppose the PAM stack could be
>> misconfigured or strace may be useful to look at, you can also enable
>> debugging for sudo itself in /etc/sudo.conf as the SSSD troubleshooting
>> wiki mentions.
>>
>> ===================================
>>
>> I see in the logs that the client does a LDAP search finds the sudorule
>> called 'All' which gets stored in the cache file
>>     (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com]]]
>> [sysdb_sudo_store_rule] (0x0400): Adding sudo rule All
>>
>> sssd finds the rule in the cache successfully for this user as part of
>> the 'developers' group
>>
>>     (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>>
>> successful response here from the backend for the PAM auth and acct
>> section of the sudo call
>>
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler] (0x0100): Got request with the following data
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): domain: internal.emerlyn.com
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): user: jgoddard
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): service: sudo
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): tty: /dev/pts/0
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): ruser: jgoddard
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): rhost:
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): authtok type: 1
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): newauthtok type: 0
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): priv: 0
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): cli_pid: 5477
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): logon name: not set
>> <snip>
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
>> [Success]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Sending result [0][
>> internal.emerlyn.com]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Sent result [0][internal.emerlyn.com]
>>
>>
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): domain: internal.emerlyn.com
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): user: jgoddard
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): service: sudo
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): tty: /dev/pts/0
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): ruser: jgoddard
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): rhost:
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): authtok type: 0
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): newauthtok type: 0
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): priv: 0
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): cli_pid: 5477
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [pam_print_data] (0x0100): logon name: not set
>> <snip>
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
>> [Success]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[(nil)], ldap[0x1b977d0]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing!
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
>> [Success]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Sending result [0][
>> internal.emerlyn.com]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com]]]
>> [be_pam_handler_callback] (0x0100): Sent result [0][internal.emerlyn.com]
>>
>> Kind regards,
>> Justin Stephenson
>>
>>
>> On 08/11/2016 03:26 PM, Jeff Goddard wrote:
>>
>> Thanks you for the response. Here are the requested outputs. I did
>> manually delete the cache via the command
>>
>> rm -rf /var/lib/sss/db/*
>>
>>
>> prior to issues the sudo -l command as the jgoddard user
>>
>> [jgoddard at id-management-1 root]$ ipa hbactest --user 'jgoddard' --host
>> docker-dev-01.internal.emerlyn.com --service sudo
>> --------------------
>> Access granted: True
>> --------------------
>>   Matched rules: allow_all
>>
>>
>> */var/log/sssd/sssd_sudo.log: *(Thu Aug 11 15:05:26 2016) [sssd[sudo]]
>> [ldb] (0x4000): Added timed event "ltdb_callback": 0x1b44dc0
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b47310
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b44dc0 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b47310 "ltdb_timeout"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b44dc0 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%
>> jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(
>> dataExpireTimestamp<=1470942326)))]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b57730
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4ade0
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b57730 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4ade0 "ltdb_timeout"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b57730 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
>> About to get sudo rules from cache
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51c90
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4ade0
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51c90 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4ade0 "ltdb_timeout"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51c90 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51990
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b44dc0
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51990 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b44dc0 "ltdb_timeout"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51990 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(
>> sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-admin
>> istrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51990
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b44dc0
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51990 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b44dc0 "ltdb_timeout"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51990 "ltdb_callback"
>>
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
>> Sorting rules with higher-wins logic
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client
>> disconnected!
>> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000):
>> Terminated client [0x1b51d80][18]
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:06:06 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:06:16 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> root at docker-dev-01:/home/jgoddard# cat /var/log/sssd/sssd_sudo.log|grep
>> 15:05
>> (Thu Aug 11 15:05:02 2016) [sssd[sudo]] [sss_responder_ctx_destructor]
>> (0x0400): Responder is being shut down
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [server_setup] (0x0400): CONFDB:
>> /var/lib/sss/db/config.ldb
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal]
>> (0x0400): No enumeration for [internal.emerlyn.com]!
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [confdb_get_domain_internal]
>> (0x1000): pwd_expiration_warning is -1
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] (0x0400):
>> Adding connection 0x1b42660
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000):
>> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
>> (0x0400): Registering interface org.freedesktop.sssd.service with path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path]
>> (0x0400): Registering object path /org/freedesktop/sssd/service with D-Bus
>> connection
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
>> (0x0400): Registering interface org.freedesktop.DBus.Properties with
>> path /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
>> (0x0400): Registering interface org.freedesktop.DBus.Introspectable with
>> path /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [monitor_common_send_id]
>> (0x0100): Sending ID: (sudo,1)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
>> 0x1b3d330
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_names_init_from_args]
>> (0x0100): Using re [(((?P<domain>[^\\]+)\\(?P<nam
>> e>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_fqnames_init] (0x0100):
>> Using fq format [%1$s@%2$s].
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_init_connection] (0x0400):
>> Adding connection 0x1b46310
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_watch] (0x2000):
>> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
>> (0x0400): Registering interface org.freedesktop.sssd.dataprovider with
>> path /org/freedesktop/sssd/dataprovider
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_conn_register_path]
>> (0x0400): Registering object path /org/freedesktop/sssd/dataprovider
>> with D-Bus connection
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
>> (0x0400): Registering interface org.freedesktop.DBus.Properties with
>> path /org/freedesktop/sssd/dataprovider
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_opath_hash_add_iface]
>> (0x0400): Registering interface org.freedesktop.DBus.Introspectable with
>> path /org/freedesktop/sssd/dataprovider
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_common_send_id] (0x0100):
>> Sending ID to DP: (1,SUDO)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
>> 0x1b47b30
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sysdb_domain_init_internal]
>> (0x0200): DB File for internal.emerlyn.com:
>> /var/lib/sss/db/cache_internal.emerlyn.com.ldb
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4a1f0
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4a2b0
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4a1f0 "ltdb_callback"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4a2b0 "ltdb_timeout"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4a1f0 "ltdb_callback"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x0400): asq: Unable to
>> register control with rootdse!
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4a230
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4a2f0
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4a230 "ltdb_callback"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4a2f0 "ltdb_timeout"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4a230 "ltdb_callback"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4a300
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4a3c0
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4a300 "ltdb_callback"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4a3c0 "ltdb_timeout"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4a300 "ltdb_callback"
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_process_init] (0x0400):
>> Responder Initialization complete
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'root' matched without domain, user is root
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400):
>> Adding [NCE/USER/internal.emerlyn.com/root] to negative cache permanently
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'root' matched without domain, user is root
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_ncache_set_str] (0x0400):
>> Adding [NCE/GROUP/internal.emerlyn.com/root] to negative cache
>> permanently
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sudo_process_init] (0x0400):
>> SUDO Initialization complete
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_issue_request] (0x0400):
>> Issuing request for [0x40df50:domains at internal.emerlyn.com]
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_get_domains_msg]
>> (0x0400): Sending get domains request for [internal.emerlyn.com][]
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_add_timeout] (0x2000):
>> 0x1b4bcb0
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sss_dp_internal_get_send]
>> (0x0400): Entering request [0x40df50:domains at internal.emerlyn.com]
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b46310
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b46310
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b46310
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45ed0 (14), R/- (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45e80 (14), -/W (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6f0 (13), R/- (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6a0 (13), -/W (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45ed0 (14), R/- (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b471b0/0x1b45e80 (14), -/W (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6f0 (13), R/- (enabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_toggle_watch] (0x4000):
>> 0x1b44c60/0x1b3f6a0 (13), -/W (disabled)
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
>> 0x1b47b30
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b46310
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [dp_id_callback] (0x0100): Got id
>> ack and version (1) from DP
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
>> 0x1b3d330
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[sudo]] [id_callback] (0x0100): Got id
>> ack and version (1) from Monitor
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_remove_timeout] (0x2000):
>> 0x1b4bcb0
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b46310
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_get_reply] (0x1000): Got
>> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4ade0
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b47e60
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4ade0 "ltdb_callback"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b47e60 "ltdb_timeout"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4ade0 "ltdb_callback"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4a300
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b51d80
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4a300 "ltdb_callback"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b51d80 "ltdb_timeout"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4a300 "ltdb_callback"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b49350
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b456f0
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b49350 "ltdb_callback"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b456f0 "ltdb_timeout"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b49350 "ltdb_callback"
>> (Thu Aug 11 15:05:18 2016) [sssd[sudo]] [sss_dp_req_destructor] (0x0400):
>> Deleting request: [0x40df50:domains at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [get_client_cred] (0x4000):
>> Client creds: euid[0] egid[0] pid[5477].
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
>> Client connected!
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
>> protocol version [1]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>> Requesting info about [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4bb60
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4bc20
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4bb60 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4bc20 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4bb60 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>> Returning info for user [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4bb60
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4bc20
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4bb60 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4bc20 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4bb60 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b456f0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4f420
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b456f0 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4f420 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b456f0 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%
>> jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(
>> dataExpireTimestamp<=1470942326)))]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b59070
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b47f20
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b59070 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b47f20 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b59070 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
>> About to get sudo rules from cache
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(na
>> me=defaults)))]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b456f0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b47310
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b456f0 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b47310 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b456f0 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd] (0x2000): Using
>> protocol version [1]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/internal.emerlyn.com/jgoddard]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>> Requesting info about [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b4a580
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4a640
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b4a580 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4a640 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b4a580 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>> Returning info for user [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51c90
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4ade0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51c90 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4ade0 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51c90 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b44dc0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b47310
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b44dc0 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b47310 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b44dc0 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>> 00001)(sudoUser=%admins)(sudoUser=%developers)(sudoUser=%
>> jira-administrators)(sudoUser=%jgoddard)(sudoUser=+*))(&(
>> dataExpireTimestamp<=1470942326)))]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b57730
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4ade0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b57730 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4ade0 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b57730 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_rules] (0x2000):
>> About to get sudo rules from cache
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51c90
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b4ade0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51c90 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b4ade0 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51c90 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51990
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b44dc0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51990 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b44dc0 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51990 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>> doUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(
>> sudoUser=%admins)(sudoUser=%developers)(sudoUser=%jira-admin
>> istrators)(sudoUser=%jgoddard)(sudoUser=+*)))]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b51990
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x1b44dc0
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Running timer
>> event 0x1b51990 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Destroying timer
>> event 0x1b44dc0 "ltdb_timeout"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [ldb] (0x4000): Ending timer
>> event 0x1b51990 "ltdb_callback"
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
>> Sorting rules with higher-wins logic
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>> (Thu Aug 11 15:05:26 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x1b51d80][18]
>> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_recv] (0x0200): Client
>> disconnected!
>> (Thu Aug 11 15:05:32 2016) [sssd[sudo]] [client_destructor] (0x2000):
>> Terminated client [0x1b51d80][18]
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:36 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:46 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x1b42660
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:56 2016) [sssd[sudo]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> */var/log/sssd/sssd_$domain: (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_remove_watch] (0x2000): 0x93cf00/0x93b9b0 (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_remove_watch] (0x2000): 0x93cf00/0x920410 (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [remove_krb5_info_files] (0x0200): Could not remove
>> [/var/lib/sss/pubconf/kpasswdinfo.INTERNAL.EMERLYN.COM
>> <http://kpasswdinfo.INTERNAL.EMERLYN.COM>], [2][No such file or directory]
>> (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_destructor] (0x0400):
>> Terminating periodic task [SUDO Smart Refresh] (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_ptask_destructor] (0x0400): Terminating periodic task [SUDO Full
>> Refresh] (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_handle_release] (0x2000): Trace:
>> sh[0x943830], connected[1], ops[(nil)], ldap[0x936580], destructor_lock[0],
>> release_memory[0] (Thu Aug 11 15:05:02 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [remove_connection_callback] (0x4000):
>> Successfully removed connection callback. (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_remove_watch] (0x2000): 0x922860/0x9237a0 (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [remove_socket_symlink] (0x4000): The symlink points to
>> [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>> <http://sbus-dp_internal.emerlyn.com>.5155] (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [remove_socket_symlink] (0x4000): The path including our pid is
>> [/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>> <http://sbus-dp_internal.emerlyn.com>.5155] (Thu Aug 11 15:05:02 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [remove_socket_symlink] (0x4000): Removed the symlink (Thu Aug 11 15:05:02
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_client_destructor] (0x0400): Removed SUDO client (Thu Aug 11 15:05:02
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_client_destructor] (0x0400): Removed SSH client (Thu Aug 11 15:05:02
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_client_destructor] (0x0400): Removed PAM client (Thu Aug 11 15:05:02
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_client_destructor] (0x0400): Removed NSS client (Thu Aug 11 15:05:02
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_client_destructor] (0x0400): Removed PAC client (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [server_setup] (0x0400): CONFDB: /var/lib/sss/db/config.ldb (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> lookup_family_order has value ipv4_first (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option dns_resolver_timeout has value 6 (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> dns_resolver_op_timeout has value 6 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option dns_discovery_domain has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_res_get_opts] (0x0100): Lookup order:
>> ipv4_first (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [recreate_ares_channel] (0x0100):
>> Initializing new c-ares channel (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_context_init] (0x0400): Created new fail over context, retry timeout is
>> 30 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [confdb_get_domain_internal] (0x0400): No
>> enumeration for [internal.emerlyn.com <http://internal.emerlyn.com>]! (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [confdb_get_domain_internal] (0x1000):
>> pwd_expiration_warning is -1 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_domain_init_internal] (0x0200): DB File for internal.emerlyn.com
>> <http://internal.emerlyn.com>:
>> /var/lib/sss/db/cache_internal.emerlyn.com.ldb (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b83020 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b830e0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b83020 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b830e0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b83020 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x0400): asq: Unable to register control with rootdse! (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b82220 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b822e0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b82220 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b822e0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b82220 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b822e0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b6d8c0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b822e0 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b6d8c0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b822e0 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_init_connection] (0x0400): Adding connection 0x1b6eac0 (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>> 0x1b84310/0x1b6c3a0 (15), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3f0 (15), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.sssd.service with path
>> /org/freedesktop/sssd/service (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_conn_register_path] (0x0400): Registering object path
>> /org/freedesktop/sssd/service with D-Bus connection (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.DBus.Properties with path /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.DBus.Introspectable with path
>> /org/freedesktop/sssd/service (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [monitor_common_send_id] (0x0100): Sending ID: (%BE_internal.emerlyn.com
>> <http://BE_internal.emerlyn.com>,1) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_timeout] (0x2000): 0x1b6c560 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3f0 (15), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1b84310/0x1b6c3a0 (15), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sss_names_init_from_args] (0x0100): Using re
>> [(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sss_fqnames_init] (0x0100): Using fq
>> format [%1$s@%2$s]. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [create_socket_symlink] (0x1000): Symlinking the dbus path
>> /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>> <http://sbus-dp_internal.emerlyn.com>.5466 to a link
>> /var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com
>> <http://sbus-dp_internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_new_server] (0x0400): D-BUS Server listening on
>> unix:path=/var/lib/sss/pipes/private/sbus-dp_internal.emerlyn.com.5466,guid=0bf360c8f774f978ad53dd4157accc6c
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_add_watch] (0x2000):
>> 0x1b85860/0x1b867a0 (16), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [load_backend_module] (0x1000): Loading backend [ipa] with path
>> [/usr/lib/x86_64-linux-gnu/sssd/libsss_ipa.so]. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_domain has value internal.emerlyn.com
>> <http://internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_server has value _srv_,
>> id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_backup_server has no value (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_hostname has value docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_hbac_search_base has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_host_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_selinux_search_base has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_subdomains_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_master_domain_search_base has no
>> value (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_realm has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_hbac_refresh has value 5 (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_selinux_refresh has value 5 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_hbac_support_srchost is FALSE (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_automount_location has value default (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_ranges_search_base has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_enable_dns_sites is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ipa_server_mode is FALSE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ipa_views_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_confd_path has value
>> /var/lib/sss/pubconf/krb5.include.d (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_new_service] (0x0400): Creating new service 'IPA' (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_add_srv_server] (0x0400): Adding new SRV server to service 'IPA' using
>> 'tcp'. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added
>> service lookup for service IPA (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_add_server_to_list] (0x0400): Inserted primary server
>> 'id-management-1.internal.emerlyn.com:0
>> <http://id-management-1.internal.emerlyn.com:0>' to service 'IPA' (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [_ipa_servers_init] (0x0400): Added Server
>> id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_uri has value
>> ldap://id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_backup_uri has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_default_bind_dn has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_default_authtok_type has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_default_authtok has no binary value.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_search_timeout has value 6 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_network_timeout has value 6 (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_opt_timeout has value 6 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_tls_reqcert has value hard (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_user_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_user_search_scope has value sub (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_user_search_filter has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_user_extra_attrs has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_group_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_group_search_scope has value sub
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_group_search_filter has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_service_search_base has no value
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sudo_search_base has value ou=sudoers,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sudo_full_refresh_interval has value 21600 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_sudo_smart_refresh_interval has
>> value 900 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sudo_use_host_filter is TRUE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_sudo_hostnames has no value (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sudo_ip has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_sudo_include_netgroups is TRUE (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sudo_include_regexp is TRUE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_autofs_search_base has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_autofs_map_master_name has value auto.master (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_schema has value ipa_v1 (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_offline_timeout has value 60 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_force_upper_case_realm is TRUE (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_enumeration_refresh_timeout has value 300 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_purge_cache_timeout has value 0 (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_tls_cacert has value /etc/ipa/ca.crt (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_tls_cacertdir has no value (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_tls_cert has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_tls_key has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_tls_cipher_suite has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_id_use_start_tls is FALSE (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_id_mapping is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_sasl_mech has value GSSAPI (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sasl_authid has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_sasl_realm has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_sasl_minssf has value 56 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_krb5_keytab has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_krb5_init_creds is TRUE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_server has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_backup_server has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_realm has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_canonicalize is TRUE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_use_kdcinfo is TRUE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_pwd_policy has value none (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_referrals is TRUE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> account_cache_expiration has value 0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_dns_service_name has value ldap (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_krb5_ticket_lifetime has value 86400 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_access_filter has no value (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_netgroup_search_base has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_group_nesting_level has value 2 (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_deref has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_account_expire_policy has value ipa
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_access_order has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_chpass_uri has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_chpass_backup_uri has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_chpass_dns_service_name has no value
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_chpass_update_last_change is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_enumeration_search_timeout has value
>> 60 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_auth_disable_tls_never_use_in_production is FALSE (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_page_size has value 1000 (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_deref_threshold has value 10 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_sasl_canonicalize is FALSE (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_connection_expire_timeout has value 900 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_disable_paging is FALSE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_idmap_range_min has value 200000 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_idmap_range_max has value 2000200000
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_idmap_range_size has value 200000 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_idmap_autorid_compat is FALSE (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_idmap_default_domain has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_idmap_default_domain_sid has no
>> value (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_idmap_helper_table_size has value 10 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_groups_use_matching_rule_in_chain is
>> FALSE (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_initgroups_use_matching_rule_in_chain is FALSE (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_use_tokengroups is TRUE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_rfc2307_fallback_to_local_users is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_disable_range_retrieval is FALSE
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_min_id has value 0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option ldap_max_id has value 0 (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> ldap_pwdlockout_dn has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option wildcard_limit has value 1000 (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
>> ldap_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [DEFAULT][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
>> krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_set_sasl_options] (0x0100): Will
>> look for docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in default keytab
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] (0x0200):
>> trying to select the most appropriate principal from keytab (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
>> Trying to find principal
>> docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in keytab. (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x0400): No
>> principal matching docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> found in keytab.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
>> Trying to find principal DOCKER-DEV-01$@INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM> in keytab. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [find_principal_in_keytab] (0x0400): No principal matching
>> DOCKER-DEV-01$@INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> found in
>> keytab. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [find_principal_in_keytab] (0x4000):
>> Trying to find principal
>> host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> in keytab. (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [match_principal] (0x1000): Principal
>> matched to the sample
>> (host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>). (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [select_principal_from_keytab] (0x0200):
>> Selected primary: host/docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [select_principal_from_keytab] (0x0200): Selected realm:
>> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to
>> host/docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to
>> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_get_id_options] (0x0400): Option ldap_user_search_base set to
>> cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [common_parse_search_base] (0x0100): Search base added:
>> [USER][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
>> ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [GROUP][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
>> ldap_netgroup_search_base set to cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [NETGROUP][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
>> ipa_host_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [IPA_HOST][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
>> ipa_hbac_search_base set to cn=hbac,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [IPA_HBAC][cn=hbac,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
>> ipa_selinux_search_base set to cn=selinux,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [IPA_SELINUX][cn=selinux,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0400): Option
>> ldap_group_search_base set to cn=accounts,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [SERVICE][cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
>> ipa_subdomains_search_base set to cn=trusts,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [IPA_SUBDOMAINS][cn=trusts,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
>> ipa_master_domain_search_base set to
>> cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [common_parse_search_base] (0x0100): Search base added:
>> [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
>> ipa_ranges_search_base set to
>> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [common_parse_search_base] (0x0100): Search base added:
>> [IPA_RANGES][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_id_options] (0x0100): Option
>> ipa_views_search_base set to
>> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [common_parse_search_base] (0x0100): Search base added:
>> [IPA_VIEWS][cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_entry_usn has value entryUSN (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_rootdse_last_usn has value lastUSN
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_object_class has value posixAccount (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_name has value uid (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_pwd has value userPassword (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_gid_number has value gidNumber (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_home_directory has value homeDirectory (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_principal has value krbPrincipalName (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_fullname has value cn (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_member_of has value memberOf (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_uuid has value ipaUniqueID (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_objectsid has value ipaNTSecurityIdentifier (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_primary_group has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_modify_timestamp has value modifyTimestamp (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_entry_usn has no value (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_shadow_last_change has value shadowLastChange (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_shadow_min has value shadowMin (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_shadow_max has value shadowMax
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_shadow_warning has value shadowWarning (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_shadow_inactive has value
>> shadowInactive (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_shadow_expire has value shadowExpire (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_shadow_flag has value shadowFlag
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_krb_last_pwd_change has value krbLastPwdChange (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_krb_password_expiration has value krbPasswordExpiration (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_pwd_attribute has value pwdAttribute (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_authorized_service has value
>> authorizedService (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_ad_account_expires has value accountExpires (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_ad_user_account_control has value
>> userAccountControl (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_ns_account_lock has value nsAccountLock (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_authorized_host has value host
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_nds_login_disabled has value loginDisabled (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_nds_login_expiration_time has
>> value loginExpirationTime (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_nds_login_allowed_time_map has
>> value loginAllowedTimeMap (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_ssh_public_key has value
>> ipaSshPubKey (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_auth_type has value ipaUserAuthType (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_certificate has value
>> userCertificate;binary (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_object_class has value
>> ipaUserGroup (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_object_class_alt has value posixGroup (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_name has value cn (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_pwd has value userPassword (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_member has value member (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_uuid has value ipaUniqueID (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_objectsid has value ipaNTSecurityIdentifier (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_modify_timestamp has value
>> modifyTimestamp (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_entry_usn has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_type has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_external_member has value ipaExternalMember (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_netgroup_object_class has value
>> ipaNisNetgroup (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_netgroup_name has value cn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_netgroup_member has value member (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_netgroup_member_of has value memberOf (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_netgroup_member_user has value
>> memberUser (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_netgroup_member_host has value memberHost (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_netgroup_member_ext_host has value
>> externalHost (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_netgroup_domain has value nisDomainName (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_netgroup_uuid has value ipaUniqueID
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_host_object_class has value ipaHost (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_host_name has value cn (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_host_fqdn has value fqdn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_host_serverhostname has value
>> serverHostname (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_host_member_of has value memberOf (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_host_ssh_public_key has value
>> ipaSshPubKey (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_host_uuid has value ipaUniqueID (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_hostgroup_objectclass has value
>> ipaHostgroup (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_hostgroup_name has value cn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_hostgroup_memberof has value memberOf
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_hostgroup_uuid has value ipaUniqueID (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_service_object_class has value
>> ipService (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_service_name has value cn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_service_port has value ipServicePort
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_service_proto has value ipServiceProtocol (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_service_entry_usn has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_object_class has value ipaselinuxusermap (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_name has value cn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_selinux_usermap_member_user has value
>> memberUser (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_member_host has value memberHost (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_selinux_usermap_see_also has value
>> seeAlso (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_selinux_user has value ipaSELinuxUser (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_enabled has value ipaEnabledFlag (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_selinux_usermap_user_category has value
>> userCategory (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_host_category has value hostCategory (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_selinux_usermap_uuid has value ipaUniqueID (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_view_class has value nsContainer (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_view_name has value cn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_overide_object_class has value
>> ipaOverrideAnchor (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_anchor_uuid has value ipaAnchorUUID (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ipa_user_override_object_class has value
>> ipaUserOverride (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ipa_group_override_object_class has value ipaGroupOverride (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_name has value uid (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_uid_number has value uidNumber
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_gid_number has value gidNumber (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_gecos has value gecos (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_home_directory has value homeDirectory (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_user_shell has value loginShell (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_group_name has value cn (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_group_gid_number has value gidNumber
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_user_ssh_public_key has value ipaSshPubKey (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option dyndns_update is FALSE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> dyndns_refresh_interval has value 0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option dyndns_iface has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> dyndns_ttl has value 1200 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option dyndns_update_ptr is FALSE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> dyndns_force_tcp is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option dyndns_auth has value gss-tsig (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> dyndns_server has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b93620 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b97080 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b93620 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b97080 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b93620 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_setup_tasks] (0x0400): Setting up cleanup task for
>> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b8fce0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b96770 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b8fce0 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b96770 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b8fce0 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sssm_ipa_id_init] (0x0020): Cannot find view name in the cache. Will do
>> online lookup later. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to
>> DNS (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_fo_set_srv_lookup_plugin] (0x0400):
>> SRV lookup plugin is now DNS (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_process_init] (0x2000): ID backend target successfully loaded from
>> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
>> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_domain has value
>> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_,
>> id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_hostname has value docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value
>> cn=hbac,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has value
>> cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value
>> cn=selinux,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value
>> cn=trusts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has
>> value cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option krb5_realm has value
>> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_selinux_refresh has value 5 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_automount_location has value default (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value
>> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_server_mode is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value
>> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value
>> /var/lib/sss/pubconf/krb5.include.d (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_server has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_backup_server has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_realm has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_ccachedir has value /tmp (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_ccname_template has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_auth_timeout has value 6 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_keytab has value /etc/krb5.keytab
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_validate is TRUE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_kpasswd has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_backup_kpasswd has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_store_password_if_offline is TRUE
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_renewable_lifetime has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_lifetime has no value (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_renew_interval has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_use_fast has value try (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_fast_principal has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_canonicalize is TRUE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_use_enterprise_principal is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_get_options] (0x0400): Option krb5_use_kdcinfo is TRUE (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_get_options] (0x0400): Option
>> krb5_map_user has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy
>> option (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0400): Option
>> krb5_realm set to INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): Option
>> krb5_fast_principal set to
>> host/docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <docker-dev-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM> (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_auth_options] (0x0100): Option
>> krb5_use_kdcinfo set to true (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [check_and_export_lifetime] (0x0200): No lifetime configured. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [check_and_export_lifetime] (0x0200): No
>> lifetime configured. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [check_and_export_options] (0x0100): No KDC explicitly configured, using
>> defaults. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [check_and_export_options] (0x0100): No
>> kpasswd server explicitly configured, using the KDC or defaults. (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [parse_krb5_map_user] (0x0200): Warning:
>> krb5_map_user is empty! (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_process_init] (0x2000): AUTH backend target successfully loaded from
>> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
>> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_domain has value
>> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_,
>> id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_hostname has value docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_hbac_search_base has value
>> cn=hbac,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_host_search_base has value
>> cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_selinux_search_base has value
>> cn=selinux,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_subdomains_search_base has value
>> cn=trusts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_master_domain_search_base has
>> value cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option krb5_realm has value
>> INTERNAL.EMERLYN.COM <http://INTERNAL.EMERLYN.COM> (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_hbac_refresh has value 5 (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_selinux_refresh has value 5 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_hbac_support_srchost is FALSE
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_automount_location has value default (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_ranges_search_base has value
>> cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_enable_dns_sites is FALSE (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [dp_copy_options_ex] (0x0400): Option
>> ipa_server_mode is FALSE (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option ipa_views_search_base has value
>> cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [dp_copy_options_ex] (0x0400): Option krb5_confd_path has value
>> /var/lib/sss/pubconf/krb5.include.d (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_process_init] (0x2000): ACCESS backend target successfully loaded from
>> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
>> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_process_init] (0x2000): CHPASS backend target successfully loaded from
>> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
>> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sssm_ipa_sudo_init] (0x2000): Initializing IPA sudo handler (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x2000): Initializing IPA
>> sudo back end (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_sudo_init] (0x0400): Using LDAP
>> schema for sudo (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_sudo_init] (0x2000): Initializing
>> sudo LDAP back end (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [common_parse_search_base] (0x0100):
>> Search base added:
>> [SUDO][ou=sudoers,dc=internal,dc=emerlyn,dc=com][SUBTREE][] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_object_class has value sudoRole (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_sudorule_name has value cn (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_command has value sudoCommand (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_sudorule_host has value sudoHost (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_user has value sudoUser (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_sudorule_option has value sudoOption
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_runas has value sudoRunAs (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_sudorule_runasuser has value
>> sudoRunAsUser (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_runasgroup has value sudoRunAsGroup (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_sudorule_notbefore has value
>> sudoNotBefore (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_notafter has value sudoNotAfter (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_sudorule_order has value sudoOrder
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_sudorule_entry_usn has no value (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1ba05e0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9c740 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1ba05e0 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9c740 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1ba05e0 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_ptask_create] (0x0400): Periodic task [SUDO Full Refresh] was created
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_schedule] (0x0400): Task [SUDO
>> Full Refresh]: scheduling task 0 seconds from now [1470942316] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_create] (0x0400): Periodic task
>> [SUDO Smart Refresh] was created (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_ptask_schedule] (0x0400): Task [SUDO Smart Refresh]: scheduling task
>> 900 seconds from now [1470943216] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_process_init] (0x2000): SUDO backend target successfully loaded from
>> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
>> name found in confdb, using [ipa]. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [load_backend_module] (0x1000): Backend [ipa] already loaded. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sssm_ipa_autofs_init] (0x2000):
>> Initializing IPA autofs handler (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_autofs_init] (0x2000): Initializing autofs LDAP back end (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_autofs_options] (0x1000): Option
>> ldap_autofs_search_base set to
>> cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [common_parse_search_base] (0x0100): Search base added:
>> [AUTOFS][cn=default,cn=automount,dc=internal,dc=emerlyn,dc=com][SUBTREE][]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_autofs_map_object_class has value automountMap (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_autofs_map_name has value
>> automountMapName (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_autofs_entry_object_class has value automount (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_map] (0x0400): Option ldap_autofs_entry_key has value
>> automountKey (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_map] (0x0400): Option
>> ldap_autofs_entry_value has value automountInformation (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_process_init] (0x2000): autofs backend target successfully loaded from
>> provider [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
>> name found in confdb, using [ipa]. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [load_backend_module] (0x1000): Backend [ipa] already loaded. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): selinux
>> backend target successfully loaded from provider [ipa]. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x0200): no module
>> name found in confdb, using [ipa]. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [load_backend_module] (0x1000): Backend [ipa] already loaded. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): HOST backend
>> target successfully loaded from provider [ipa]. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [load_backend_module] (0x0200): no module name found in confdb, using
>> [ipa]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [load_backend_module] (0x1000): Backend
>> [ipa] already loaded. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_config_status] (0x4000): IPA subdomain provider is configured
>> implicit. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_subdom_reinit] (0x2000):
>> Re-initializing domain internal.emerlyn.com <http://internal.emerlyn.com>
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sss_write_krb5_localauth_snippet]
>> (0x0200): File for localauth plugin configuration is
>> [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin] (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9e080 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1ba02b0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9e080 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1ba02b0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9e080 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1ba02b0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1ba0370 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1ba0370 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1ba15f0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9fae0 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1ba15f0 "ltdb_callback" (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9fae0 "ltdb_timeout" (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1ba15f0 "ltdb_callback" (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sss_write_domain_mappings] (0x0200): Mapping file for domain
>> [internal.emerlyn.com <http://internal.emerlyn.com>] is
>> [/var/lib/sss/pubconf/krb5.include.d/domain_realm_internal_emerlyn_com]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_process_init] (0x4000): Get-Subdomains
>> backend target successfully loaded from provider [ipa]. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [become_user] (0x0200): Trying to become
>> user [0][0]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [become_user] (0x0200): Already user [0].
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [main] (0x0400): Backend provider
>> (internal.emerlyn.com <http://internal.emerlyn.com>) started! (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1b6eac0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1b6eac0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_execute] (0x0400): Task [SUDO
>> Full Refresh]: executing task, timeout 21600 seconds (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo
>> rules (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000):
>> beginning to connect (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
>> port 0 for server '(no name)' is 'neutral' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
>> seconds (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolve_srv_send] (0x0200): The status of
>> SRV lookup is neutral (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
>> 'ldap'. Will use DNS discovery domain 'internal.emerlyn.com
>> <http://internal.emerlyn.com>' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of
>> '_ldap._tcp.internal.emerlyn.com <http://tcp.internal.emerlyn.com>' (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [schedule_request_timeout] (0x2000):
>> Scheduling a timeout of 6 seconds (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1b84310/0x1b6c3f0 (15), R/- (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1b84310/0x1b6c3f0 (15), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1b84310/0x1b6c3f0 (15), R/- (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1b84310/0x1b6c3f0 (15), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1b84310/0x1b6c3a0 (15), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000): 0x1b6c560
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1b6eac0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [id_callback] (0x0100): Got id ack and
>> version (1) from Monitor (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_getsrv_done] (0x1000): Using TTL
>> [86400] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
>> Deleting request watch (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_discover_srv_done] (0x0400): Got answer. Processing... (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_discover_srv_done] (0x0400): Got 3
>> servers (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
>> primary server 'idmfs-01.internal.emerlyn.com:389
>> <http://idmfs-01.internal.emerlyn.com:389>' to service 'IPA' (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
>> primary server 'id-management-1.internal.emerlyn.com:389
>> <http://id-management-1.internal.emerlyn.com:389>' to service 'IPA' (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_add_server_to_list] (0x0400): Inserted
>> primary server 'id-management-2.internal.emerlyn.com:389
>> <http://id-management-2.internal.emerlyn.com:389>' to service 'IPA' (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [set_srv_data_status] (0x0100): Marking
>> SRV lookup of service 'IPA' as 'resolved' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_server_status] (0x1000): Status of server
>> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' is
>> 'name not resolved' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolv_is_address] (0x4000): [idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>] does not look like an IP address
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
>> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
>> (0x0100): Trying to resolve A record of 'idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>' in files (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [set_server_common_status] (0x0100): Marking server
>> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' as
>> 'resolving name' (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
>> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
>> (0x0100): Trying to resolve AAAA record of 'idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>' in files (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolv_gethostbyname_next] (0x0200): No more address families to retry
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
>> Querying DNS (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_query] (0x0100):
>> Trying to resolve A record of 'idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>' in DNS (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000):
>> Scheduling DNS timeout watcher (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] (0x1000):
>> Parsing an A reply (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
>> Deleting request watch (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [set_server_common_status] (0x0100): Marking server
>> 'idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>' as
>> 'name resolved' (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
>> Saving the first resolved server (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_resolve_server_process] (0x0200): Found address for server
>> idmfs-01.internal.emerlyn.com <http://idmfs-01.internal.emerlyn.com>:
>> [10.72.100.56] TTL 1200 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_resolve_callback] (0x0400): Constructed uri
>> 'ldap://idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [unique_filename_destructor] (0x2000): Unlinking
>> [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
>> (0x2000): File already removed:
>> [/var/lib/sss/pubconf/.krb5info_dummy_AJMz2v] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sss_ldap_init_send] (0x4000): Using file descriptor [19] for LDAP
>> connection. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): Setting 6
>> seconds timeout for connecting (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_async_sys_connect_done] (0x0020): connect failed [113][No route to
>> host]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sss_ldap_init_sys_connect_done] (0x0020):
>> sdap_async_sys_connect request failed: [113]: No route to host. (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sss_ldap_init_state_destructor] (0x0400):
>> closing socket [19] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed:
>> [113]: No route to host. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_handle_release] (0x2000): Trace: sh[0x1b9e670], connected[0],
>> ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory[0] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): Setting
>> status: PORT_NOT_WORKING. Called from:
>> ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_done: 1567
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): Marking
>> port 389 of server 'idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>' as 'not working' (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
>> port 389 of duplicate server 'idmfs-01.internal.emerlyn.com
>> <http://idmfs-01.internal.emerlyn.com>' as 'not working' (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
>> to resolve service 'IPA' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_server_status] (0x1000): Status of server
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'name not resolved' (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
>> port 389 for server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'neutral' (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
>> (0x2000): Resolve timeout set to 6 seconds (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
>> server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'name not resolved' (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_is_address] (0x4000):
>> [id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>] does not look like an IP
>> address (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
>> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
>> (0x0100): Trying to resolve A record of
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' in files (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
>> Marking server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'resolving name' (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_step] (0x2000):
>> Querying files (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_files_send]
>> (0x0100): Trying to resolve AAAA record of
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' in files (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_next] (0x0200): No
>> more address families to retry (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolv_gethostbyname_step] (0x2000): Querying DNS (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' in DNS (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [schedule_request_timeout] (0x2000): Scheduling a timeout of 6 seconds (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [schedule_timeout_watcher] (0x2000):
>> Scheduling DNS timeout watcher (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [resolv_gethostbyname_dns_parse] (0x1000):
>> Parsing an A reply (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [request_watch_destructor] (0x0400):
>> Deleting request watch (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [set_server_common_status] (0x0100): Marking server
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'name resolved' (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x0200):
>> Found address for server id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200 (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
>> Constructed uri 'ldap://id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [unique_filename_destructor] (0x2000): Unlinking
>> [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
>> (0x2000): File already removed:
>> [/var/lib/sss/pubconf/.krb5info_dummy_BkCB4G] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sss_ldap_init_send] (0x4000): Using file descriptor [19] for LDAP
>> connection. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sss_ldap_init_send] (0x0400): Setting 6
>> seconds timeout for connecting (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to
>> [ldap://id-management-1.internal.emerlyn.com:389/??base
>> <http://id-management-1.internal.emerlyn.com:389/??base>] with fd [19].
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_rootdse_send] (0x4000): Getting
>> rootdse (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with [(objectclass=*)][]. (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [*] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [altServer] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [namingContexts]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [supportedControl] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [supportedExtension] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [supportedFeatures]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [supportedLDAPVersion] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [supportedSASLMechanisms] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [domainControllerFunctionality] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [defaultNamingContext] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [lastUSN] (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [highestCommittedUSN] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 1
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 1
>> timeout 6 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1ba44e0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1ba44e0], ldap[0x1b977d0] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> []. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [vendorName] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [vendorVersion] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [dataversion] (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [netscapemdsuffix] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [changeLog] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [firstchangenumber] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [lastchangenumber] (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [namingContexts] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [supportedControl] (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [supportedExtension] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [supportedLDAPVersion]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [supportedSASLMechanisms] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [defaultNamingContext]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [lastUSN] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1ba44e0], ldap[0x1b977d0] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 1 finished (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_rootdse_done] (0x2000): Got rootdse (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_rootdse_done] (0x2000): Skipping auto-detection of match rule
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_server_opts_from_rootdse]
>> (0x4000): USN value: 5396286 (int: 5396286) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_kinit_send] (0x0400): Attempting kinit (default,
>> host/docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>, INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>, 86400) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_kinit_next_kdc] (0x1000): Resolving next KDC for service IPA (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
>> to resolve service 'IPA' (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_server_status] (0x1000): Status of server
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'name resolved' (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
>> (0x2000): Resolve timeout set to 6 seconds (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
>> server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'name resolved' (Thu Aug
>> 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
>> Saving the first resolved server (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_resolve_server_process] (0x0200): Found address for server
>> id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200 (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_kinit_kdc_resolved] (0x1000): KDC
>> resolved, attempting to get TGT... (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [create_tgt_req_send_buffer] (0x0400): buffer size: 83 (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [child_handler_setup] (0x2000): Setting up signal handler up for pid [5472]
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): Signal
>> handler set up for pid [5472] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [write_pipe_handler] (0x0400): All data has been sent! (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bbb650.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
>> connection 0x1bbb650 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_watch] (0x2000): 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
>> ID timeout [0x1bbc470] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.sssd.dataprovider with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_conn_register_path] (0x0400): Registering object path
>> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.DBus.Properties with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.DBus.Introspectable with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bbb650 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb2120 (21), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bbfca0.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
>> connection 0x1bbfca0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_watch] (0x2000): 0x1bc0bc0/0x1bbd620 (23), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc0bc0/0x1bbd670 (23), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
>> ID timeout [0x1bc0ea0] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.sssd.dataprovider with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_conn_register_path] (0x0400): Registering object path
>> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.DBus.Properties with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.DBus.Introspectable with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb2120 (21), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc0bc0/0x1bbd620 (23), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bc2540.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
>> connection 0x1bc2540 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_watch] (0x2000): 0x1bc3920/0x1bc2040 (24), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc3920/0x1bc2090 (24), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
>> ID timeout [0x1bc3c00] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.sssd.dataprovider with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_conn_register_path] (0x0400): Registering object path
>> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.DBus.Properties with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.DBus.Introspectable with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc2540 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Entering. (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bc49b0.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
>> connection 0x1bc49b0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_watch] (0x2000): 0x1bc5a70/0x1bc3a20 (25), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
>> ID timeout [0x1bc5d50] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.sssd.dataprovider with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_conn_register_path] (0x0400): Registering object path
>> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.DBus.Properties with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.DBus.Introspectable with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a70 (25), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc5a70/0x1bc3a20 (25), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a70 (25), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc5a70/0x1bc3a20 (25), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc0bc0/0x1bbd620 (23), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc0bc0/0x1bbd670 (23), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc0bc0/0x1bbd620 (23), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2090 (24), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc3920/0x1bc2040 (24), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2090 (24), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc3920/0x1bc2040 (24), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.RegisterService on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
>> ID timeout [0x1bc0ea0] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [client_registration] (0x0100): Added Frontend client [PAM] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bbfca0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
>> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Queue is
>> empty, running request immediately. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_queue_request] (0x4000): Adding request to queue. (Thu Aug 11 15:05:16
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): waiting for connection to complete (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bbfca0 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc3920/0x1bc2090 (24), R/- (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2040 (24), -/W (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc3920/0x1bc2090 (24), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc3920/0x1bc2040 (24), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bbc1c0/0x1bb2120 (21), R/- (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb0e00 (21), -/W (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bbc1c0/0x1bb2120 (21), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bbc1c0/0x1bb0e00 (21), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bbb650 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
>> ID timeout [0x1bbc470] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [client_registration] (0x0100): Added Frontend client [SUDO] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bbb650 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
>> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
>> request to queue. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc2540 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
>> ID timeout [0x1bc3c00] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [client_registration] (0x0100): Added Frontend client [SSH] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc2540 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
>> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
>> request to queue. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_server_init_new_connection]
>> (0x0200): Entering. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Adding connection 0x1bcaa90.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_init_connection] (0x0400): Adding
>> connection 0x1bcaa90 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_watch] (0x2000): 0x1bcba00/0x1bca5c0 (26), -/W (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bcba00/0x1bca610 (26), R/- (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_server_init_new_connection] (0x0200): Got a connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_client_init] (0x0100): Set-up Backend
>> ID timeout [0x1bcbce0] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.sssd.dataprovider with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_conn_register_path] (0x0400): Registering object path
>> /org/freedesktop/sssd/dataprovider with D-Bus connection (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_opath_hash_add_iface] (0x0400):
>> Registering interface org.freedesktop.DBus.Properties with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_opath_hash_add_iface] (0x0400): Registering interface
>> org.freedesktop.DBus.Introspectable with path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bcaa90 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bcba00/0x1bca5c0 (26), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bcba00/0x1bca5c0 (26), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (disabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bcba00/0x1bca5c0 (26), -/W (enabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bcba00/0x1bca610 (26), R/- (enabled) (Thu
>> Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bcba00/0x1bca5c0 (26), -/W (disabled) (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bcaa90 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.RegisterService on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
>> ID timeout [0x1bcbce0] (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [client_registration] (0x0100): Added Frontend client [PAC] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bcaa90 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
>> subdomains [] (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
>> request to queue. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting for
>> child [5472]. (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child [5472]
>> finished successfully. (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [read_pipe_handler] (0x0400): EOF received, client finished (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_tgt_recv] (0x0400): Child
>> responded: 0 [FILE:/var/lib/sss/db/ccache_INTERNAL.EMERLYN.COM
>> <http://ccache_INTERNAL.EMERLYN.COM>], expired on [1471028716] (Thu Aug 11
>> 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x0100): expire
>> timeout is 900 (Thu Aug 11 15:05:16 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_cli_auth_step] (0x1000): the
>> connection will expire at 1470943216 (Thu Aug 11 15:05:16 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sasl_bind_send] (0x0100): Executing sasl bind mech: GSSAPI, user:
>> host/docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
>> from: ../src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv:
>> 2052 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0100): Marking
>> port 389 of server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
>> Marking server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
>> port 389 of duplicate server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): notify
>> connected to op #1 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_sudo_refresh_connect_done] (0x0400):
>> SUDO LDAP connection successful (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [check_ipv4_addr] (0x0200): Loopback IPv4 address 127.0.0.1 (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_sudo_get_ip_addresses] (0x2000):
>> Found IP address: 10.72.100.66 in network 10.72.100.0/24
>> <http://10.72.100.0/24> (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address: 172.17.0.1 in
>> network 172.17.0.0/16 <http://172.17.0.0/16> (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [check_ipv6_addr] (0x0200): Loopback IPv6 address ::1 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
>> fe80::250:56ff:fe9a:495f in network fe80::/64 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
>> fe80::42:43ff:fe27:e955 in network fe80::/64 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
>> fe80::ac23:29ff:fe04:bb1a in network fe80::/64 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_ip_addresses] (0x2000): Found IP address:
>> fe80::c494:9dff:feed:a7d8 in network fe80::/64 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_hostnames_send] (0x2000): Found fqdn:
>> docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com> (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_get_hostnames_send] (0x2000): Found hostname: docker-dev-01 (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_done] (0x4000): notify
>> connected to op #2 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaBaseID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 5 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 5 timeout 6 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_done] (0x4000): caching successful connection after 2
>> notifies (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_run_unconditional_online_cb] (0x0400):
>> Running unconditional online callbacks. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_run_online_cb] (0x0080): Going online. Running callbacks. (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_sudo_load_sudoers_send] (0x0400):
>> About to fetch sudo rules (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_search_bases_next_base] (0x0400): Issuing LDAP lookup with base
>> [ou=sudoers,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>)(sudoHost=docker-dev-01)(sudoHost=10.72.100.66)(sudoHost=10.72.100.0/24)(sudoHost=172.17.0.1)(sudoHost=172.17.0.0/16)(sudoHost=fe80::250:56ff:fe9a:495f)(sudoHost=fe80::/64)(sudoHost=fe80::42:43ff:fe27:e955)(sudoHost=fe80::/64)(sudoHost=fe80::ac23:29ff:fe04:bb1a)(sudoHost=fe80::/64)(sudoHost=fe80::c494:9dff:feed:a7d8)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=sudoers,dc=internal,dc=emerlyn,dc=com
>> <http://10.72.100.0/24%29%28sudoHost=172.17.0.1%29%28sudoHost=172.17.0.0/16%29%28sudoHost=fe80::250:56ff:fe9a:495f%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::42:43ff:fe27:e955%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::ac23:29ff:fe04:bb1a%29%28sudoHost=fe80::/64%29%28sudoHost=fe80::c494:9dff:feed:a7d8%29%28sudoHost=fe80::/64%29%28sudoHost=+*%29%28%7C%28sudoHost=*%5C%5C*%29%28sudoHost=*?*%29%28sudoHost=*%5C2A*%29%28sudoHost=*[*]*%29%29%29%29][ou=sudoers,dc=internal,dc=emerlyn,dc=com>].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sudoCommand] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoHost] (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sudoUser] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOption] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sudoRunAs] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoRunAsUser]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sudoRunAsGroup] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoNotBefore]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sudoNotAfter] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sudoOrder] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 6
>> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc5a70/0x1bc3a70 (25), R/- (disabled) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a20 (25), -/W (enabled) (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_toggle_watch] (0x4000):
>> 0x1bc5a70/0x1bc3a70 (25), R/- (enabled) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_toggle_watch] (0x4000): 0x1bc5a70/0x1bc3a20 (25), -/W (disabled) (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc49b0 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.RegisterService on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [client_registration] (0x0100): Cancel DP
>> ID timeout [0x1bc5d50] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [client_registration] (0x0100): Added Frontend client [NSS] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc49b0 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getDomains on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_subdomains] (0x0400): Got get
>> subdomains [] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_request] (0x4000): Adding
>> request to queue. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc49b0 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3a0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=All,ou=sudoers,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [objectClass] (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [sudoCommand] (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [sudoHost] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [sudoUser] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [sudoRunAsUser] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [sudoRunAsGroup] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 6 finished (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_search_bases_done] (0x0400): Receiving data from base
>> [ou=sudoers,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_load_sudoers_done] (0x0040): Received 1 sudo rules (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_refresh_done] (0x0400): Received 1 rules (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_sudo_purge_all] (0x0400): Deleting all cached sudo rules (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb2300 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb23c0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2300 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb23c0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2300 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_sudo_store_rule] (0x0400): Adding sudo rule All (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb11b0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd63c0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb11b0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd63c0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb11b0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1be3710 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1be37d0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1be3710 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1be37d0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1be3710 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_refresh_done] (0x0400): Sudoers is successfuly stored in cache
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_sudo_set_usn] (0x0200): SUDO higher
>> USN value: [2582737] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb31e0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb32a0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb31e0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb32a0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb31e0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb15d0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1690 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb15d0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1690 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb15d0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo
>> rules (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_done] (0x0400): Task [SUDO Full
>> Refresh]: finished successfully (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task
>> 21600 seconds from last execution time [1470963916] (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bb0d50], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_subdom_reset_timeouts_cb] (0x4000):
>> Resetting last_refreshed and disabled_until. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaBaseID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaRangeType] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 7 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 7 timeout 6 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaBaseID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaRangeType] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 5 finished (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9eae0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9eba0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9eba0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_update_ranges] (0x0400): Adding range
>> [INTERNAL.EMERLYN.COM_id_range]. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1be29e0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1be2aa0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1be29e0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1be2aa0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1be29e0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9eae0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9eba0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9eba0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9eae0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9ea20 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9eae0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9ea20 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9eae0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9ea20 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 8
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 8
>> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done]
>> (0x4000): Checking master record.. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=INTERNAL.EMERLYN.COM_id_range,cn=ranges,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaBaseID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaBaseRID] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaSecondaryBaseRID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaIDRangeSize] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaRangeType] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 7 finished (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1ba02b0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1ba0370 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1ba0370 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1ba02b0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1ba0370 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1ba0430 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1ba0370 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1ba0430 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1ba0370 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb2ad0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb2b90 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2ad0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb2b90 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2ad0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [objectclass=ipaNTDomainAttrs][cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 9
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 9
>> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_subdomains_handler_ranges_done]
>> (0x4000): Checking master record.. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN: [cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 8 finished (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb0f70 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1030 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1030 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb0f70 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1030 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1030 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd6910 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1040 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6910 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1040 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6910 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTTrustDirection] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 10
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 10
>> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=ad,cn=etc,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaNTFlatName] (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1baf7a0], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 9 finished (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [objectclass=ipaNTTrustedDomain][cn=trusts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTTrustedDomainSID] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTTrustDirection] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 11
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 11
>> timeout 6 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd3e40], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd3e40], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 10 finished (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_deref_search_with_filter_send] (0x2000): Server supports OpenLDAP
>> deref (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
>> Dereferencing entry [cn=accounts,dc=internal,dc=emerlyn,dc=com] using
>> OpenLDAP deref (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 12 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 12 timeout 6 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd6710], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd6710], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 11 finished (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_deref_search_with_filter_send]
>> (0x2000): Server supports OpenLDAP deref (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_search_send] (0x0400): Dereferencing entry
>> [cn=accounts,dc=internal,dc=emerlyn,dc=com] using OpenLDAP deref (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 13 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 13 timeout 6 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
>> control parsed (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 12 finished (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No view
>> found, using default. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_get_view_name_done] (0x0400): Found view name [default]. (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): Found
>> IPA default view name, replacing with sysdb default. (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_get_view_name_done] (0x4000): read_at_init [false] current view
>> [(null)]. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd6870 (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd6930 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6870 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd6930 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6870 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd95b0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd9670 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd95b0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd9670 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd95b0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd04e0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd05a0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd05a0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1ba0500 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd95e0 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1ba0500 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd95e0 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1ba0500 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1d60 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1e20 (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1d60 "ltdb_callback" (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1e20 "ltdb_timeout" (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1d60 "ltdb_callback" (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
>> request filed successfully. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_destroy] (0x4000): releasing operation connection (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
>> request filed successfully. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
>> request filed successfully. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Queued
>> request filed successfully. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_subdomains_callback] (0x0400): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_queue_next_request] (0x4000): Request
>> queue is empty. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_online_cb] (0x0400): Back end is
>> online (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_ptask_enable] (0x0080): Task [SUDO
>> Smart Refresh]: already enabled (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_ptask_online_cb] (0x0400): Back end is online (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_ptask_enable] (0x0080): Task [SUDO Full Refresh]: already enabled (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
>> control parsed (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd5d80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 13 finished (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x0400): No view
>> found, using default. (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_get_view_name_done] (0x0400): Found view name [default]. (Thu Aug 11
>> 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_view_name_done] (0x4000): Found
>> IPA default view name, replacing with sysdb default. (Thu Aug 11 15:05:18
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_get_view_name_done] (0x4000): read_at_init [true] current view
>> [default]. (Thu Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[(nil)], ldap[0x1b977d0] (Thu Aug 11 15:05:18 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_sudo_online_cb] (0x0400): We are
>> back online. SUDO host information will be renewed on next refresh. (Thu
>> Aug 11 15:05:18 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [delayed_online_authentication_callback]
>> (0x0200): Backend is online, starting delayed online authentication. (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc49b0 (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1001][FAST BE_REQ_USER][1][idnumber=320000001] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb04f0 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb04f0 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb04f0 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_idmap_check_posix_child] (0x4000): Idmap of domain
>> [S-1-5-21-711561063-4190233445-1602496204] already known, nothing to do.
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_connect_step] (0x4000):
>> reusing cached connection (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_search_user_next_base] (0x0400): Searching for users with base
>> [cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [(&(uidNumber=320000001)(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userPassword] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [homeDirectory] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbPrincipalName] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowMin] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowWarning] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowExpire] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbLastPwdChange] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [krbPasswordExpiration] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [authorizedService] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userAccountControl] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [host] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [loginExpirationTime] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [loginAllowedTimeMap] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUserAuthType] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [userCertificate;binary] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 14
>> timeout 6 (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [uid] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [uidNumber] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gecos] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory] (Thu Aug
>> 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [loginShell] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange] (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [krbPasswordExpiration] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [nsAccountLock] (Thu Aug
>> 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaSshPubKey] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 14 finished (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_search_user_process] (0x0400): Search for users, returned 1 results.
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_search_user_process] (0x4000):
>> Retrieved total 1 users (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x0400): Save user (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jgoddard (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Processing user
>> jgoddard (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x2000): Adding
>> originalDN
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
>> attributes of [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x0400): Adding original memberOf attributes to
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original mod-Timestamp [20160811190153Z] to attributes of
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding user
>> principal [jgoddard at INTERNAL.EMERLYN.COM <jgoddard at INTERNAL.EMERLYN.COM>]
>> to attributes of [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> shadowMin is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> shadowWarning is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> shadowExpire is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard]. (Thu
>> Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding krbPasswordExpiration [20170718194453Z] to attributes of [jgoddard].
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> pwdAttribute is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> adAccountExpires is not available for [jgoddard]. (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available
>> for [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding nsAccountLock [FALSE] to attributes of [jgoddard]. (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> authorizedHost is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> ndsLoginExpirationTime is not available for [jgoddard]. (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> ndsLoginAllowedTimeMap is not available for [jgoddard]. (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding sshPublicKey
>> [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
>> to attributes of [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): authType is not available for
>> [jgoddard]. (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> userCertificate is not available for [jgoddard]. (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x0400): Storing info for user jgoddard (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfbbe0 (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfbca0 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfbbe0 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfbca0 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfbbe0 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfb6d0 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfaa10 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfb6d0 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfaa10 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfb6d0 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_user_by_uid] (0x0400): No such entry (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfebf0 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfecb0 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfebf0 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfecb0 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfebf0 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c09ca0 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c09d60 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c09ca0 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c09d60 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c09ca0 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c0af50 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bff180 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0af50 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bff180 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c0af50 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_users] (0x4000): User 0 processed! (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_users_done] (0x4000): Saving 1 Users - Done (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_done] (0x4000): releasing operation connection (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb27b0 (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb27b0 "ltdb_callback" (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb27b0 "ltdb_callback" (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
>> (0x4000): Searching for overrides in view [Default Trust View] with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>> (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:24 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 15 (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 15 timeout 6 (Thu Aug 11 15:05:24
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:24 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 15 finished (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
>> override found with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb2060 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb2d60 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2060 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb2d60 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2060 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bc8780 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bc8780 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1ea0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bc8780 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000001] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
>> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(gidNumber=320000001)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 16 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 16 timeout 6 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gidNumber] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [modifyTimestamp] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [entryUSN] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 16 finished (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_groups_process] (0x0400): Search
>> for groups, returned 1 results. (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_has_deref_support] (0x0400): The server supports deref method
>> OpenLDAP (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [groups] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_process_send] (0x2000): About to process group
>> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 0 users
>> found in the hash table (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_get_sid_str] (0x1000): No
>> [objectSIDString] attribute. [0][Success] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x4000): objectSID: not available for group [(null)].
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object jgoddard (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x0400): Processing group jgoddard (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x2000): This is a posix group (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
>> [cn=jgoddard,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
>> attributes of [jgoddard]. (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
>> [20150116164416Z] to attributes of [jgoddard]. (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): The group has 0 members (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Group has 0 members (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x0400): Storing info for group jgoddard (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f70 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0f70 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_store_group] (0x1000): Group jgoddard does not exist. (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bae460 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9f970 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bae460 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9f970 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bae460 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd05a0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd0660 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd05a0 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd0660 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd05a0 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bca2c0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd6740 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bca2c0 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c011d0 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c01290 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bd6740 "ltdb_timeout" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bca2c0 "ltdb_callback" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c011d0 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c01290 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c011d0 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
>> [0][Success] (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Failed to get
>> group sid (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object jgoddard (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_grpmem] (0x0400): Processing group jgoddard (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_grpmem] (0x0400): No members for group [jgoddard] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd1280 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bae5c0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1280 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bae5c0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1280 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9f970 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bae5c0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bae5c0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
>> members, done(Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1baf710 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1baf710 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1ea0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1baf710 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
>> (0x4000): Searching for overrides in view [Default Trust View] with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 17 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 17 timeout 6 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd3b80], ldap[0x1b977d0] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd3b80], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 17 finished (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
>> override found with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e93b4e92-9d9e-11e4-ac12-0050568354a7))].
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1baf650 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1baf710 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1baf650 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1baf710 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1baf650 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb2290 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1ea0 (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2290 "ltdb_callback" (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1ea0 "ltdb_timeout" (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2290 "ltdb_callback" (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000000] (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:25
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
>> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(gidNumber=320000000)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
>> Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
>> (Thu Aug 11 15:05:25 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 18 (Thu Aug 11 15:05:25 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 18 timeout 6 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1b6eac0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_get_sender_id_send] (0x2000): Not a
>> sysbus message, quit (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gidNumber] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bbc470], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 18 finished (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
>> table [groups] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> About to process group
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd6770 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd6830 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6770 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd6830 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6770 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bca3e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd67b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd67b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bca3e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd66b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd66b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bca3e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd63c0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd6480 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd6480 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd6480 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd66c0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd66c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
>> cache, skipping (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0f70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb12c0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7ae0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb12c0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7ae0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb12c0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb1210 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7ae0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb1210 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7ae0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb1210 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd04e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf14a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf14a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd04e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> Looking up 4/5 members of group
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> Members of group
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will be
>> processed individually (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
>> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting
>> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
>> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
>> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 4 users
>> found in the hash table (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_recv] (0x0400): 1 groups found in the hash table (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object jfifield (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): Search users with filter:
>> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb1160 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1220 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb1160 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1220 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb1160 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object admin (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b9f1e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd0a30 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9f1e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd0a30 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9f1e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object chunsicker (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b9fa30 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bcd910 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9fa30 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bcd910 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9fa30 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object test (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bcd910 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bae4d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bcd910 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bae4d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bcd910 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
>> group admins (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a
>> posix group (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original DN
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
>> attributes of [admins]. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
>> [20160408185328Z] to attributes of [admins]. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): The group has 5 members (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Group has 5 members (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [admin] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [chunsicker] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [jfifield] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [test] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x0400): Storing info for group admins (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd15f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd16b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd15f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd16b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd15f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_store_group] (0x1000): Group admins does not exist. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd07f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd15f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd07f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd15f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd07f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfd0a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd160 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd0a0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd160 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd0a0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfc820 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc8e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfc820 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c060a0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c06160 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bfc8e0 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bfc820 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c060a0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c06160 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c060a0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
>> group admins (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c07c50 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc820 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c07c50 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfc820 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c07c50 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf94a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc820 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf94a0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfc820 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf94a0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_sids_of_members] (0x0400): No such entry (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
>> or directory]. (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
>> users to group [admins] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_find_entry_by_origDN] (0x4000): Searching cache for
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfc820 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf94a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfc820 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf94a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfc820 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_fill_memberships] (0x1000):     member #2
>> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
>> [name=jgoddard,cn=users,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfcd30 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd07f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfcd30 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd07f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfcd30 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd07f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf9880 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd07f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c060d0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c04a30 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bf9880 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bd07f0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c060d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c06fe0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c070a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c04a30 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c060d0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c06fe0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c0c5c0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c0c680 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c070a0 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c06fe0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0c5c0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c09ce0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c0d660 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c0c680 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c0c5c0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c09ce0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c0d660 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c09ce0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
>> members, done(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb26f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb27b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb27b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
>> (0x4000): Searching for overrides in view [Default Trust View] with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 19 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 19 timeout 6 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 19 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
>> override found with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:19821026-9d9b-11e4-8386-0050568354a7))].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb26f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb26f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bc91d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bc9290 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bc91d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bc9290 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bc91d0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000019] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
>> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(gidNumber=320000019)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 20 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 20 timeout 6 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gidNumber] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 20 finished (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
>> hash table [groups] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_process_send] (0x2000): About to process group
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd7900 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd79c0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd7900 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd79c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd7900 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd7bf0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf1780 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd7bf0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf1780 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd7bf0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0f70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf0c10 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf0cd0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf0c10 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf0cd0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf1780 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf1840 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf1840 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf1950 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0eb0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf1950 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0eb0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf1950 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf0c10 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf0cd0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf0cd0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf0c10 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf1780 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf1840 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf1840 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf1780 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd7bc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7c80 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7c80 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd7bc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7c80 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7c80 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd7bc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
>> cache, skipping (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd63c0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd6480 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd6480 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd63c0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bda620 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bda6e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bda620 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bda6e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bda620 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> Looking up 6/7 members of group
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> Members of group
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] will be
>> processed individually (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
>> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
>> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
>> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_recv] (0x0400): 6 users found in the hash table (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1
>> groups found in the hash table (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jviger (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd7fb0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd8070 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd7fb0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd8070 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd7fb0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jfifield (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd82d0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd63c0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd82d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd63c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd82d0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object chunsicker (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf1d70 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd6e00 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf1d70 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd6e00 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf1d70 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object cperry (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd1520 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bda4d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1520 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bda4d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1520 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jodell (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bef750 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd82d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bef750 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd82d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bef750 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object lglassover (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd69e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bcda20 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd69e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bcda20 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd69e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object developers (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
>> group developers (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x2000): This is a
>> posix group (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original DN
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
>> attributes of [developers]. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
>> [20160504191023Z] to attributes of [developers]. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): The group has 7 members (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Group has 7 members (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [chunsicker] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [cperry] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [jfifield] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [jodell] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [lglassover] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [jviger] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x0400): Storing info for group developers (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bef790 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1befb90 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bef790 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1befb90 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bef790 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_store_group] (0x1000): Group developers does not exist. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bcda20 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bda7d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bcda20 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bda7d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bcda20 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfdba0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfdc60 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfdba0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfdc60 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfdba0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c064a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c06560 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c064a0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c068f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c069b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c06560 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c064a0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c068f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c069b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c068f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object developers (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
>> group developers (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c053d0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf0a20 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c053d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf0a20 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c053d0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfe3e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd12d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd12d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_sids_of_members] (0x0400): No such entry (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
>> or directory]. (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
>> users to group [developers] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_find_entry_by_origDN] (0x4000): Searching cache for
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bda7d0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c074e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bda7d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c074e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bda7d0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_fill_memberships] (0x1000):     member #5
>> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
>> [name=jgoddard,cn=users,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfe3e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1befb90 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1befb90 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfe3e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c053d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfe3e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c082f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c083b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c053d0 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bfe3e0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c082f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfddb0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfde70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c083b0 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c082f0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfddb0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c089f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c0c5a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bfde70 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bfddb0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c089f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c0c3e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c06d50 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c0c5a0 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c089f0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0c3e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c06d50 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c0c3e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
>> members, done(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9f1f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb26f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9f1f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb26f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9f1f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
>> (0x4000): Searching for overrides in view [Default Trust View] with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 21 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 21 timeout 6 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bef2c0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bef2c0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 21 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
>> override found with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:f047af7a-09fd-11e5-8827-0050568354a7))].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb05e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb16c0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb05e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb16c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb05e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd6aa0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1baf650 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6aa0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1baf650 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6aa0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1002][FAST BE_REQ_GROUP][1][idnumber=320000031] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_groups_next_base] (0x0400):
>> Searching for groups with base [cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(gidNumber=320000031)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 22 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 22 timeout 6 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gidNumber] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 22 finished (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_groups_process] (0x0400): Search for groups, returned 1 results.
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [groups] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_process_send] (0x2000): About to process group
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd67e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd68a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd67e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd68a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd67e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb21d0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb2290 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb21d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb2290 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb21d0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd6720 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd67e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6720 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd67e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6720 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd6480 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf18b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf18b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd6480 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf18b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf18b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd6480 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] found in
>> cache, skipping (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb0f70 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1030 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1030 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0f70 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb2bc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd71c0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd71c0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd71c0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7280 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd71c0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7280 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd71c0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb2bc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb1260 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb1260 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd0fc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0b70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb2bc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0b70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2bc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb11e0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb12a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb11e0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb12a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb11e0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd7f50 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd8010 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd7f50 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd8010 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd7f50 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is
>> unknown object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd8010 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb11e0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd8010 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb11e0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd8010 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): Search groups with filter:
>> (&(objectclass=group)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd8210 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7f50 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd8210 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7f50 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd8210 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_groups] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_split_members] (0x4000):
>> [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] is unknown
>> object (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> Looking up 7/8 members of group
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_process_send] (0x2000):
>> Members of group
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> will be processed individually (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
>> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
>> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_hash_insert] (0x4000): Inserting
>> [uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into hash
>> table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting
>> [uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] into
>> hash table [users] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_hash_insert] (0x4000):
>> Inserting [uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> into hash table [users] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_nested_group_recv] (0x0400): 7 users found in the hash table (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_group_recv] (0x0400): 1
>> groups found in the hash table (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jviger (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd1de0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7c30 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1de0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7c30 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1de0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jfifield (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb23f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0b70 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object mlibby (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfe660 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0f30 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfe660 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0f30 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfe660 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object chunsicker (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd0fc0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfc150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd0fc0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object cperry (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfeb20 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd8450 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfeb20 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd8450 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfeb20 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jodell (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd8450 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf0af0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd8450 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf0af0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd8450 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object lglassover (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_search_users] (0x2000): Search
>> users with filter:
>> (&(objectclass=user)(originalDN=uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com))
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb23f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd0fc0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd0fc0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb23f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_users] (0x2000): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jira-administrators
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_group] (0x0400): Processing
>> group jira-administrators (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x2000): This is a posix group (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): Adding original DN
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> to attributes of [jira-administrators]. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): Adding original mod-Timestamp
>> [20160504191023Z] to attributes of [jira-administrators]. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400): The
>> group has 8 members (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Group has 8 members (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [chunsicker] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [jfifield] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [cperry] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [jodell] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [jviger] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_ghost_members] (0x0400): Adding ghost member for group
>> [lglassover] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_ghost_members] (0x0400):
>> Adding ghost member for group [mlibby] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_group] (0x0400): Storing info for group jira-administrators (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb2250 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb2310 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb2310 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_store_group] (0x1000): Group jira-administrators does not exist.
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb0eb0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb2250 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb2250 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0eb0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_group_by_gid] (0x0400): No such entry (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfdee0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfdfa0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfdee0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfdfa0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfdee0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c07fd0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08090 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c07fd0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c08730 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c087f0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c08090 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c07fd0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08730 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c087f0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08730 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 processed! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jira-administrators
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Processing
>> group jira-administrators (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb2250 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08150 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2250 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfc150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_sids_of_members] (0x0400): No such entry (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_grpmem] (0x2000): retain_extern_members failed: 2:[No such file
>> or directory]. (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_grpmem] (0x0400): Adding member
>> users to group [jira-administrators] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_find_entry_by_origDN] (0x4000): Searching cache for
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1b9f9f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9f9f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfc150 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9f9f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_fill_memberships] (0x1000):     member #2
>> (uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com):
>> [name=jgoddard,cn=users,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c0a510 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd0fc0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0a510 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd0fc0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c0a510 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfc150 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c0a0a0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfcd30 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bfc150 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0a0a0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c096d0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c09790 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bfcd30 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c0a0a0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c096d0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c0cb20 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c087a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c09790 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c096d0 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0cb20 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c0bd80 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c0d9d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c087a0 "ltdb_timeout" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c0cb20 "ltdb_callback" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0bd80 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c0d9d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c0bd80 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_groups] (0x4000): Group 0 members processed! (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_nested_done] (0x2000): No external
>> members, done(Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bbc470 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd7a10 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bbc470 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd7a10 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bbc470 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
>> (0x4000): Searching for overrides in view [Default Trust View] with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 23 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 23 timeout 6 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bafde0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 23 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
>> override found with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:48d1856c-3f73-11e5-94f7-0050568354a7))].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb2d60 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bc91d0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb2d60 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bc91d0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb2d60 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb1f60 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bc93a0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb1f60 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bc93a0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb1f60 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bc49b0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x1004][FAST BE_REQ_NETGROUP][1][name=office] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_netgr_next_base] (0x0400): Searching
>> for netgroups with base [cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(cn=office)(objectclass=ipaNisNetgroup))][cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [member] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberUser] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberHost] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [externalHost] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nisDomainName]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 24
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 24
>> timeout 6 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bb0a10], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberHost] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [nisDomainName] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bb0a10], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x2000): Total count [0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 24 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_netgroups_process] (0x0400):
>> Search for netgroups, returned 1 results. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [(&(|(memberOf=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com))(objectclass=ipaHost))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 25
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 25
>> timeout 6 (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=goddard-l.internal.emerlyn.com
>> <http://goddard-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=crashplan-master.internal.emerlyn.com
>> <http://crashplan-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=staging-app-2.internal.emerlyn.com
>> <http://staging-app-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=nagios-2.internal.emerlyn.com
>> <http://nagios-2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=metrics-1.internal.emerlyn.com
>> <http://metrics-1.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=rundeck-master.internal.emerlyn.com
>> <http://rundeck-master.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=pairing-vm2.internal.emerlyn.com
>> <http://pairing-vm2.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=mike-d.internal.emerlyn.com
>> <http://mike-d.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN: [fqdn=jenkins.internal.emerlyn.com
>> <http://jenkins.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=sonar-01.internal.emerlyn.com
>> <http://sonar-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=emerlyn-loaner.internal.emerlyn.com
>> <http://emerlyn-loaner.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=graylog-01.internal.emerlyn.com
>> <http://graylog-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=utility-01.internal.emerlyn.com
>> <http://utility-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaSshPubKey] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=lglassover-l.internal.emerlyn.com
>> <http://lglassover-l.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=docker-dev-02.internal.emerlyn.com
>> <http://docker-dev-02.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=docker-dev-03.internal.emerlyn.com
>> <http://docker-dev-03.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f970], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 25 finished (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_netgr_members_process] (0x2000):
>> Found 18 members in current search base (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_netgr_process_all] (0x2000): Extracting netgroup members of netgroup 0
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
>> Extracted 0 netgroup members (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_netgr_process_all] (0x4000): Extracting user members of netgroup 0
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
>> Extracted 0 user members (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_netgr_process_all] (0x4000): Extracting host members of netgroup 0
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_netgr_process_all] (0x2000):
>> Extracted 18 host members (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_netgr_process_all] (0x2000): Putting together triples of netgroup 0
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x2000): Storing
>> netgroup office (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): Adding
>> original DN [cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com] to
>> attributes of [office]. (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_save_netgroup] (0x1000): No original members for netgroup [office]
>> (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_save_netgroup] (0x1000): No members
>> for netgroup [office] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_save_netgroup] (0x0400): Storing info for netgroup office (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c135f0 (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c136b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c135f0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c136b0 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c135f0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c1d5b0 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1d670 (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c1d5b0 "ltdb_callback" (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1d670 "ltdb_timeout" (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c1d5b0 "ltdb_callback" (Thu Aug 11 15:05:26
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_done] (0x4000): releasing operation connection (Thu Aug 11
>> 15:05:26 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request
>> processed. Returned 0,0,Success (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[(nil)], ldap[0x1b977d0] (Thu Aug 11 15:05:26 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bbfca0 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_get_account_info] (0x0200): Got
>> request for [0x3][BE_REQ_INITGROUPS][1][name=jgoddard] (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_req_set_domain] (0x0400): Changing request domain from
>> [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb26f0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb27b0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb27b0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb26f0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bb05e0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0b70 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb05e0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bc8730 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bc87f0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bb0b70 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bb05e0 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bc8730 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb0b70 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bda750 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bc87f0 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bc8730 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb0b70 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bda4d0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bc8670 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bda750 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bb0b70 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bda4d0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bc8670 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bda4d0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_initgr_send] (0x4000):
>> Retrieving info for initgroups call (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_initgr_next_base] (0x0400): Searching for users with base
>> [cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
>> [(&(uid=jgoddard)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userPassword] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [homeDirectory] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbPrincipalName] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowMin] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowWarning] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [shadowExpire] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [krbLastPwdChange] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [krbPasswordExpiration] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [authorizedService] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userAccountControl] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [host] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [loginExpirationTime] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [loginAllowedTimeMap] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUserAuthType] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [userCertificate;binary] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 26
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 26
>> timeout 6 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bb15d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [uid] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [uidNumber] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [gidNumber] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [gecos] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [homeDirectory] (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [loginShell] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [krbPrincipalName] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [cn] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaUniqueID] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [modifyTimestamp] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [entryUSN] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [krbLastPwdChange] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [krbPasswordExpiration] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [nsAccountLock] (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipaSshPubKey] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bb15d0], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_destructor] (0x2000): Operation 26 finished (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_initgr_user] (0x4000): Receiving info for the user (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_initgr_user] (0x4000): Storing
>> the user (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Save user (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object jgoddard (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x0400): Processing user jgoddard (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x2000): Adding originalDN
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] to
>> attributes of [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x0400): Adding original memberOf attributes to
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding original mod-Timestamp [20160811190153Z] to attributes of
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_save_user] (0x0400): Adding user
>> principal [jgoddard at INTERNAL.EMERLYN.COM <jgoddard at INTERNAL.EMERLYN.COM>]
>> to attributes of [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowLastChange is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> shadowMin is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowMax is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> shadowWarning is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowInactive is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> shadowExpire is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): shadowFlag is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding krbLastPwdChange [20160718194453Z] to attributes of [jgoddard]. (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding krbPasswordExpiration [20170718194453Z] to attributes of [jgoddard].
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> pwdAttribute is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): authorizedService is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> adAccountExpires is not available for [jgoddard]. (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): adUserAccountControl is not available
>> for [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding nsAccountLock [FALSE] to attributes of [jgoddard]. (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> authorizedHost is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): ndsLoginDisabled is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> ndsLoginExpirationTime is not available for [jgoddard]. (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> ndsLoginAllowedTimeMap is not available for [jgoddard]. (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> Adding sshPublicKey
>> [c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBNU5BNGdyQjFndVZNWWN2Wk0yVnRuWFJpdWJPczJLZGp0Y2ZZYzRYOHJWS1dUNUJSOEdqaU51NzZDWGxXK0pUQU4xYmlpNm5UL0NTNDBVMXhjaVVTd05JaEtvNVh6ZThNd1Q1Z0hZY3VRV1ZxY2NTajhLeGRKWnA1MUhaclE0QjhlM2t5Y0lENGNzN3NaMUpKYndjL3RkUWg2ek1IRDdaaXhyNGh5UlRJcjZ3WlRsdmEwN3h5RkJSVDRXOXV1a0NFZURKbEI3c0NqdlNTYzRIQWp6Y0M5OVpUR3hjcWJHZERvTEFOczdiUDAzYnNyalJvTzlrNjRjY2dSOUFwK3BaeGhOYTFTRWJSZWxVTW9Qc2VQRUxJeXVvT3hYYUtRT2VJU1FGNFJBRjJKOHkvSllZcEdJaEllQXNybXBCUlRTQ3dSVkNjMzVTWE5QV3E2VnMxTTNvcjl3PT0gamdvZGRhcmRAZW1lcmx5bi5jb20=]
>> to attributes of [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_add_ldap_attr] (0x2000): authType is not available for
>> [jgoddard]. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_attrs_add_ldap_attr] (0x2000):
>> userCertificate is not available for [jgoddard]. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_save_user] (0x0400): Storing info for user jgoddard (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf2960 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf2a20 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2960 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf2a20 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2960 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c002a0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c00360 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c002a0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c00360 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c002a0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [userPassword] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c091e0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c091e0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c091e0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowLastChange] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c02b70 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c02b70 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMin] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf25f0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf25f0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowMax] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd2b0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd2b0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowWarning] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c060e0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c02320 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c060e0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c02320 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c060e0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowInactive] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c01a10 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c05b90 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c05b90 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowExpire] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c01a10 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c01a10 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [shadowFlag] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c01a10 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c01a10 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [pwdAttribute] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedService] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c01a10 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c01a10 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [adAccountExpires] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [adUserAccountControl]
>> from [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c09740 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c09740 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [authorizedHost] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf29a0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginDisabled] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf29a0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginExpirationTime]
>> from [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfd2b0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf29a0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf29a0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfd2b0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [ndsLoginAllowedTimeMap]
>> from [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd2b0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd2b0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [authType] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bfed00 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfd090 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfd090 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfed00 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_remove_attrs] (0x2000): Removing attribute [userCertificate] from
>> [jgoddard] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 3) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf29a0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf29a0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): cancel ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_initgr_user] (0x4000): Commit change (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf1a80 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf1b40 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf1a80 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf1b40 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf1a80 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_initgr_user] (0x4000): Process user's groups (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object jgoddard (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
>> Dereferencing entry
>> [uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com] using
>> OpenLDAP deref (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_send] (0x0400):
>> WARNING: Disabling paging because scope is set to base. (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with [no
>> filter][uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [posixGroup] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [cn] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [gidNumber] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs:
>> [ipaNTSecurityIdentifier] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [entryUSN] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaExternalMember]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 27 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 27 timeout 6 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bfed00], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x1000): Dereferenced DN:
>> cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: top (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: groupofnames
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: posixgroup (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipausergroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: nestedGroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaNTGroupAttrs (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Found map for objectclass 'posixgroup' (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: objectClass (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: admins (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: gidNumber (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 320000000 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=admin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> 19821026-9d9b-11e4-8386-0050568354a7 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute:
>> ipaNTSecurityIdentifier (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> S-1-5-21-711561063-4190233445-1602496204-512 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 20160408185328Z (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 3382936 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x1000): Dereferenced DN:
>> cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: top (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: groupofnames
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: nestedgroup (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipausergroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup' (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: objectClass (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: ipausers (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=mmasters,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=ntaylor,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=nagiosadmin,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=rclay-storm,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=nagios,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=bandreoli,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=test,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=emerlyn,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=db-restore,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> 198528d8-9d9b-11e4-a057-0050568354a7 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 20160510140017Z (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 3855196 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x1000): Dereferenced DN:
>> cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipausergroup (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: posixgroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: groupofnames (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: nestedgroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipantgroupattrs (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup' (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: objectClass (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: developers (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: gidNumber (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 320000019 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> f047af7a-09fd-11e5-8827-0050568354a7 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute:
>> ipaNTSecurityIdentifier (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> S-1-5-21-711561063-4190233445-1602496204-1019 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 20160504191023Z (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 3757093 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x1000): Dereferenced DN:
>> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipasudorule (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipaassociation
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): Dereferenced
>> DN:
>> cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaobject (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipausergroup (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: posixgroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: groupofnames (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: nestedgroup
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipantgroupattrs (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Found map for objectclass 'ipausergroup' (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: objectClass (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: cn (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: jira-administrators (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: gidNumber (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 320000031 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: member (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=chunsicker,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jfifield,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jgoddard,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=cperry,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jodell,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=jviger,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=lglassover,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> uid=mlibby,cn=users,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: ipaUniqueID (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> 48d1856c-3f73-11e5-94f7-0050568354a7 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute:
>> ipaNTSecurityIdentifier (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> S-1-5-21-711561063-4190233445-1602496204-1031 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: modifyTimestamp (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 20160504191023Z (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: entryUSN (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: 3757081 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): All deref results from a single
>> control parsed (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bfed00], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 27 finished (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bf2480 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf2540 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2480 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf2540 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2480 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfcf30 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bffc10 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bffc10 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_search_by_name] (0x0400): No such entry (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_add_incomplete_groups] (0x1000): Group #1 [ipausers][ipausers] is not
>> cached, need to add a fake entry (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfcf30 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf29e0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf29e0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfcd70 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf8870 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfcd70 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf8870 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bfcd70 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object ipausers (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_attrs_get_sid_str] (0x1000): No [objectSIDString] attribute.
>> [0][Success] (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] (0x1000): The
>> group ipausers gid was missing (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_add_incomplete_groups] (0x0400): Marking group ipausers as non-posix
>> and setting GID=0! (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_add_incomplete_groups] (0x2000):
>> Adding fake group ipausers to sysdb (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf7860 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd8ba0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf7860 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd8ba0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf7860 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf8870 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf24c0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf8870 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf24c0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf8870 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_primary_name] (0x0400): Processing object admins (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000):
>> searching sysdb with filter
>> [(&(objectClass=group)(member=name=admins,cn=groups,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf2920 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd9100 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd9100 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x1000): admins is a member of 0 sysdb groups
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): Looking up direct parents for group
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): The group
>> [cn=admins,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
>> direct parents (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
>> (0x1000): The group admins is a direct member of 0 LDAP groups (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object ipausers (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x2000): searching sysdb with filter
>> [(&(objectClass=group)(member=name=ipausers,cn=groups,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf24c0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd9100 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd9100 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x1000): ipausers is a member of 0 sysdb groups
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): Looking up direct parents for group
>> [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): The group
>> [cn=ipausers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
>> direct parents (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
>> (0x1000): The group ipausers is a direct member of 0 LDAP groups (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object developers (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x2000): searching sysdb with filter
>> [(&(objectClass=group)(member=name=developers,cn=groups,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf24c0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf2920 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf2920 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf24c0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x1000): developers is a member of 0 sysdb
>> groups (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): Looking up direct parents for group
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): The group
>> [cn=developers,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com] has 0
>> direct parents (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_membership_diff]
>> (0x1000): The group developers is a direct member of 0 LDAP groups (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_primary_name] (0x0400):
>> Processing object jira-administrators (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x2000): searching sysdb with filter
>> [(&(objectClass=group)(member=name=jira-administrators,cn=groups,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf2920 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfed00 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfed00 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x1000): jira-administrators is a member of 0
>> sysdb groups (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): Looking up direct parents for group
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_nested_get_direct_parents]
>> (0x4000): The group
>> [cn=jira-administrators,cn=groups,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> has 0 direct parents (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_initgr_nested_get_membership_diff] (0x1000): The group
>> jira-administrators is a direct member of 0 LDAP groups (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): commit ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships]
>> (0x1000): The user jgoddard is a direct member of 4 LDAP groups (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sysdb_get_direct_parents] (0x2000):
>> searching sysdb with filter
>> [(&(objectClass=group)(member=name=jgoddard,cn=users,cn=internal.emerlyn.com
>> <http://internal.emerlyn.com>,cn=sysdb))] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf2920 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3b80 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3b80 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2920 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sysdb_get_direct_parents] (0x1000): jgoddard is a member of 3 sysdb groups
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_initgr_store_user_memberships]
>> (0x2000): Updating memberships for jgoddard (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bfcf30 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf2a60 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bfcf30 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c0b340 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf24c0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bf2a60 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1bfcf30 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c0b340 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c15610 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c156d0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1bf24c0 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c0b340 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c15610 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c16c30 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c16010 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c156d0 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c15610 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c16c30 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd9560 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c0c530 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Destroying timer event 0x1c16010 "ltdb_timeout" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Ending timer event
>> 0x1c16c30 "ltdb_callback" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd9560 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c0c530 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd9560 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_initgr_done] (0x4000): Initgroups done (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd3b80 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bfcf30 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bfcf30 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to
>> do. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_done] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf2cd0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1380 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2cd0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1380 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2cd0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1baf710 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb26f0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1baf710 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb26f0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1baf710 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1baf710 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bb0eb0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1baf710 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bb0eb0 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1baf710 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_connect_done]
>> (0x4000): Searching for overrides in view [Default Trust View] with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))][cn=Default
>> Trust View,cn=views,cn=accounts,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 28 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 28 timeout 6 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bb2de0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 28 finished (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_get_ad_override_done] (0x4000): No
>> override found with filter
>> [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:internal.emerlyn.com:e92d810e-9d9e-11e4-ac12-0050568354a7))].
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd3b80 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9f130 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9f130 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd3b80 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_add_timeout] (0x2000): 0x1bb15e0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[(nil)], ldap[0x1b977d0] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_remove_timeout] (0x2000): 0x1bb15e0
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1bc49b0 (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [acctinfo_callback] (0x0100): Request
>> processed. Returned 0,0,Success (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.pamHandler on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_pam_handler] (0x0100): Got request with the following data (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command:
>> SSS_PAM_AUTHENTICATE (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): domain: internal.emerlyn.com
>> <http://internal.emerlyn.com> (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): user: jgoddard (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): service: sudo (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): tty: /dev/pts/0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): ruser: jgoddard (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): rhost: (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): authtok type: 1 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): newauthtok type: 0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): priv: 0 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): cli_pid: 5477 (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): logon name: not set (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [krb5_auth_queue_send] (0x1000): Wait queue of user [jgoddard] is empty,
>> running request [0x1bb1ab0] immediately. (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [krb5_setup]
>> (0x4000): No mapping for: jgoddard (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bc93a0 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bc9460 (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bc93a0 "ltdb_callback" (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bc9460 "ltdb_timeout" (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bc93a0 "ltdb_callback" (Thu Aug 11 15:05:29
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [krb5_auth_prepare_ccache_name] (0x1000): No ccache file for user
>> [jgoddard] found. (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_resolve_service_send] (0x0100): Trying
>> to resolve service 'IPA' (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [get_server_status] (0x1000): Status of server
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'working' (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [get_port_status] (0x1000): Port status of
>> port 389 for server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'working' (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_resolve_service_activate_timeout]
>> (0x2000): Resolve timeout set to 6 seconds (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Thu Aug
>> 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [get_server_status] (0x1000): Status of
>> server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' is 'working' (Thu Aug 11
>> 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_resolve_server_process] (0x1000):
>> Saving the first resolved server (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_resolve_server_process] (0x0200): Found address for server
>> id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>: [10.72.100.16] TTL 1200 (Thu
>> Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_resolve_callback] (0x0400):
>> Constructed uri 'ldap://id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [unique_filename_destructor] (0x2000): Unlinking
>> [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [unlink_dbg]
>> (0x2000): File already removed:
>> [/var/lib/sss/pubconf/.krb5info_dummy_SXAUTk] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [child_handler_setup] (0x2000): Setting up signal handler up for pid [5481]
>> (Thu Aug 11 15:05:29 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [child_handler_setup] (0x2000): Signal
>> handler set up for pid [5481] (Thu Aug 11 15:05:29 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [write_pipe_handler] (0x0400): All data has been sent! (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [read_pipe_handler] (0x0400): EOF received, client finished (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000):
>> child response [0][3][40]. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [parse_krb5_child_response] (0x1000): child response [0][-1073741822][30].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [parse_krb5_child_response] (0x1000):
>> child response [0][-1073741823][32]. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [parse_krb5_child_response] (0x1000): TGT times are
>> [1470942330][1470942330][1471028729][0]. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [parse_krb5_child_response] (0x1000): child response [0][6][8]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [_be_fo_set_port_status] (0x8000): Setting
>> status: PORT_WORKING. Called from: ../src/providers/krb5/krb5_auth.c:
>> krb5_auth_done: 1039 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [fo_set_port_status] (0x0100): Marking port 389 of server
>> 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [set_server_common_status] (0x0100):
>> Marking server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [fo_set_port_status] (0x0400): Marking
>> port 389 of duplicate server 'id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>' as 'working' (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [krb5_mod_ccname] (0x4000): Save ccname
>> [KEYRING:persistent:320000001] for user [jgoddard]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1b9f970 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9fa30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9fa30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1b9f970 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bca1a0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bca260 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bca1a0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bca260 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bca1a0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [check_wait_queue] (0x1000): Wait queue for user [jgoddard] is empty. (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [krb5_auth_queue_done] (0x1000):
>> krb5_auth_queue request [0x1bb1ab0] done. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100):
>> Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): Sent
>> result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x1000): Waiting for
>> child [5481]. (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [child_sig_handler] (0x0100): child [5481]
>> finished successfully. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): dbus conn: 0x1bbfca0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_dispatch] (0x4000): Dispatching. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.pamHandler on path
>> /org/freedesktop/sssd/dataprovider (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_req_set_domain] (0x0400): Changing
>> request domain from [internal.emerlyn.com <http://internal.emerlyn.com>] to
>> [internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_pam_handler] (0x0100): Got request with the following data (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): command:
>> SSS_PAM_ACCT_MGMT (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [pam_print_data] (0x0100): domain:
>> internal.emerlyn.com <http://internal.emerlyn.com> (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): user: jgoddard (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): service: sudo (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): tty: /dev/pts/0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): ruser: jgoddard (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): rhost: (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): authtok type: 0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): newauthtok type: 0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): priv: 0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): cli_pid: 5477 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [pam_print_data] (0x0100): logon name: not set (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_access_send] (0x0400): Performing access check for user [jgoddard]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bb16d0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1b9f220 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bb16d0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1b9f220 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bb16d0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_account_expired_rhds] (0x0400): Performing RHDS access check for user
>> [jgoddard] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_account_expired_rhds] (0x4000):
>> Account for user [jgoddard] is not locked. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [hbac_retry]
>> (0x4000): Connection status is [online]. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_id_op_connect_step] (0x4000): reusing cached connection (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectClass=ipaHost)(fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>))][cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [fqdn] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [serverHostname]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipaUniqueID] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 29
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 29
>> timeout 60 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectClass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [fqdn] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [serverHostname] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [memberOf] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaUniqueID] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 29 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_has_deref_support] (0x0400): The
>> server supports deref method OpenLDAP (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_deref_search_send] (0x2000): Server supports OpenLDAP deref (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_x_deref_search_send] (0x0400):
>> Dereferencing entry [fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com]
>> using OpenLDAP deref (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_print_server] (0x2000): Searching 10.72.100.16 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_send] (0x0400): WARNING: Disabling paging because
>> scope is set to base. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [no
>> filter][fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectClass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaUniqueID] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 30 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 30 timeout 60 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_x_deref_parse_entry] (0x0400): Got deref control (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x1000): Dereferenced DN:
>> cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaobject (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipahostgroup
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: nestedGroup (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: groupOfNames
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: top (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: mepOriginEntry
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Found map for
>> objectclass 'ipahostgroup' (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: objectClass (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: cn (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: office (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x2000): Dereferenced attribute: memberOf (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value: cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> attribute value:
>> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x2000): Dereferenced
>> attribute: ipaUniqueID (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced attribute value:
>> e91566cc-bb9f-11e4-b8b6-0050568354a7 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x1000): Dereferenced DN:
>> cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipanisnetgroup
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaobject (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value:
>> mepManagedEntry (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipaAssociation (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: top (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x1000): Dereferenced
>> DN:
>> ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_deref] (0x4000): Dereferenced
>> objectClass value: ipasudorule (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_deref] (0x4000): Dereferenced objectClass value: ipaassociation
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_x_deref_parse_entry] (0x0400): All
>> deref results from a single control parsed (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd6aa0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x2000): Total count [0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 30 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_hostgroup_info_done] (0x0200):
>> Dereferenced host group: office (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_service_info_next] (0x0400): Sending request for next search
>> base:
>> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACService)]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(objectClass=ipaHBACService)][cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 31
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 31
>> timeout 60 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=sshd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=ftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=su,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=login,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=su-l,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=sudo,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=sudo-i,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=gdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=gdm-password,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=kdm,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=proftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=vsftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=gssftp,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [memberOf] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=crond,cn=hbacservices,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x0400):
>> Search result: Success(0), no errmsg set (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x2000): Total count [0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 31 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_hbac_servicegroup_info_next]
>> (0x0400): Sending request for next search base:
>> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(objectClass=ipaHBACServiceGroup)]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(objectClass=ipaHBACServiceGroup)][cn=hbac,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [member] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberOf] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 32
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_add] (0x2000): New operation 32
>> timeout 60 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [cn=ftp,cn=hbacservicegroups,cn=hbac,dc=internal,dc=emerlyn,dc=com]. (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [member] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1b9f3d0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 32 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ipa_hbac_rule_info_next] (0x0400):
>> Sending request for next search base:
>> [cn=hbac,dc=internal,dc=emerlyn,dc=com][2][(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_print_server] (0x2000): Searching
>> 10.72.100.16 (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x0400):
>> calling ldap_search_ext with
>> [(&(objectclass=ipaHBACRule)(ipaenabledflag=TRUE)(accessRuleType=allow)(|(hostCategory=all)(memberHost=fqdn=docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com)(memberHost=cn=office,cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com)(memberHost=ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com)))][cn=hbac,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaenabledflag]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [accessRuleType] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberUser] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [userCategory] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberService]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [serviceCategory] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sourceHost] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [sourceHostCategory] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [externalHost] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x1000):
>> Requesting attrs: [memberHost] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [hostCategory] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_ext_step] (0x2000):
>> ldap_search_ext called, msgid = 33 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_op_add] (0x2000): New operation 33 timeout 60 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x1ba3f60], connected[1],
>> ops[0x1bd1dd0], ldap[0x1b977d0] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_process_result] (0x2000): Trace: ldap_result found nothing! (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_ENTRY] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_entry] (0x1000): OriginalDN:
>> [ipaUniqueID=19e5fa5a-9d9b-11e4-9cb5-0050568354a7,cn=hbac,dc=internal,dc=emerlyn,dc=com].
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [objectclass] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [cn] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [ipauniqueid] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [ipaenabledflag] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [accessRuleType] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [userCategory] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_parse_range] (0x2000): No
>> sub-attributes for [serviceCategory] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_parse_range] (0x2000): No sub-attributes for [hostCategory] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[0x1bd1dd0], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_message] (0x4000): Message
>> type: [LDAP_RES_SEARCH_RESULT] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
>> errmsg set (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_get_generic_op_finished] (0x2000):
>> Total count [0] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_op_destructor] (0x2000): Operation
>> 33 finished (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 0) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 1) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd42a0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd4360 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd42a0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd4360 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd42a0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name:
>> [docker-dev-01.internal.emerlyn.com
>> <http://docker-dev-01.internal.emerlyn.com>]. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4f50 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf5010 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4f50 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf5010 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4f50 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08000 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c080c0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08000 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c080c0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08000 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [office]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd40b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd4170 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd40b0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd4170 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd40b0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c06c10 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c06cd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c06c10 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c06cd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c06c10 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf2950 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf2950 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf2950 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [sshd]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf2910 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf2910 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf5110 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf5110 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf5110 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c16c90 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c14fc0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c16c90 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c14fc0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c16c90 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [su]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c15130 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c151f0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c15130 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c151f0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c15130 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [login]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c17470 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c17470 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c17470 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c17470 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c17470 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [su-l]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf4fd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf4fd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c17470 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c17470 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [sudo]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c17470 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c17470 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c17470 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [sudo-i]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c199f0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c199f0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [gdm]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4fd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4fd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [gdm-password]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1e850 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1e850 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c06aa0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c06aa0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [kdm]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [proftpd]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf44b0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c1f350 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c199f0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c1f350 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c199f0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c1f350 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [vsftpd]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf44b0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf44b0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c1b3a0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c1b3a0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c1b3a0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [gssftp]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08a30 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [pure-ftpd]. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): start ldb transaction
>> (nesting: 2) (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf2910 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf2910 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c1fc80 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c20950 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c1fc80 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c20950 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c1fc80 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [crond]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c20950 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1fc80 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c20950 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1fc80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c20950 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c1b3a0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c1b3a0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1dd0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [Sudo]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c15070 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c15070 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c15070 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bf4570 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bf4630 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bf4570 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bf4630 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bf4570 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name: [ftp]. (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c13750 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c13750 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c26210 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08580 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c26210 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08580 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c26210 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c25c20 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd1dd0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c25c20 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd1dd0 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c25c20 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_save_list] (0x4000): Object name:
>> [19e5fa5a-9d9b-11e4-9cb5-0050568354a7]. (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c08a30 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c15070 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c15070 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c08a30 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): start ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1c13c00 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1c08580 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1c13c00 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1c08580 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1c13c00 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 3) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 2) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 1) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): commit ldb transaction (nesting: 0) (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd3d80 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3e40 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd3d80 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3e40 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd3d80 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_attrs_to_rule] (0x1000): Processing rule [allow_all] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_user_attrs_to_rule] (0x1000):
>> Processing users for rule [allow_all] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_get_category] (0x0200): Category is set to 'all'. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_service_attrs_to_rule] (0x1000):
>> Processing PAM services for rule [allow_all] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_get_category] (0x0200): Category is set to 'all'. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_thost_attrs_to_rule] (0x1000):
>> Processing target hosts for rule [allow_all] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_get_category] (0x0200): Category is set to 'all'. (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_shost_attrs_to_rule] (0x0400):
>> Processing source hosts for rule [allow_all] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_shost_attrs_to_rule] (0x2000): Source hosts disabled, setting ALL
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x1bd1da0 (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_eval_user_element] (0x1000): [22] groups for [jgoddard] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
>> group [admins] for user [jgoddard] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_eval_user_element] (0x2000): Skipping non-group memberOf
>> [cn=Replication
>> Administrators,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Add Replication
>> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Modify Replication
>> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Remove Replication
>> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Modify DNA
>> Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Modify PassSync Managers
>> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Add Configuration
>> Sub-Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Read LDBM Database
>> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Read PassSync Managers
>> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Read DNA
>> Range,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=System: Read Replication
>> Agreements,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=Host
>> Enrollment,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=System: Add krbPrincipalName to a
>> Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=System: Enroll a
>> Host,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=System: Manage Host
>> Certificates,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug
>> 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=System: Manage Host Enrollment
>> Password,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf [cn=System: Manage Host
>> Keytab,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
>> group [ipausers] for user [jgoddard] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [hbac_eval_user_element] (0x1000): Added group [developers] for user
>> [jgoddard] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x2000):
>> Skipping non-group memberOf
>> [ipaUniqueID=39a097f2-25b2-11e5-a205-0050568354a7,cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [hbac_eval_user_element] (0x1000): Added
>> group [jira-administrators] for user [jgoddard] (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1da0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_callback": 0x1bd1da0 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Added timed event "ltdb_timeout": 0x1bd3d80 (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Running timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [ldb] (0x4000): Destroying timer event
>> 0x1bd3d80 "ltdb_timeout" (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]] [ldb]
>> (0x4000): Ending timer event 0x1bd1da0 "ltdb_callback" (Thu Aug 11 15:05:32
>> 2016) [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [allow_all]
>> (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_id_op_destroy] (0x4000): releasing
>> operation connection (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>)
>> [Success] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> sh[0x1ba3f60], connected[1], ops[(nil)], ldap[0x1b977d0] (Thu Aug 11
>> 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sdap_process_result] (0x2000): Trace:
>> ldap_result found nothing! (Thu Aug 11 15:05:32 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success)
>> [Success] (Thu Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100):
>> Sending result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu
>> Aug 11 15:05:32 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [be_pam_handler_callback] (0x0100): Sent
>> result [0][internal.emerlyn.com <http://internal.emerlyn.com>] (Thu Aug 11
>> 15:05:36 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1b6eac0 (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:36 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service (Thu Aug 11 15:05:36 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:46 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1b6eac0 (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:46 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service (Thu Aug 11 15:05:46 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Thu Aug 11
>> 15:05:56 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): dbus conn:
>> 0x1b6eac0 (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_dispatch] (0x4000): Dispatching.
>> (Thu Aug 11 15:05:56 2016) [sssd[be[internal.emerlyn.com
>> <http://internal.emerlyn.com>]]] [sbus_message_handler] (0x2000): Received
>> SBUS method org.freedesktop.sssd.service.ping on path
>> /org/freedesktop/sssd/service (Thu Aug 11 15:05:56 2016)
>> [sssd[be[internal.emerlyn.com <http://internal.emerlyn.com>]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit *
>>
>>
>>
>> On Thu, Aug 11, 2016 at 2:40 PM, Justin Stephenson <jstephen at redhat.com>
>> wrote:
>>
>>> Hello,
>>>
>>> Could you increase the debug level to 9, restart sssd  + clear the cache
>>> and reproduce the problem then provide the sssd_<domain>.log as well as the
>>> sssd_sudo.log ?
>>>
>>> Also you may want to rule out HBAC issues with the below command:
>>>
>>>      # ipa hbactest --user 'jgoddard' --host $(hostname) --service sudo
>>>
>>> Kind regards,
>>>
>>> Justin Stephenson
>>> On 08/11/2016 02:24 PM, Jeff Goddard wrote:
>>>
>>> Here is relevant configuration files:
>>>
>>> *nsswitch.conf:*
>>>
>>> passwd:         compat sss
>>> group:          compat sss
>>> shadow:         compat sss
>>> gshadow:        files
>>>
>>> hosts:          files dns
>>> networks:       files
>>>
>>> protocols:      db files
>>> services:       db files sss
>>> ethers:         db files
>>> rpc:            db files
>>>
>>> netgroup:       nis sss
>>> sudoers: sss files
>>>
>>> *sssd.conf:*
>>>
>>> [domain/internal.emerlyn.com]
>>>
>>> cache_credentials = True
>>> krb5_store_password_if_offline = True
>>> ipa_domain = internal.emerlyn.com
>>> id_provider = ipa
>>> auth_provider = ipa
>>> access_provider = ipa
>>> ipa_hostname = docker-dev-01.internal.emerlyn.com
>>> chpass_provider = ipa
>>> ipa_server = _srv_, id-management-1.internal.emerlyn.com
>>> ldap_tls_cacert = /etc/ipa/ca.crt
>>> sudo_provider=ipa
>>> ldap_uri=ldap://id-management-1.internal.emerlyn.com
>>> ldap_sudo_search_base=ou=sudoers,dc=internal,dc=emerlyn,dc=com
>>> debug_level=7
>>>
>>> [sssd]
>>> services = nss, pam, sudo, ssh
>>> debug_level=7
>>> domains = internal.emerlyn.com
>>>
>>> [nss]
>>> homedir_substring = /home
>>>
>>> [pam]
>>>
>>> [sudo]
>>> debug_level=7
>>> [autofs]
>>>
>>> [ssh]
>>> debug_level=7
>>> [pac]
>>>
>>> [ifp]
>>>
>>>
>>>
>>> *Log output - /var/log/sssd/sssd_sudo.log: *(Thu Aug 11 12:21:43 2016)
>>> [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>>> Received client version [1].
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>>> Offered version [1].
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>>> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>>> Requesting info about [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>>> Returning info for user [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>>> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)(
>>> sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(su
>>> doUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(na
>>> me=defaults)))]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>>> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> * (*Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>>> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>>> Requesting info about [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>>> Returning info for user [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>>> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)(
>>> sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(su
>>> doUser=+*))(&(dataExpireTimestamp<=1470932503)))]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>>> doUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser
>>> =%developers)(sudoUser=%jira-administrators)(sudoUser=%
>>> admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
>>> Sorting rules with higher-wins logic
>>> (Thu Aug 11 12:21:43 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:21:47 2016) [sssd[sudo]] [client_recv] (0x0200): Client
>>> disconnected!
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [accept_fd_handler] (0x0400):
>>> Client connected!
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>>> Received client version [1].
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_cmd_get_version] (0x0200):
>>> Offered version [1].
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>>> (0x0200): Requesting default options for [jgoddard] from [<ALL>]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>>> Requesting info about [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>>> Returning info for user [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>>> Retrieving default options for [jgoddard] from [internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)(
>>> sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(su
>>> doUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(na
>>> me=defaults)))]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>>> (0x0400): Returning 0 rules for [<default options>@internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sss_parse_name_for_domains]
>>> (0x0200): name 'jgoddard' matched without domain, user is jgoddard
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_cmd_parse_query_done]
>>> (0x0200): Requesting rules for [jgoddard] from [<ALL>]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0200):
>>> Requesting info about [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
>>> Returning info for user [jgoddard at internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
>>> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>>> doUser=ALL)(name=defaults)(sudoUser=jgoddard)(sudoUser=#3200
>>> 00001)(sudoUser=%developers)(sudoUser=%jira-administrators)(
>>> sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(su
>>> doUser=+*))(&(dataExpireTimestamp<=1470932532)))]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>>> (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(su
>>> doUser=ALL)(sudoUser=jgoddard)(sudoUser=#320000001)(sudoUser
>>> =%developers)(sudoUser=%jira-administrators)(sudoUser=%
>>> admins)(sudoUser=%ipausers)(sudoUser=%jgoddard)(sudoUser=+*)))]
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400):
>>> Sorting rules with higher-wins logic
>>> (Thu Aug 11 12:22:12 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>>> (0x0400): Returning 1 rules for [jgoddard at internal.emerlyn.com]
>>>
>>>
>>> On Thu, Aug 11, 2016 at 2:15 PM, Rob Crittenden <rcritten at redhat.com>
>>> wrote:
>>>
>>>> Jeff Goddard wrote:
>>>>
>>>>> I've looked though these but not found anything helpful. It appears as
>>>>> though my previous statement about the 1 group being found was
>>>>> misleading as the sssd.$mydomain.com.log file reports that no sudo
>>>>> rules
>>>>> are found. Does this mean that the LDAP tree being searched is
>>>>> different
>>>>> on ubuntu vs centos?
>>>>>
>>>>
>>>> I find that extremely unlikely.
>>>>
>>>> You may want to outline more what you've already checked.
>>>>
>>>> For example, is sss in sudoers in /etc/nsswitch.conf?
>>>>
>>>> You can check the 389-ds access log to see what, if any queries are
>>>> being made. I'd clean the sssd cache in advance.
>>>>
>>>> rob
>>>>
>>>>
>>>>> Jeff
>>>>>
>>>>> On Wed, Aug 10, 2016 at 2:13 PM, Rob Crittenden <rcritten at redhat.com
>>>>> <mailto:rcritten at redhat.com>> wrote:
>>>>>
>>>>>     Jeff Goddard wrote:
>>>>>
>>>>>         Sean,
>>>>>
>>>>>         Thanks for the reply. I don't think that's my problem but I'm
>>>>>         posting a
>>>>>         redacted copy of the sssd.conf file for review below.
>>>>>
>>>>>
>>>>>     I'd start here:
>>>>>     https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>>>>>     <https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO>
>>>>>
>>>>>     rob
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Jeff Goddard
>>> Director of Information Technology
>>> Emerlyn Technology
>>>
>>> Email: jgoddard at emerlyn.com
>>> Telephone: (603) 447-8571 <%28603%29%20447-8571>
>>> Toll free: (888) 363-7596 ext. 108 <%28888%29%20363-7596%20ext.%20108>
>>> Fax: (603) 356-3346 <%28603%29%20356-3346>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> Thanks,
>>
>> Jeff
>>
>>
>>
>
>


Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/ac5fb468/attachment.htm>

From ftweedal at redhat.com  Fri Aug 12 00:40:15 2016
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Fri, 12 Aug 2016 10:40:15 +1000
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <57AC9FB1.1090605@redhat.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
Message-ID: <20160812004015.GG23927@dhcp-40-8.bne.redhat.com>

On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> Kamal Perera wrote:
> > Dear all,
> > 
> > Seeking your kind advices.
> > 
> > If the requirement is for having a scalable corporate CA only, is it
> > possible to get this requirement fulfilled with DogTag only, or install
> > FreeIPA and use the CA functionality only.
> 
> IPA limits dogtag to only those features it is interested in. This has been
> expanding recently but you still lose some functionality.
> 
> IMHO if all you want is a CA then managing IPA is overkill.
> 
> > What are the functional differences and support limitations?
> 
> Functionally it depends on what version of IPA you're talking about. Older
> versions only exposed server certificates. Newer versions support user
> certifications, custom profiles and more. It is still just a subset of what
> dogtag supports.
> 
> Support from whom? The dogtag community is happy to help (they've always
> helped us).
> 
There are lots of questions that can help you decide which path to
take: what kinds of certs do you want to issue; to what entities;
who will issue them; are you already using FreeIPA in your
organisation?

In regards to functional differences, Dogtag CA and KRA are
supported with FreeIPA; token processing and standalone OCSP are
not.  I disagree somewhat with Rob in that unless you need those
other Dogtag subsystems, I see little disadvantage in using FreeIPA.
It definitely makes deploying the CA easier and managing renewals
easier.

The more you tell us of your requirements, the more we can help :)

Thanks,
Fraser



From harenberg at physik.uni-wuppertal.de  Fri Aug 12 06:06:56 2016
From: harenberg at physik.uni-wuppertal.de (Torsten Harenberg)
Date: Fri, 12 Aug 2016 08:06:56 +0200
Subject: [Freeipa-users] unable to delete a replica server
In-Reply-To: <57ACA0C0.8080702@redhat.com>
References: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
	<57ACA0C0.8080702@redhat.com>
Message-ID: <4c86ccef-7f29-c38c-f46d-6649d85bd17c@physik.uni-wuppertal.de>

Am 11.08.16 um 17:58 schrieb Rob Crittenden:
> Torsten Harenberg wrote:
>> Hi,
>>
>> we have three ipa servers
>>
>> - ipa
>> - ipa2
>> - ipacentos7
>>
>> We wanted to re-install ipa2 from scratch as this server gave us strange
>> issues in the past (for example, you have to do a "ipactl stop && ipactl
>> start" after boot to have everything running - a step which is not
>> needed on the other two).
>>
>> However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
>> an error at the end (it scrolled out of the terminal, but ended with
>> "unexpected error: Not allowed on non-leaf entry").
>>
>> It seems to be impossible to get rid of this replica now:
>>
>> [root at ipa ~]#  ipa-replica-manage -v -f -c  del
>> ipa2.pleiades.uni-wuppertal.de
>> Directory Manager password:
>>
>> Cleaning a master is irreversible.
>> This should not normally be require, so use cautiously.
>> Continue to clean master? [no]: yes
>> unexpected error: Not allowed on non-leaf entry
>> [root at ipa ~]# ipa-replica-manage list
>> Directory Manager password:
>>
>> ipacentos7.pleiades.uni-wuppertal.de: master
>> ipa.pleiades.uni-wuppertal.de: master
>> ipa2.pleiades.uni-wuppertal.de: master
>> [root at ipa ~]#
>>
>> [root at ipa ~]#  ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
>> Directory Manager password:
>>
>> Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
>> 'ipa2.pleiades.uni-wuppertal.de'
>> [root at ipa ~]# ipa-replica-manage list
>> Directory Manager password:
>>
>> ipacentos7.pleiades.uni-wuppertal.de: master
>> ipa.pleiades.uni-wuppertal.de: master
>> ipa2.pleiades.uni-wuppertal.de: master
>> [root at ipa ~]#
>>
>> Any ideas how to proceed from here?
> 
> Seems like an error that LDAP is throwing. There might be details in
> /var/log/dirsrv/slapd-REALM/{access|errors}
> 
> It sounds like when IPA tried to delete some entry it failed because
> that entry has children. The logs should help pinpoint which entry it is
> failing on.
> 
> rob


Hmm.. unfortunately, there is nothing which tells us here something. The
last entries in error containing "ipa2" are

[11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
(nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
failed.
[root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#

And those stopped after issuing the ipa-replica-manage del command for
the first time.

Surprisingly, these messages are in the log even for the freshly
installed "ipacentos7" replica:

[root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# tail -3 errors
[12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
[12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
[12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
[root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#

The log in access is a bit delayed, but when executing this:

[root at ipa ~]#  ipa-replica-manage -v -f -c  del
ipa2.pleiades.uni-wuppertal.de
Directory Manager password:

Cleaning a master is irreversible.
This should not normally be require, so use cautiously.
Continue to clean master? [no]: yes
unexpected error: Not allowed on non-leaf entry
[root at ipa ~]#

we get a lengthy log like that one here, but these can be completely
unrelated:


[root at ipa ~]# tail -f /var/log/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/access
[12/Aug/2016:07:36:39 +0200] conn=44409 op=31 SRCH
base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:39 +0200] conn=44409 op=31 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:39 +0200] conn=44409 op=32 SRCH base="cn=Default
Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2
filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:74197518-2952-11e5-99a3-00163e040d17))"
attrs=ALL
[12/Aug/2016:07:36:39 +0200] conn=44409 op=32 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:48 +0200] conn=44381 op=14 UNBIND
[12/Aug/2016:07:36:48 +0200] conn=44381 op=14 fd=78 closed - U1
[12/Aug/2016:07:36:50 +0200] conn=44423 op=14 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:36:50 +0200] conn=44423 op=14 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:51 +0200] conn=44511 op=10 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType"
[12/Aug/2016:07:36:51 +0200] conn=44511 op=10 RESULT err=0 tag=101
nentries=0 etime=0


*** STARTING COMMAND

[12/Aug/2016:07:36:54 +0200] conn=44489 op=16 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=atlasprd020)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=16 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=17 SRCH
base="cn=ipausers,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=17 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=18 SRCH
base="cn=atlasprd,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=18 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=19 SRCH
base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0
filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:36:54 +0200] conn=44489 op=19 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:54 +0200] conn=44489 op=20 SRCH base="cn=Default
Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2
filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:1f9346aa-2951-11e5-9d7e-00163e040d17))"
attrs=ALL
[12/Aug/2016:07:36:54 +0200] conn=44489 op=20 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:55 +0200] conn=44536 fd=78 slot=78 connection from
132.195.124.203 to 132.195.124.12
[12/Aug/2016:07:36:55 +0200] conn=44536 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures
supportedLDAPVersion supportedSASLMechanisms
domaincontrollerfunctionality defaultnamingcontext lastusn
highestcommittedusn aci"
[12/Aug/2016:07:36:55 +0200] conn=44536 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723627 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723627 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723628 SRCH
base="cn=ipaConfig,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData
ipaUserAuthType"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723628 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723629 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723629 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723630 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723630 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723631 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723631 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723632 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723632 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723633 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723633 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723634 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723634 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723635 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723635 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723636 SRCH
base="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
ipaNTHomeDirectoryDrive"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723636 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723637 SRCH
base="cn=lustre3.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:36:55 +0200] conn=2 op=723637 RESULT err=32 tag=101
nentries=0 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723638 MOD
dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723638 RESULT err=0 tag=103
nentries=0 etime=0 csn=57ad81dc000000040000
[12/Aug/2016:07:36:55 +0200] conn=2 op=723639 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723639 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723640 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723640 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723641 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723641 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723642 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723642 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=2 op=723643 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:36:55 +0200] conn=2 op=723643 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:36:55 +0200] conn=44536 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:36:55 +0200] conn=44536 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[12/Aug/2016:07:36:55 +0200] conn=44536 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:36:55 +0200] conn=44536 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[12/Aug/2016:07:36:55 +0200] conn=44536 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:36:55 +0200] conn=44536 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:36:55 +0200] conn=44536 op=4 SRCH
base="ou=SUDOers,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=lustre3.pleiades.uni-wuppertal.de)(sudoHost=lustre3)(sudoHost=132.195.124.203)(sudoHost=132.195.124.0/23)(sudoHost=fe80::da9d:67ff:fe60:9400)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn"
[12/Aug/2016:07:36:55 +0200] conn=44536 op=4 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:06 +0200] conn=44533 op=8 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44533 op=8 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44533 op=9 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44533 op=9 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44533 op=10 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44533 op=10 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44390 op=27 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44390 op=27 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44390 op=28 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44390 op=28 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:06 +0200] conn=44390 op=29 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:06 +0200] conn=44390 op=29 RESULT err=0 tag=101
nentries=0 etime=0

[...]

[12/Aug/2016:07:37:08 +0200] conn=44382 op=27 fd=184 closed - U1
[12/Aug/2016:07:37:09 +0200] conn=44428 op=14 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:09 +0200] conn=44428 op=14 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:09 +0200] conn=44428 op=15 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:09 +0200] conn=44428 op=15 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:09 +0200] conn=44428 op=16 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:09 +0200] conn=44428 op=16 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=21 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=pnilsson)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=21 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=22 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=zp)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=22 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=23 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uid=atlact1)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=23 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44489 op=24 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=def-cg)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
attrs="objectClass posixgroup cn userPassword gidNumber member
ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
[12/Aug/2016:07:37:11 +0200] conn=44489 op=24 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:11 +0200] conn=44383 op=15 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:11 +0200] conn=44383 op=15 RESULT err=0 tag=101
nentries=0 etime=0

[...]

[12/Aug/2016:07:37:14 +0200] conn=44538 fd=184 slot=184 connection from
132.195.124.25 to 132.195.124.12
[12/Aug/2016:07:37:14 +0200] conn=44538 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="* altServer namingContexts
supportedControl supportedExtension supportedFeatures
supportedLDAPVersion supportedSASLMechanisms
domaincontrollerfunctionality defaultnamingcontext lastusn
highestcommittedusn aci"
[12/Aug/2016:07:37:14 +0200] conn=44538 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=44539 fd=216 slot=216 SSL connection
from 132.195.124.12 to 132.195.124.12
[12/Aug/2016:07:37:14 +0200] conn=44539 TLS1.2 128-bit AES
[12/Aug/2016:07:37:14 +0200] conn=44539 op=0 BIND dn="cn=directory
manager" method=128 version=3
[12/Aug/2016:07:37:14 +0200] conn=2 op=723644 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=44539 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=directory manager"
[12/Aug/2016:07:37:14 +0200] conn=44539 op=1 SRCH base="cn=mapping
tree,cn=config" scope=2
filter="(&(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=pleiades,dc=uni-wuppertal,dc=de))(objectClass=nsDSWindowsReplicationAgreement))(nsDS5ReplicaHost=ipa2.pleiades.uni-wuppertal.de))"
attrs=ALL
[12/Aug/2016:07:37:14 +0200] conn=44539 op=1 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723644 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723645 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723645 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723646 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723646 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723647 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723647 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723648 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723648 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723649 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723649 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723650 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723650 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723651 SRCH
base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
krbPwdFailureCountInterval krbPwdLockoutDuration"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723651 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723652 SRCH
base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
ipaNTHomeDirectoryDrive"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723652 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723653 SRCH
base="cn=wnfg005.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:37:14 +0200] conn=2 op=723653 RESULT err=32 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723654 MOD
dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723654 RESULT err=0 tag=103
nentries=0 etime=0 csn=57ad81ef000000040000
[12/Aug/2016:07:37:14 +0200] conn=2 op=723655 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723656 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723655 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723657 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723657 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723658 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE))"
attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
krbUPEnabled krbPrincipalKey krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723656 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723659 SRCH
base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=krbticketpolicyaux)"
attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
[12/Aug/2016:07:37:14 +0200] conn=2 op=723659 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=2 op=723658 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:14 +0200] conn=44538 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:37:15 +0200] conn=44538 op=1 RESULT err=14 tag=97
nentries=0 etime=1, SASL bind in progress
[12/Aug/2016:07:37:15 +0200] conn=44538 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:37:15 +0200] conn=44538 op=2 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[12/Aug/2016:07:37:15 +0200] conn=44538 op=3 BIND dn="" method=sasl
version=3 mech=GSSAPI
[12/Aug/2016:07:37:15 +0200] conn=44538 op=3 RESULT err=0 tag=97
nentries=0 etime=0
dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=4 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=ipaHost)(fqdn=wnfg005.pleiades.uni-wuppertal.de))"
attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=4 RESULT err=0 tag=101
nentries=1 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44538 op=5 SRCH
base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=5 RESULT err=0 tag=101
nentries=1 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44538 op=6 SRCH
base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=ipasudocmdgrp)(entryusn>=1))" attrs="objectClass
ipaUniqueID cn member entryusn"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=6 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44538 op=7 SRCH
base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de)(memberHost=cn=worker_nodes,cn=hostgroups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de))(entryusn>=1))"
attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs
ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser
sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory
userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory
ipaSudoRunAsExtUser ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup entryusn"
[12/Aug/2016:07:37:15 +0200] conn=44538 op=7 RESULT err=0 tag=101
nentries=0 etime=0 notes=P pr_idx=0
[12/Aug/2016:07:37:15 +0200] conn=44422 op=26 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(uidNumber=51437)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
attrs="objectClass uid userPassword uidNumber gidNumber gecos
homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
accountexpires useraccountcontrol nsAccountLock host logindisabled
loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
usercertificate;binary"
[12/Aug/2016:07:37:15 +0200] conn=44422 op=26 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:15 +0200] conn=44422 op=27 SRCH base="cn=Default
Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2
filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:93718aaa-2951-11e5-9bdf-00163e040d17))"
attrs=ALL
[12/Aug/2016:07:37:15 +0200] conn=44422 op=27 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:15 +0200] conn=44539 op=2 SRCH
base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(krbPrincipalName=*/ipa2.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)"
attrs=ALL
[12/Aug/2016:07:37:15 +0200] conn=44539 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:15 +0200] conn=44539 op=3 MOD
dn="cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=4 MOD
dn="cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=3 RESULT err=16 tag=103
nentries=0 etime=0 csn=57ad81f0000200040000
[12/Aug/2016:07:37:15 +0200] conn=44539 op=4 RESULT err=16 tag=103
nentries=0 etime=0 csn=57ad81f0000300040000
[12/Aug/2016:07:37:15 +0200] conn=44539 op=5 MOD
dn="cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=6 SRCH
base="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=2 filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:37:15 +0200] conn=44539 op=6 RESULT err=0 tag=101
nentries=7 etime=0 notes=U
[12/Aug/2016:07:37:15 +0200] conn=44539 op=5 RESULT err=16 tag=103
nentries=0 etime=0 csn=57ad81f0000400040000
[12/Aug/2016:07:37:15 +0200] conn=44539 op=7 SRCH base="cn=schema"
scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses"
[12/Aug/2016:07:37:15 +0200] conn=44539 op=7 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44442 op=14 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:16 +0200] conn=44442 op=14 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44442 op=15 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:16 +0200] conn=44442 op=15 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44442 op=16 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:16 +0200] conn=44442 op=16 RESULT err=0 tag=101
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=8 DEL
dn="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=8 RESULT err=66 tag=107
nentries=0 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=9 SRCH
base="cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
filter="(objectClass=*)" attrs="aci"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=9 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=10 SRCH
base="cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="aci"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=10 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=11 SRCH
base="cn=certificates,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
scope=0 filter="(objectClass=*)" attrs="aci"
[12/Aug/2016:07:37:16 +0200] conn=44539 op=11 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=12 SRCH
base="cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(dnaHostname=ipa2.pleiades.uni-wuppertal.de)" attrs=ALL
[12/Aug/2016:07:37:16 +0200] conn=44539 op=12 RESULT err=0 tag=101
nentries=0 etime=0 notes=U
[12/Aug/2016:07:37:16 +0200] conn=44539 op=13 SRCH
base="cn=default,ou=profile,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
filter="(objectClass=*)" attrs=ALL
[12/Aug/2016:07:37:16 +0200] conn=44539 op=13 RESULT err=0 tag=101
nentries=1 etime=0
[12/Aug/2016:07:37:16 +0200] conn=44539 op=14 UNBIND
[12/Aug/2016:07:37:16 +0200] conn=44539 op=14 fd=216 closed - U1

[...]

[12/Aug/2016:07:37:22 +0200] conn=44405 op=30 SRCH
base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
[12/Aug/2016:07:37:22 +0200] conn=44405 op=30 RESULT err=0 tag=101
nentries=0 etime=0

Using a LDAP Browser we saw that there is a "full" (at least it has
entries like CA etc.) entry:

cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de

Would it be safe to delete that to get rid of the problem?

Thanks for your help!!!! Really appreciate that.

  Torsten


-- 
Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de
Bergische Universitaet
Fakult?t 4 - Physik       Tel.: +49 (0)202 439-3521
Gaussstr. 20              Fax : +49 (0)202 439-2811
42097 Wuppertal



From lkrispen at redhat.com  Fri Aug 12 07:13:08 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Fri, 12 Aug 2016 09:13:08 +0200
Subject: [Freeipa-users] unable to delete a replica server
In-Reply-To: <4c86ccef-7f29-c38c-f46d-6649d85bd17c@physik.uni-wuppertal.de>
References: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
	<57ACA0C0.8080702@redhat.com>
	<4c86ccef-7f29-c38c-f46d-6649d85bd17c@physik.uni-wuppertal.de>
Message-ID: <57AD7704.5050606@redhat.com>

Hi Torsten,

I haven't seen which version you are using. There was a bug in ipa where 
it attempted to delete a master before all services were deleted: 
https://fedorahosted.org/freeipa/ticket/5019

You can delete the services below the master by using ldapmodify, but I 
am not sure if this will be sufficient.

Ludwig

On 08/12/2016 08:06 AM, Torsten Harenberg wrote:
> Am 11.08.16 um 17:58 schrieb Rob Crittenden:
>> Torsten Harenberg wrote:
>>> Hi,
>>>
>>> we have three ipa servers
>>>
>>> - ipa
>>> - ipa2
>>> - ipacentos7
>>>
>>> We wanted to re-install ipa2 from scratch as this server gave us strange
>>> issues in the past (for example, you have to do a "ipactl stop && ipactl
>>> start" after boot to have everything running - a step which is not
>>> needed on the other two).
>>>
>>> However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
>>> an error at the end (it scrolled out of the terminal, but ended with
>>> "unexpected error: Not allowed on non-leaf entry").
>>>
>>> It seems to be impossible to get rid of this replica now:
>>>
>>> [root at ipa ~]#  ipa-replica-manage -v -f -c  del
>>> ipa2.pleiades.uni-wuppertal.de
>>> Directory Manager password:
>>>
>>> Cleaning a master is irreversible.
>>> This should not normally be require, so use cautiously.
>>> Continue to clean master? [no]: yes
>>> unexpected error: Not allowed on non-leaf entry
>>> [root at ipa ~]# ipa-replica-manage list
>>> Directory Manager password:
>>>
>>> ipacentos7.pleiades.uni-wuppertal.de: master
>>> ipa.pleiades.uni-wuppertal.de: master
>>> ipa2.pleiades.uni-wuppertal.de: master
>>> [root at ipa ~]#
>>>
>>> [root at ipa ~]#  ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
>>> Directory Manager password:
>>>
>>> Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
>>> 'ipa2.pleiades.uni-wuppertal.de'
>>> [root at ipa ~]# ipa-replica-manage list
>>> Directory Manager password:
>>>
>>> ipacentos7.pleiades.uni-wuppertal.de: master
>>> ipa.pleiades.uni-wuppertal.de: master
>>> ipa2.pleiades.uni-wuppertal.de: master
>>> [root at ipa ~]#
>>>
>>> Any ideas how to proceed from here?
>> Seems like an error that LDAP is throwing. There might be details in
>> /var/log/dirsrv/slapd-REALM/{access|errors}
>>
>> It sounds like when IPA tried to delete some entry it failed because
>> that entry has children. The logs should help pinpoint which entry it is
>> failing on.
>>
>> rob
>
> Hmm.. unfortunately, there is nothing which tells us here something. The
> last entries in error containing "ipa2" are
>
> [11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#
>
> And those stopped after issuing the ipa-replica-manage del command for
> the first time.
>
> Surprisingly, these messages are in the log even for the freshly
> installed "ipacentos7" replica:
>
> [root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# tail -3 errors
> [12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
> [12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
> [12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
> [root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#
>
> The log in access is a bit delayed, but when executing this:
>
> [root at ipa ~]#  ipa-replica-manage -v -f -c  del
> ipa2.pleiades.uni-wuppertal.de
> Directory Manager password:
>
> Cleaning a master is irreversible.
> This should not normally be require, so use cautiously.
> Continue to clean master? [no]: yes
> unexpected error: Not allowed on non-leaf entry
> [root at ipa ~]#
>
> we get a lengthy log like that one here, but these can be completely
> unrelated:
>
>
> [root at ipa ~]# tail -f /var/log/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/access
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=31 SRCH
> base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=31 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=32 SRCH base="cn=Default
> Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2
> filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:74197518-2952-11e5-99a3-00163e040d17))"
> attrs=ALL
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=32 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:48 +0200] conn=44381 op=14 UNBIND
> [12/Aug/2016:07:36:48 +0200] conn=44381 op=14 fd=78 closed - U1
> [12/Aug/2016:07:36:50 +0200] conn=44423 op=14 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:36:50 +0200] conn=44423 op=14 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:51 +0200] conn=44511 op=10 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType"
> [12/Aug/2016:07:36:51 +0200] conn=44511 op=10 RESULT err=0 tag=101
> nentries=0 etime=0
>
>
> *** STARTING COMMAND
>
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=16 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=atlasprd020)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=16 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=17 SRCH
> base="cn=ipausers,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=17 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=18 SRCH
> base="cn=atlasprd,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=18 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=19 SRCH
> base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=19 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=20 SRCH base="cn=Default
> Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2
> filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:1f9346aa-2951-11e5-9d7e-00163e040d17))"
> attrs=ALL
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=20 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=44536 fd=78 slot=78 connection from
> 132.195.124.203 to 132.195.124.12
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=0 SRCH base="" scope=0
> filter="(objectClass=*)" attrs="* altServer namingContexts
> supportedControl supportedExtension supportedFeatures
> supportedLDAPVersion supportedSASLMechanisms
> domaincontrollerfunctionality defaultnamingcontext lastusn
> highestcommittedusn aci"
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=0 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723627 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723627 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723628 SRCH
> base="cn=ipaConfig,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
> filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData
> ipaUserAuthType"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723628 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723629 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723629 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723630 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723630 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723631 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723631 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723632 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723632 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723633 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723633 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723634 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723634 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723635 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723635 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723636 SRCH
> base="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
> gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
> ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
> ipaNTHomeDirectoryDrive"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723636 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723637 SRCH
> base="cn=lustre3.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723637 RESULT err=32 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723638 MOD
> dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723638 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57ad81dc000000040000
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723639 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723639 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723640 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723640 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723641 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723641 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723642 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723642 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723643 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723643 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=1 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=1 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=2 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=2 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=3 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=3 RESULT err=0 tag=97
> nentries=0 etime=0
> dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=4 SRCH
> base="ou=SUDOers,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=lustre3.pleiades.uni-wuppertal.de)(sudoHost=lustre3)(sudoHost=132.195.124.203)(sudoHost=132.195.124.0/23)(sudoHost=fe80::da9d:67ff:fe60:9400)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
> attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
> sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn"
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=4 RESULT err=0 tag=101
> nentries=0 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=8 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=8 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=9 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=9 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=10 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=10 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=27 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=27 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=28 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=28 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=29 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=29 RESULT err=0 tag=101
> nentries=0 etime=0
>
> [...]
>
> [12/Aug/2016:07:37:08 +0200] conn=44382 op=27 fd=184 closed - U1
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=14 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=14 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=15 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=15 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=16 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=16 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=21 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=pnilsson)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=21 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=22 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=zp)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=22 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=23 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=atlact1)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=23 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=24 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=def-cg)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=24 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44383 op=15 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:11 +0200] conn=44383 op=15 RESULT err=0 tag=101
> nentries=0 etime=0
>
> [...]
>
> [12/Aug/2016:07:37:14 +0200] conn=44538 fd=184 slot=184 connection from
> 132.195.124.25 to 132.195.124.12
> [12/Aug/2016:07:37:14 +0200] conn=44538 op=0 SRCH base="" scope=0
> filter="(objectClass=*)" attrs="* altServer namingContexts
> supportedControl supportedExtension supportedFeatures
> supportedLDAPVersion supportedSASLMechanisms
> domaincontrollerfunctionality defaultnamingcontext lastusn
> highestcommittedusn aci"
> [12/Aug/2016:07:37:14 +0200] conn=44538 op=0 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=44539 fd=216 slot=216 SSL connection
> from 132.195.124.12 to 132.195.124.12
> [12/Aug/2016:07:37:14 +0200] conn=44539 TLS1.2 128-bit AES
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=0 BIND dn="cn=directory
> manager" method=128 version=3
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723644 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=1 SRCH base="cn=mapping
> tree,cn=config" scope=2
> filter="(&(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=pleiades,dc=uni-wuppertal,dc=de))(objectClass=nsDSWindowsReplicationAgreement))(nsDS5ReplicaHost=ipa2.pleiades.uni-wuppertal.de))"
> attrs=ALL
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=1 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723644 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723645 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723645 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723646 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723646 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723647 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723647 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723648 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723648 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723649 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723649 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723650 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723650 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723651 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723651 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723652 SRCH
> base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
> gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
> ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
> ipaNTHomeDirectoryDrive"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723652 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723653 SRCH
> base="cn=wnfg005.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723653 RESULT err=32 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723654 MOD
> dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723654 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57ad81ef000000040000
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723655 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723656 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723655 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723657 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723657 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723658 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723656 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723659 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723659 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723658 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=44538 op=1 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=1 RESULT err=14 tag=97
> nentries=0 etime=1, SASL bind in progress
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=2 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=2 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=3 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=3 RESULT err=0 tag=97
> nentries=0 etime=0
> dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=4 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=ipaHost)(fqdn=wnfg005.pleiades.uni-wuppertal.de))"
> attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=4 RESULT err=0 tag=101
> nentries=1 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=5 SRCH
> base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=5 RESULT err=0 tag=101
> nentries=1 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=6 SRCH
> base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=ipasudocmdgrp)(entryusn>=1))" attrs="objectClass
> ipaUniqueID cn member entryusn"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=6 RESULT err=0 tag=101
> nentries=0 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=7 SRCH
> base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de)(memberHost=cn=worker_nodes,cn=hostgroups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de))(entryusn>=1))"
> attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs
> ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser
> sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory
> userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory
> ipaSudoRunAsExtUser ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup entryusn"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=7 RESULT err=0 tag=101
> nentries=0 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=26 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uidNumber=51437)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=26 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=27 SRCH base="cn=Default
> Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2
> filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:93718aaa-2951-11e5-9bdf-00163e040d17))"
> attrs=ALL
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=27 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=2 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(krbPrincipalName=*/ipa2.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)"
> attrs=ALL
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=2 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=3 MOD
> dn="cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=4 MOD
> dn="cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=3 RESULT err=16 tag=103
> nentries=0 etime=0 csn=57ad81f0000200040000
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=4 RESULT err=16 tag=103
> nentries=0 etime=0 csn=57ad81f0000300040000
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=5 MOD
> dn="cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=6 SRCH
> base="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2 filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=6 RESULT err=0 tag=101
> nentries=7 etime=0 notes=U
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=5 RESULT err=16 tag=103
> nentries=0 etime=0 csn=57ad81f0000400040000
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=7 SRCH base="cn=schema"
> scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=7 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=14 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=14 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=15 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=15 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=16 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=16 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=8 DEL
> dn="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=8 RESULT err=66 tag=107
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=9 SRCH
> base="cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
> filter="(objectClass=*)" attrs="aci"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=9 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=10 SRCH
> base="cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="aci"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=10 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=11 SRCH
> base="cn=certificates,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="aci"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=11 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=12 SRCH
> base="cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(dnaHostname=ipa2.pleiades.uni-wuppertal.de)" attrs=ALL
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=12 RESULT err=0 tag=101
> nentries=0 etime=0 notes=U
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=13 SRCH
> base="cn=default,ou=profile,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
> filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=13 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=14 UNBIND
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=14 fd=216 closed - U1
>
> [...]
>
> [12/Aug/2016:07:37:22 +0200] conn=44405 op=30 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:22 +0200] conn=44405 op=30 RESULT err=0 tag=101
> nentries=0 etime=0
>
> Using a LDAP Browser we saw that there is a "full" (at least it has
> entries like CA etc.) entry:
>
> cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de
>
> Would it be safe to delete that to get rid of the problem?
>
> Thanks for your help!!!! Really appreciate that.
>
>    Torsten
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From deepak_dimri at hotmail.com  Fri Aug 12 07:14:19 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Fri, 12 Aug 2016 03:14:19 -0400
Subject: [Freeipa-users] 2FA with Sudo not working
Message-ID: <SNT152-W48503F499CB0190008C95FF51F0@phx.gbl>

Hi All,
I have 2FA (Password +OTP) enabled for a user in freeIPA console. I am able to SSH into my Linux system using Google Authenticator +  SSH key  but when i do sudo su i am getting into below loop even when i am entering valid credential:








-sh-4.2$ sudo su
First Factor: 
Sorry, try again.
First Factor: 
I found couple of email threads having exact same problem https://www.redhat.com/archives/freeipa-users/2016-May/msg00414.htmlbut the rpm fix (sssd-1.13.3-6.fc24.src.rpm)  mentioned did not fix the issue. I have  also downloaded sssd commit mentioned in this link https://bugzilla.redhat.com/show_bug.cgi?id=1276868  but don't know how to install it?
Is there a any clear instructions available on how this sssd bug can be fixed?
Thanks,Deepak

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/8e4fed90/attachment.htm>

From harenberg at physik.uni-wuppertal.de  Fri Aug 12 07:51:17 2016
From: harenberg at physik.uni-wuppertal.de (Torsten Harenberg)
Date: Fri, 12 Aug 2016 09:51:17 +0200
Subject: [Freeipa-users] unable to delete a replica server
In-Reply-To: <57AD7704.5050606@redhat.com>
References: <01b85b80-b086-38c6-e921-f10a91a28f5d@physik.uni-wuppertal.de>
	<57ACA0C0.8080702@redhat.com>
	<4c86ccef-7f29-c38c-f46d-6649d85bd17c@physik.uni-wuppertal.de>
	<57AD7704.5050606@redhat.com>
Message-ID: <8cd93150-8429-9dd8-6c8c-3b52d887cd20@physik.uni-wuppertal.de>

Hi Ludwig,

Am 12.08.16 um 09:13 schrieb Ludwig Krispenz:
> 
> I haven't seen which version you are using. There was a bug in ipa where
> it attempted to delete a master before all services were deleted:
> https://fedorahosted.org/freeipa/ticket/5019
> 
> You can delete the services below the master by using ldapmodify, but I
> am not sure if this will be sufficient.


this is IPA 4.1.4 (still running on FC 21, that is the reason we are
doing this exercise, we want to replace that by a CentOS7 based version
but want to have two running servers during the migration).

So I fear we hit this bug. Thanks for pointing us to that.

We will try to delete the bogus entry in LDAP by hand.

Best regards

  Torsten


-- 
Dr. Torsten Harenberg     harenberg at physik.uni-wuppertal.de
Bergische Universitaet
Fakult?t 4 - Physik       Tel.: +49 (0)202 439-3521
Gaussstr. 20              Fax : +49 (0)202 439-2811
42097 Wuppertal



From jhrozek at redhat.com  Fri Aug 12 07:52:20 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 09:52:20 +0200
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
References: <57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
Message-ID: <20160812075220.GB19405@hendrix>

On Thu, Aug 11, 2016 at 05:02:49PM -0400, Jeff Goddard wrote:
> Manually creating the file and then restarting the service and performing

So according to this:

> (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> Returning info for user [jgoddard at internal.emerlyn.com]
> (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> Retrieving rules for [jgoddard] from [internal.emerlyn.com]
> (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x6dbce0

at least one rule was passed on to sudo to process. Can you look into
the sudo log (not sssd_sudo, but really the log from the sudo
executable, the one you asked sudo to create in /etc/sudo.conf) and see
why sudo didn't allow you to execute anything?



From jhrozek at redhat.com  Fri Aug 12 07:56:23 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 09:56:23 +0200
Subject: [Freeipa-users] 2FA with Sudo not working
In-Reply-To: <SNT152-W48503F499CB0190008C95FF51F0@phx.gbl>
References: <SNT152-W48503F499CB0190008C95FF51F0@phx.gbl>
Message-ID: <20160812075623.GC19405@hendrix>

On Fri, Aug 12, 2016 at 03:14:19AM -0400, Deepak Dimri wrote:
> Hi All,
> I have 2FA (Password +OTP) enabled for a user in freeIPA console. I am able to SSH into my Linux system using Google Authenticator +  SSH key  but when i do sudo su i am getting into below loop even when i am entering valid credential:
> 
> 
> 
> 
> 
> 
> 
> 
> -sh-4.2$ sudo su
> First Factor: 
> Sorry, try again.
> First Factor: 
> I found couple of email threads having exact same problem https://www.redhat.com/archives/freeipa-users/2016-May/msg00414.htmlbut the rpm fix (sssd-1.13.3-6.fc24.src.rpm)  mentioned did not fix the issue. I have  also downloaded sssd commit mentioned in this link https://bugzilla.redhat.com/show_bug.cgi?id=1276868  but don't know how to install it?
> Is there a any clear instructions available on how this sssd bug can be fixed?

Indeed sounds like:
https://fedorahosted.org/sssd/ticket/2971

What version on what OS are you running now?



From jhrozek at redhat.com  Fri Aug 12 08:51:32 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 10:51:32 +0200
Subject: [Freeipa-users] 2FA with Sudo not working
In-Reply-To: <SNT152-W4474FA01724DBB99F484D8F51F0@phx.gbl>
References: <SNT152-W48503F499CB0190008C95FF51F0@phx.gbl>
	<20160812075623.GC19405@hendrix>
	<SNT152-W4474FA01724DBB99F484D8F51F0@phx.gbl>
Message-ID: <20160812085132.GG19405@hendrix>

Please keep the list in CC..

On Fri, Aug 12, 2016 at 04:44:03AM -0400, Deepak Dimri wrote:
> I am running on  "Red Hat Enterprise Linux Server release 7.2 (Maipo)"
> I have seen that link and it says sssd-1.13.3-5.fc22sb.src.rpm &/or sssd-1.13.3-6.fc24.src.rpm  has the fix but then this rpm is not getting installed on my linux :(

For RHEL, this bug will be fixed in 7.3.

> 
> 
> 
> 
> 
> 
> 
> 
> rpm -ivh sssd-1.13.3-6.fc24.src.rpm 
> Updating / installing...
>    1:sssd-1.13.3-6.fc24               ################################# [100%]
> rpm -q sssd-1.13.3-6.fc24

Installing a Fedora RPM on RHEL won't work, sorry..



From lslebodn at redhat.com  Fri Aug 12 10:55:07 2016
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Fri, 12 Aug 2016 12:55:07 +0200
Subject: [Freeipa-users] 2FA with Sudo not working
In-Reply-To: <20160812085132.GG19405@hendrix>
References: <SNT152-W48503F499CB0190008C95FF51F0@phx.gbl>
	<20160812075623.GC19405@hendrix>
	<SNT152-W4474FA01724DBB99F484D8F51F0@phx.gbl>
	<20160812085132.GG19405@hendrix>
Message-ID: <20160812105507.GB15914@10.4.128.1>

On (12/08/16 10:51), Jakub Hrozek wrote:
>Please keep the list in CC..
>
>On Fri, Aug 12, 2016 at 04:44:03AM -0400, Deepak Dimri wrote:
>> I am running on  "Red Hat Enterprise Linux Server release 7.2 (Maipo)"
>> I have seen that link and it says sssd-1.13.3-5.fc22sb.src.rpm &/or sssd-1.13.3-6.fc24.src.rpm  has the fix but then this rpm is not getting installed on my linux :(
>
>For RHEL, this bug will be fixed in 7.3.
>
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> rpm -ivh sssd-1.13.3-6.fc24.src.rpm 
>> Updating / installing...
>>    1:sssd-1.13.3-6.fc24               ################################# [100%]
>> rpm -q sssd-1.13.3-6.fc24
>
>Installing a Fedora RPM on RHEL won't work, sorry..
>
For testing purposes, It would be better to use copr
https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-13/

LS



From sandhoff at uni-wuppertal.de  Fri Aug 12 11:13:10 2016
From: sandhoff at uni-wuppertal.de (Marisa Sandhoff)
Date: Fri, 12 Aug 2016 13:13:10 +0200
Subject: [Freeipa-users] How to replace freeipa servers in client config?
Message-ID: <ac2fe1f4-e364-a704-eea6-2b5c1e5e8f44@uni-wuppertal.de>

Hi,

when we set up our freeipa installation, we did this with initially two
freeipa servers (ipa2 being replica of ipa): ipa and ipa2.
All clients we installed with
ipa-client-install .... --server ipa --server ipa2

Now we would like to retire ipa2 and instead use our new replica ipacentos7.

How can we tell the clients not to use ipa2 anymore and instead of that
ipacentos7?

Sorry if there is an obvious solution, I googled a lot and could not
find anything ...

Thanks a lot for your help!

Best regards,
Marisa

-- 
Dr. Marisa Sandhoff
Experimentelle Elementarteilchenphysik
Fakult?t f?r Mathematik und Naturwissenschaften
Bergische Universitaet Wuppertal
Gaussstr. 20
D-42097 Wuppertal, Germany
-------
marisa.sandhoff at cern.ch
sandhoff at physik.uni-wuppertal.de
Phone +49 202 439 3521



From jhrozek at redhat.com  Fri Aug 12 11:13:14 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 13:13:14 +0200
Subject: [Freeipa-users] 2FA with Sudo not working
In-Reply-To: <20160812105507.GB15914@10.4.128.1>
References: <SNT152-W48503F499CB0190008C95FF51F0@phx.gbl>
	<20160812075623.GC19405@hendrix>
	<SNT152-W4474FA01724DBB99F484D8F51F0@phx.gbl>
	<20160812085132.GG19405@hendrix>
	<20160812105507.GB15914@10.4.128.1>
Message-ID: <20160812111314.GN19405@hendrix>

On Fri, Aug 12, 2016 at 12:55:07PM +0200, Lukas Slebodnik wrote:
> On (12/08/16 10:51), Jakub Hrozek wrote:
> >Please keep the list in CC..
> >
> >On Fri, Aug 12, 2016 at 04:44:03AM -0400, Deepak Dimri wrote:
> >> I am running on  "Red Hat Enterprise Linux Server release 7.2 (Maipo)"
> >> I have seen that link and it says sssd-1.13.3-5.fc22sb.src.rpm &/or sssd-1.13.3-6.fc24.src.rpm  has the fix but then this rpm is not getting installed on my linux :(
> >
> >For RHEL, this bug will be fixed in 7.3.
> >
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> 
> >> rpm -ivh sssd-1.13.3-6.fc24.src.rpm 
> >> Updating / installing...
> >>    1:sssd-1.13.3-6.fc24               ################################# [100%]
> >> rpm -q sssd-1.13.3-6.fc24
> >
> >Installing a Fedora RPM on RHEL won't work, sorry..
> >
> For testing purposes, It would be better to use copr
> https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-13/

With the emphasis on *testing purposes*, of course Red Hat doesn't
support these upstream builds.



From g.schmitz at gtrs.de  Fri Aug 12 11:26:38 2016
From: g.schmitz at gtrs.de (Guido Schmitz)
Date: Fri, 12 Aug 2016 13:26:38 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
	DNSSEC keys
Message-ID: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>

Hi!

I want to migrate my existing DNS setup to FreeIPA. As this existing
setup already uses DNSSEC, I want to import my current DNSSEC keys into
FreeIPA to have a smooth transition over to IPA's DNS. (The authorative
DNS servers for the zones are set up as slaves that get the zone via
AXFR and can seamlessly switch to AXFR from IPA.)

In my test migration, I have created the DNS zone I want to migrate in
FreeIPA and have enabled DNSSEC.

As far as I understand IPA's implementation of DNSSEC, OpenDNSSEC takes
care of key management and key rollover [1]. Hence, I have imported my
existing DNSSEC keys to OpenDNSSEC according to OpenDNSSEC's HOWTO [2]
and OpenDNSSEC correctly shows the imported keys along with the DNSSEC
keys generated by IPA.

I thought that ipa-dnskeysyncd would take care of syncing the keys from
OpenDNSSEC to 389 LDAP, but this does not happen: In 389 LDAP, only the
keys initially created by IPA (while enabling DNSSEC for this zone)
exist and hence, only these keys are used to sign the zone.

Do I need to manually insert my existing DNSSEC keys into the LDAP or
take some other additional steps?

Cheers,
-Guido



[1] https://www.freeipa.org/page/V4/DNSSEC_Support#Implementation
[2] https://wiki.opendnssec.org/display/DOCS/Migrating+to+OpenDNSSEC



From pspacek at redhat.com  Fri Aug 12 11:58:34 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 12 Aug 2016 13:58:34 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
Message-ID: <72abd120-5581-618a-e099-0e09e4483161@redhat.com>

On 12.8.2016 13:26, Guido Schmitz wrote:
> Hi!
> 
> I want to migrate my existing DNS setup to FreeIPA. As this existing
> setup already uses DNSSEC, I want to import my current DNSSEC keys into
> FreeIPA to have a smooth transition over to IPA's DNS. (The authorative
> DNS servers for the zones are set up as slaves that get the zone via
> AXFR and can seamlessly switch to AXFR from IPA.)
> 
> In my test migration, I have created the DNS zone I want to migrate in
> FreeIPA and have enabled DNSSEC.
> 
> As far as I understand IPA's implementation of DNSSEC, OpenDNSSEC takes
> care of key management and key rollover [1]. Hence, I have imported my
> existing DNSSEC keys to OpenDNSSEC according to OpenDNSSEC's HOWTO [2]
> and OpenDNSSEC correctly shows the imported keys along with the DNSSEC
> keys generated by IPA.
> 
> I thought that ipa-dnskeysyncd would take care of syncing the keys from
> OpenDNSSEC to 389 LDAP, but this does not happen: In 389 LDAP, only the
> keys initially created by IPA (while enabling DNSSEC for this zone)
> exist and hence, only these keys are used to sign the zone.
> 
> Do I need to manually insert my existing DNSSEC keys into the LDAP or
> take some other additional steps?

Hello!

In theory ipa-dnskeysyncd should take care of it. The important step is to
ensure that all the imported keys have CKA_EXTRACTABLE PKCS#11 flag (in
SoftHSM) set to TRUE otherwise the synchronization will not work.

Please note that we never tested this so following text is just untested theory:

Start with usual DNSSEC debugging for FreeIPA:
http://www.freeipa.org/page/Troubleshooting#DNSSEC_signing_does_not_work

Besides all other things, I would double-check that (on FreeIPA DNSSEC key
master server):
1) ods-ksmutil key list --verbose
shows the imported keys in state active or publish

2) Command
python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py
shows that keys are CKA_EXTRACTABLE.

3) If all of the above seems to be okay, check logs for ipa-dnskeysyncd and
ipa-ods-exporter services:
journalctl -u ipa-dnskeysyncd -u ipa-ods-exporter

ipa-ods-exporter is the piece doing dirty export work.

I hope it helps.

Petr^2 Spacek


> 
> Cheers,
> -Guido
> 
> 
> 
> [1] https://www.freeipa.org/page/V4/DNSSEC_Support#Implementation
> [2] https://wiki.opendnssec.org/display/DOCS/Migrating+to+OpenDNSSEC
> 


-- 
Petr^2 Spacek



From jhrozek at redhat.com  Fri Aug 12 12:12:54 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 14:12:54 +0200
Subject: [Freeipa-users] How to replace freeipa servers in client config?
In-Reply-To: <ac2fe1f4-e364-a704-eea6-2b5c1e5e8f44@uni-wuppertal.de>
References: <ac2fe1f4-e364-a704-eea6-2b5c1e5e8f44@uni-wuppertal.de>
Message-ID: <20160812121254.GQ19405@hendrix>

On Fri, Aug 12, 2016 at 01:13:10PM +0200, Marisa Sandhoff wrote:
> Hi,
> 
> when we set up our freeipa installation, we did this with initially two
> freeipa servers (ipa2 being replica of ipa): ipa and ipa2.
> All clients we installed with
> ipa-client-install .... --server ipa --server ipa2
> 
> Now we would like to retire ipa2 and instead use our new replica ipacentos7.
> 
> How can we tell the clients not to use ipa2 anymore and instead of that
> ipacentos7?
> 
> Sorry if there is an obvious solution, I googled a lot and could not
> find anything ...

Do the service discovery and failover sections of man sssd-ipa help?



From jgoddard at emerlyn.com  Fri Aug 12 12:31:52 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 12 Aug 2016 08:31:52 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <20160812075220.GB19405@hendrix>
References: <57AB6EB8.7000609@redhat.com>
	<CA+No-6ErCOG5Xpb8w2ektmeMiU6YTtJFjJVLMzPi2WLBF3kMcQ@mail.gmail.com>
	<57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
Message-ID: <CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>

Jakub,

I apologize for my ignorance, can you give me the syntax for that? In the
file I created I only added the statement "debug_level=9". Adding a
"log_file=/var/log/sudo.log" statement does not produce a file. Googling
for syntax returns a bunch of results for the sudoers file. Also of note,
digging around and looking at the auth.log file I see entries such as this:

Aug 12 08:16:27 docker-dev-01 login[29210]: pam_sss(login:auth):
authentication success; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser=
rhost= user=jgoddard
Aug 12 08:16:29 docker-dev-01 login[29210]: pam_unix(login:session):
session opened for user jgoddard by LOGIN(uid=0)
Aug 12 08:16:29 docker-dev-01 systemd: pam_unix(systemd-user:session):
session opened for user jgoddard by (uid=0)
Aug 12 08:16:29 docker-dev-01 systemd-logind[3252]: New session 77 of user
jgoddard.
Aug 12 08:16:37 docker-dev-01 sudo: pam_unix(sudo:auth): authentication
failure; logname=jgoddard uid=320000001 euid=0 tty=/dev/tty1 ruser=jgoddard
rhost=  user=jgoddard
Aug 12 08:16:37 docker-dev-01 sudo: pam_sss(sudo:auth): authentication
success; logname=jgoddard uid=320000001 euid=0 tty=/dev/tty1 ruser=jgoddard
rhost= user=jgoddard
Aug 12 08:16:38 docker-dev-01 sudo: jgoddard : command not allowed ;
TTY=tty1 ; PWD=/home/jgoddard ; USER=root ; COMMAND=list



On Fri, Aug 12, 2016 at 3:52 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Thu, Aug 11, 2016 at 05:02:49PM -0400, Jeff Goddard wrote:
> > Manually creating the file and then restarting the service and performing
>
> So according to this:
>
> > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_user] (0x0400):
> > Returning info for user [jgoddard at internal.emerlyn.com]
> > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [sudosrv_get_rules] (0x0400):
> > Retrieving rules for [jgoddard] from [internal.emerlyn.com]
> > (Thu Aug 11 16:58:29 2016) [sssd[sudo]] [ldb] (0x4000): Added timed event
> > "ltdb_callback": 0x6dbce0
>
> at least one rule was passed on to sudo to process. Can you look into
> the sudo log (not sssd_sudo, but really the log from the sudo
> executable, the one you asked sudo to create in /etc/sudo.conf) and see
> why sudo didn't allow you to execute anything?
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/2d6eec0e/attachment.htm>

From jhrozek at redhat.com  Fri Aug 12 12:37:21 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 14:37:21 +0200
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
References: <57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
Message-ID: <20160812123721.GS19405@hendrix>

On Fri, Aug 12, 2016 at 08:31:52AM -0400, Jeff Goddard wrote:
> Jakub,
> 
> I apologize for my ignorance, can you give me the syntax for that? In the
> file I created I only added the statement "debug_level=9". Adding a
> "log_file=/var/log/sudo.log" statement does not produce a file. Googling
> for syntax returns a bunch of results for the sudoers file. Also of note,
> digging around and looking at the auth.log file I see entries such as this:

As described here:
    https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO

 a) How do I get sudo logs?
     Open /etc/sudo.conf and put down the following lines:
         Debug sudo /var/log/sudo_debug all at debug
         Debug sudoers.so /var/log/sudo_debug all at debug

    Run sudo

    File /var/log/sudo_debug contains sudo logs 



From jgoddard at emerlyn.com  Fri Aug 12 12:53:53 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 12 Aug 2016 08:53:53 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <20160812123721.GS19405@hendrix>
References: <57ACC0DF.6070308@redhat.com>
	<CA+No-6FdeLQJPjknv4-GaQ=QoVk8043yT2w+pVNpAUn4W8yEZA@mail.gmail.com>
	<de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
Message-ID: <CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>

Jakub,

Here is the log file output:

Aug 12 08:45:00 sudo[31732] -> sudo_check_suid @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:828
Aug 12 08:45:00 sudo[31732] <- sudo_check_suid @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:872
Aug 12 08:45:00 sudo[31732] -> save_signals @
/build/sudo-L2mAoN/sudo-1.8.16/src/signal.c:64
Aug 12 08:45:00 sudo[31732] <- save_signals @
/build/sudo-L2mAoN/sudo-1.8.16/src/signal.c:71
Aug 12 08:45:00 sudo[31732] -> sudo_conf_read_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/sudo_conf.c:562
Aug 12 08:45:00 sudo[31732] -> sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:43
Aug 12 08:45:00 sudo[31732] <- sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:62 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 13
Aug 12 08:45:00 sudo[31732] sudo_conf_read_v1: /etc/sudo.conf:1:
unsupported entry: debug_level=9
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 40
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 46
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:117 := -1
Aug 12 08:45:00 sudo[31732] <- sudo_conf_read_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/sudo_conf.c:651 := 1
Aug 12 08:45:00 sudo[31732] -> get_user_info @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:495
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 := user=jgoddard
Aug 12 08:45:00 sudo[31732] -> get_user_groups @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:433
Aug 12 08:45:00 sudo[31732] <- get_user_groups @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:479 :=
groups=320000000,320000001,320000019,320000031
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 := cwd=/home/jgoddard
Aug 12 08:45:00 sudo[31732] -> get_process_ttyname @
/build/sudo-L2mAoN/sudo-1.8.16/src/ttyname.c:484
Aug 12 08:45:00 sudo[31732] -> sudo_ttyname_dev @
/build/sudo-L2mAoN/sudo-1.8.16/src/ttyname.c:320
Aug 12 08:45:00 sudo[31732] comparing dev 34816 to /dev/pts/0: match! @
sudo_ttyname_dev() /build/sudo-L2mAoN/sudo-1.8.16/src/ttyname.c:336
Aug 12 08:45:00 sudo[31732] <- sudo_ttyname_dev @
/build/sudo-L2mAoN/sudo-1.8.16/src/ttyname.c:371 := /dev/pts/0
Aug 12 08:45:00 sudo[31732] <- get_process_ttyname @
/build/sudo-L2mAoN/sudo-1.8.16/src/ttyname.c:526 := /dev/pts/0
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 := tty=/dev/pts/0
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 := host=
docker-dev-01.internal.emerlyn.com
Aug 12 08:45:00 sudo[31732] -> sudo_get_ttysize_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/ttysize.c:67
Aug 12 08:45:00 sudo[31732] -> get_ttysize_ioctl @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/ttysize.c:46
Aug 12 08:45:00 sudo[31732] <- get_ttysize_ioctl @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/ttysize.c:52 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_get_ttysize_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/ttysize.c:83
Aug 12 08:45:00 sudo[31732] <- get_user_info @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:595 := 0x559aca458420
Aug 12 08:45:00 sudo[31732] -> disable_coredumps @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:885
Aug 12 08:45:00 sudo[31732] <- disable_coredumps @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:896
Aug 12 08:45:00 sudo[31732] -> parse_args @
/build/sudo-L2mAoN/sudo-1.8.16/src/parse_args.c:172
Aug 12 08:45:00 sudo[31732] -> get_net_ifs @
/build/sudo-L2mAoN/sudo-1.8.16/src/net_ifs.c:120
Aug 12 08:45:00 sudo[31732] <- get_net_ifs @
/build/sudo-L2mAoN/sudo-1.8.16/src/net_ifs.c:205 := 8
Aug 12 08:45:00 sudo[31732] <- parse_args @
/build/sudo-L2mAoN/sudo-1.8.16/src/parse_args.c:512 := 128
Aug 12 08:45:00 sudo[31732] sudo_mode 128
Aug 12 08:45:00 sudo[31732] -> sudo_load_plugins @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:283
Aug 12 08:45:00 sudo[31732] -> sudo_load_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:160
Aug 12 08:45:00 sudo[31732] -> sudo_check_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:112
Aug 12 08:45:00 sudo[31732] -> sudo_stat_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:46
Aug 12 08:45:00 sudo[31732] <- sudo_stat_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:104 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_check_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:137 := true
Aug 12 08:45:00 sudo[31732] -> sudo_conf_debug_files_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/sudo_conf.c:509
Aug 12 08:45:00 sudo[31732] <- sudo_conf_debug_files_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/sudo_conf.c:532 := 0x559aca457f60
Aug 12 08:45:00 sudo[31732] <- sudo_load_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:255 := true
Aug 12 08:45:00 sudo[31732] -> sudo_load_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:160
Aug 12 08:45:00 sudo[31732] -> sudo_check_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:112
Aug 12 08:45:00 sudo[31732] -> sudo_stat_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:46
Aug 12 08:45:00 sudo[31732] <- sudo_stat_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:104 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_check_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:137 := true
Aug 12 08:45:00 sudo[31732] -> sudo_conf_debug_files_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/sudo_conf.c:509
Aug 12 08:45:00 sudo[31732] <- sudo_conf_debug_files_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/sudo_conf.c:532 := 0x559aca457f60
Aug 12 08:45:00 sudo[31732] <- sudo_load_plugin @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:255 := true
Aug 12 08:45:00 sudo[31732] <- sudo_load_plugins @
/build/sudo-L2mAoN/sudo-1.8.16/src/load_plugins.c:352 := true
Aug 12 08:45:00 sudo[31732] -> policy_open @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:1231
Aug 12 08:45:00 sudo[31732] -> format_plugin_settings @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:1175
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 :=
plugin_path=/usr/lib/sudo/sudoers.so
Aug 12 08:45:00 sudo[31732] settings: progname=sudo
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 := progname=sudo
Aug 12 08:45:00 sudo[31732] settings: network_addrs=
10.72.100.66/255.255.255.0 172.17.0.1/255.255.0.0 10.42.0.1/255.255.0.0
fe80::250:56ff:fe9a:495f/ffff:ffff:ffff:ffff::
fe80::42:43ff:fe27:e955/ffff:ffff:ffff:ffff::
fe80::ac23:29ff:fe04:bb1a/ffff:ffff:ffff:ffff::
fe80::c494:9dff:feed:a7d8/ffff:ffff:ffff:ffff::
fe80::3c27:80ff:fe5b:9f27/ffff:ffff:ffff:ffff::
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 := network_addrs=
10.72.100.66/255.255.255.0 172.17.0.1/255.255.0.0 10.42.0.1/255.255.0.0
fe80::250:56ff:fe9a:495f/ffff:ffff:ffff:ffff::
fe80::42:43ff:fe27:e955/ffff:ffff:ffff:ffff::
fe80::ac23:29ff:fe04:bb1a/ffff:ffff:ffff:ffff::
fe80::c494:9dff:feed:a7d8/ffff:ffff:ffff:ffff::
fe80::3c27:80ff:fe5b:9f27/ffff:ffff:ffff:ffff::
Aug 12 08:45:00 sudo[31732] settings: plugin_dir=/usr/lib/sudo/
Aug 12 08:45:00 sudo[31732] -> sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:44
Aug 12 08:45:00 sudo[31732] <- sudo_new_key_val_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/key_val.c:56 :=
plugin_dir=/usr/lib/sudo/
Aug 12 08:45:00 sudo[31732] <- format_plugin_settings @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:1217 := 0x559aca45d1e0
Aug 12 08:45:00 sudo[31732] -> sudoers_policy_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:154
Aug 12 08:45:00 sudo[31732] -> sudo_setpwent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:365
Aug 12 08:45:00 sudo[31732] -> rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:85
Aug 12 08:45:00 sudo[31732] <- rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:111 :=
0x559aca45d6b0
Aug 12 08:45:00 sudo[31732] -> rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:85
Aug 12 08:45:00 sudo[31732] <- rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:111 :=
0x559aca45d710
Aug 12 08:45:00 sudo[31732] <- sudo_setpwent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:376 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setgrent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:666
Aug 12 08:45:00 sudo[31732] -> rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:85
Aug 12 08:45:00 sudo[31732] <- rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:111 :=
0x559aca45d480
Aug 12 08:45:00 sudo[31732] -> rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:85
Aug 12 08:45:00 sudo[31732] <- rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:111 :=
0x559aca45d9d0
Aug 12 08:45:00 sudo[31732] -> rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:85
Aug 12 08:45:00 sudo[31732] <- rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:111 :=
0x559aca45da30
Aug 12 08:45:00 sudo[31732] <- sudo_setgrent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:679 := 0
Aug 12 08:45:00 sudo[31732] -> env_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:212
Aug 12 08:45:00 sudo[31732] <- env_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:249 := true
Aug 12 08:45:00 sudo[31732] -> init_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:343
Aug 12 08:45:00 sudo[31732] -> store_syslogfac @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:765
Aug 12 08:45:00 sudo[31732] <- store_syslogfac @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:779 := true
Aug 12 08:45:00 sudo[31732] -> store_syslogpri @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:797
Aug 12 08:45:00 sudo[31732] <- store_syslogpri @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:808 := true
Aug 12 08:45:00 sudo[31732] -> store_syslogpri @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:797
Aug 12 08:45:00 sudo[31732] <- store_syslogpri @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:808 := true
Aug 12 08:45:00 sudo[31732] -> store_tuple @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:688
Aug 12 08:45:00 sudo[31732] <- store_tuple @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:709 := true
Aug 12 08:45:00 sudo[31732] -> store_tuple @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:688
Aug 12 08:45:00 sudo[31732] <- store_tuple @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:709 := true
Aug 12 08:45:00 sudo[31732] -> init_envtables @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:1245
Aug 12 08:45:00 sudo[31732] <- init_envtables @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:1282 := true
Aug 12 08:45:00 sudo[31732] <- init_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:516 := true
Aug 12 08:45:00 sudo[31732] -> sudoers_policy_deserialize_info @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/policy.c:82
Aug 12 08:45:00 sudo[31732] -> set_interfaces @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/interfaces.c:58
Aug 12 08:45:00 sudo[31732] <- set_interfaces @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/interfaces.c:100 := true
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 30081
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 320000001
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 320000001
Aug 12 08:45:00 sudo[31732] -> sudo_parse_gids_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/gidlist.c:47
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 320000000
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 320000001
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 320000019
Aug 12 08:45:00 sudo[31732] -> sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:57
Aug 12 08:45:00 sudo[31732] <- sudo_strtoid_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/strtoid.c:121 := 320000031
Aug 12 08:45:00 sudo[31732] <- sudo_parse_gids_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/gidlist.c:84 := 4
Aug 12 08:45:00 sudo[31732] settings: plugin_path=/usr/lib/sudo/sudoers.so
Aug 12 08:45:00 sudo[31732] settings: progname=sudo
Aug 12 08:45:00 sudo[31732] settings: network_addrs=
10.72.100.66/255.255.255.0 172.17.0.1/255.255.0.0 10.42.0.1/255.255.0.0
fe80::250:56ff:fe9a:495f/ffff:ffff:ffff:ffff::
fe80::42:43ff:fe27:e955/ffff:ffff:ffff:ffff::
fe80::ac23:29ff:fe04:bb1a/ffff:ffff:ffff:ffff::
fe80::c494:9dff:feed:a7d8/ffff:ffff:ffff:ffff::
fe80::3c27:80ff:fe5b:9f27/ffff:ffff:ffff:ffff::
Aug 12 08:45:00 sudo[31732] settings: plugin_dir=/usr/lib/sudo/
Aug 12 08:45:00 sudo[31732] settings: debug_flags=/var/log/sudo_debug
all at debug
Aug 12 08:45:00 sudo[31732] user_info: user=jgoddard
Aug 12 08:45:00 sudo[31732] user_info: pid=31732
Aug 12 08:45:00 sudo[31732] user_info: ppid=30081
Aug 12 08:45:00 sudo[31732] user_info: pgid=31732
Aug 12 08:45:00 sudo[31732] user_info: tcpgid=31732
Aug 12 08:45:00 sudo[31732] user_info: sid=30081
Aug 12 08:45:00 sudo[31732] user_info: uid=320000001
Aug 12 08:45:00 sudo[31732] user_info: euid=0
Aug 12 08:45:00 sudo[31732] user_info: gid=320000001
Aug 12 08:45:00 sudo[31732] user_info: egid=320000001
Aug 12 08:45:00 sudo[31732] user_info:
groups=320000000,320000001,320000019,320000031
Aug 12 08:45:00 sudo[31732] user_info: cwd=/home/jgoddard
Aug 12 08:45:00 sudo[31732] user_info: tty=/dev/pts/0
Aug 12 08:45:00 sudo[31732] user_info: host=
docker-dev-01.internal.emerlyn.com
Aug 12 08:45:00 sudo[31732] user_info: lines=52
Aug 12 08:45:00 sudo[31732] user_info: cols=189
Aug 12 08:45:00 sudo[31732] <- sudoers_policy_deserialize_info @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/policy.c:390 := 0
Aug 12 08:45:00 sudo[31732] -> init_vars @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:660
Aug 12 08:45:00 sudo[31732] -> sudo_getpwnam @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:198
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_pwitem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:82
Aug 12 08:45:00 sudo[31732] <- sudo_make_pwitem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:147 :=
0x559aca461560
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_getpwnam: user jgoddard [] -> uid
320000001 [] (cached)
Aug 12 08:45:00 sudo[31732] <- sudo_getpwnam @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:248 :=
0x559aca461588
Aug 12 08:45:00 sudo[31732] -> sudo_get_grlist @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:719
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_grlist_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:243
Aug 12 08:45:00 sudo[31732] -> sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:456
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:164
Aug 12 08:45:00 sudo[31732] <- sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:225 :=
0x559aca461f00
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_getgrgid: gid 320000001 [] -> group
jgoddard [] (cached)
Aug 12 08:45:00 sudo[31732] <- sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:503 :=
0x559aca461f28
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:443
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:445
Aug 12 08:45:00 sudo[31732] -> sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:456
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:164
Aug 12 08:45:00 sudo[31732] <- sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:225 :=
0x559aca462090
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_getgrgid: gid 320000000 [] -> group admins
[] (cached)
Aug 12 08:45:00 sudo[31732] <- sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:503 :=
0x559aca4620b8
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:443
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:445
Aug 12 08:45:00 sudo[31732] -> sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:456
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:164
Aug 12 08:45:00 sudo[31732] <- sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:225 :=
0x559aca462180
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_getgrgid: gid 320000019 [] -> group
developers [] (cached)
Aug 12 08:45:00 sudo[31732] <- sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:503 :=
0x559aca4621a8
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:443
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:445
Aug 12 08:45:00 sudo[31732] -> sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:456
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:164
Aug 12 08:45:00 sudo[31732] <- sudo_make_gritem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:225 :=
0x559aca4622e0
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_getgrgid: gid 320000031 [] -> group
jira-administrators [] (cached)
Aug 12 08:45:00 sudo[31732] <- sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:503 :=
0x559aca462308
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:443
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:445
Aug 12 08:45:00 sudo[31732] <- sudo_make_grlist_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:366 :=
0x559aca461630
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_get_grlist: user jgoddard is a member of
group jgoddard
Aug 12 08:45:00 sudo[31732] sudo_get_grlist: user jgoddard is a member of
group admins
Aug 12 08:45:00 sudo[31732] sudo_get_grlist: user jgoddard is a member of
group developers
Aug 12 08:45:00 sudo[31732] sudo_get_grlist: user jgoddard is a member of
group jira-administrators
Aug 12 08:45:00 sudo[31732] <- sudo_get_grlist @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:760 :=
0x559aca461658
Aug 12 08:45:00 sudo[31732] -> set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:110
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:638
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:640
Aug 12 08:45:00 sudo[31732] set_perms: PERM_INITIAL: ruid: 320000001, euid:
0, suid: 0, rgid: 320000001, egid: 320000001, sgid: 320000001
Aug 12 08:45:00 sudo[31732] <- set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:353 := true
Aug 12 08:45:00 sudo[31732] <- init_vars @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:732 := true
Aug 12 08:45:00 sudo[31732] -> sudo_read_nss @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudo_nss.c:74
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 26
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 26
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 26
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 21
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 25
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 21
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 24
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 28
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 24
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 24
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 23
Aug 12 08:45:00 sudo[31732] -> sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:55
Aug 12 08:45:00 sudo[31732] <- sudo_parseln_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/parseln.c:118 := 18
Aug 12 08:45:00 sudo[31732] <- sudo_read_nss @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudo_nss.c:130 :=
0x7fabc34ce7a0
Aug 12 08:45:00 sudo[31732] -> set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:110
Aug 12 08:45:00 sudo[31732] set_perms: PERM_ROOT: uid: [320000001, 0, 0] ->
[0, 0, 0]
Aug 12 08:45:00 sudo[31732] set_perms: PERM_ROOT: gid: [320000001,
320000001, 320000001] -> [320000001, 0, 320000001]
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:638
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:640
Aug 12 08:45:00 sudo[31732] <- set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:353 := true
Aug 12 08:45:00 sudo[31732] -> sudo_sss_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:318
Aug 12 08:45:00 sudo[31732] handle=0x559aca463620
Aug 12 08:45:00 sudo[31732] <- sudo_sss_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:389 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_sss_parse @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:411
Aug 12 08:45:00 sudo[31732] <- sudo_sss_parse @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:412 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_sss_setdefs @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:423
Aug 12 08:45:00 sudo[31732] Looking for cn=defaults
Aug 12 08:45:00 sudo[31732] <- sudo_sss_setdefs @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:457 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_file_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:76
Aug 12 08:45:00 sudo[31732] -> open_sudoers @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:848
Aug 12 08:45:00 sudo[31732] -> set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:110
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:638
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:640
Aug 12 08:45:00 sudo[31732] set_perms: PERM_SUDOERS: gid: [320000001, 0,
320000001] -> [320000001, 0, 320000001]
Aug 12 08:45:00 sudo[31732] set_perms: PERM_SUDOERS: uid: [0, 0, 0] -> [0,
1, 0]
Aug 12 08:45:00 sudo[31732] <- set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:353 := true
Aug 12 08:45:00 sudo[31732] -> sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:43
Aug 12 08:45:00 sudo[31732] <- sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:62 := 0
Aug 12 08:45:00 sudo[31732] -> restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:366
Aug 12 08:45:00 sudo[31732] restore_perms: uid: [0, 1, 0] -> [0, 0, 0]
Aug 12 08:45:00 sudo[31732] restore_perms: gid: [320000001, 0, 320000001]
-> [320000001, 0, 320000001]
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:00 sudo[31732] <- restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:412 := true
Aug 12 08:45:00 sudo[31732] <- open_sudoers @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:916 :=
0x559aca462a20
Aug 12 08:45:00 sudo[31732] <- sudo_file_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:81 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_file_parse @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:105
Aug 12 08:45:00 sudo[31732] -> init_parser @ gram.y:1029
Aug 12 08:45:00 sudo[31732] -> init_lexer @ toke.l:880
Aug 12 08:45:00 sudo[31732] <- init_lexer @ toke.l:903
Aug 12 08:45:00 sudo[31732] -> init_aliases @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/alias.c:215
Aug 12 08:45:00 sudo[31732] -> rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:85
Aug 12 08:45:00 sudo[31732] <- rbcreate @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:111 :=
0x559aca462c50
Aug 12 08:45:00 sudo[31732] <- init_aliases @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/alias.c:221 := true
Aug 12 08:45:00 sudo[31732] <- init_parser @ gram.y:1155 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_init_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:41
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_init_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:52
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:2 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:3 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:4 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:5 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:6 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:7 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:8 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:9 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:10 DEFAULTS DEFVAR
Aug 12 08:45:00 sudo[31732] -> new_default @ gram.y:895
Aug 12 08:45:00 sudo[31732] <- new_default @ gram.y:910 := 0x559aca4629e0
Aug 12 08:45:00 sudo[31732] -> add_defaults @ gram.y:966
Aug 12 08:45:00 sudo[31732] <- add_defaults @ gram.y:993 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:11 DEFAULTS DEFVAR
Aug 12 08:45:00 sudo[31732] -> new_default @ gram.y:895
Aug 12 08:45:00 sudo[31732] <- new_default @ gram.y:910 := 0x559aca462fa0
Aug 12 08:45:00 sudo[31732] -> add_defaults @ gram.y:966
Aug 12 08:45:00 sudo[31732] <- add_defaults @ gram.y:993 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> append @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:87
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] <- append @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:92 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_default @ gram.y:895
Aug 12 08:45:00 sudo[31732] <- new_default @ gram.y:910 := 0x559aca463070
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:12 DEFAULTS DEFVAR = BEGINSTR
STRBODY ENDSTR WORD(4)
Aug 12 08:45:00 sudo[31732] -> add_defaults @ gram.y:966
Aug 12 08:45:00 sudo[31732] <- add_defaults @ gram.y:993 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:13
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:14 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:15
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:16 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:17
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:18 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:19
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:20 #
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca4630f0
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463120
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463150
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463180
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca4631d0
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:21 WORD(5) ALL = ( ALL : ALL ) ALL
Aug 12 08:45:00 sudo[31732] -> add_userspec @ gram.y:1004
Aug 12 08:45:00 sudo[31732] <- add_userspec @ gram.y:1015 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:22
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:23 #
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463310
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463340
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463370
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca4633c0
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:24 USERGROUP ALL = ( ALL ) ALL
Aug 12 08:45:00 sudo[31732] -> add_userspec @ gram.y:1004
Aug 12 08:45:00 sudo[31732] <- add_userspec @ gram.y:1015 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:25
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:26 #
Aug 12 08:45:00 sudo[31732] -> fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:52
Aug 12 08:45:00 sudo[31732] <- fill_txt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/toke_util.c:80 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca4634e0
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463510
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463540
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca463570
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] -> new_member @ gram.y:917
Aug 12 08:45:00 sudo[31732] <- new_member @ gram.y:929 := 0x559aca4635c0
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:27 USERGROUP ALL = ( ALL : ALL )
ALL
Aug 12 08:45:00 sudo[31732] -> add_userspec @ gram.y:1004
Aug 12 08:45:00 sudo[31732] <- add_userspec @ gram.y:1015 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:28
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:29 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:30
Aug 12 08:45:00 sudo[31732] -> parse_include @ toke.l:1053
Aug 12 08:45:00 sudo[31732] <- parse_include @ toke.l:1111 := /etc/sudoers.d
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:30 INCLUDEDIR
Aug 12 08:45:00 sudo[31732] -> push_include_int @ toke.l:911
Aug 12 08:45:00 sudo[31732] -> sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:43
Aug 12 08:45:00 sudo[31732] <- sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:62 := 0
Aug 12 08:45:00 sudo[31732] -> switch_dir @ toke.l:852
Aug 12 08:45:00 sudo[31732] -> read_dir_files @ toke.l:773
Aug 12 08:45:00 sudo[31732] <- read_dir_files @ toke.l:831 := 1
Aug 12 08:45:00 sudo[31732] <- switch_dir @ toke.l:866 := 1
Aug 12 08:45:00 sudo[31732] -> open_sudoers @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:848
Aug 12 08:45:00 sudo[31732] -> set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:110
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:638
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:640
Aug 12 08:45:00 sudo[31732] set_perms: PERM_SUDOERS: gid: [320000001, 0,
320000001] -> [320000001, 0, 320000001]
Aug 12 08:45:00 sudo[31732] set_perms: PERM_SUDOERS: uid: [0, 0, 0] -> [0,
1, 0]
Aug 12 08:45:00 sudo[31732] <- set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:353 := true
Aug 12 08:45:00 sudo[31732] -> sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:43
Aug 12 08:45:00 sudo[31732] <- sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:62 := 0
Aug 12 08:45:00 sudo[31732] -> restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:366
Aug 12 08:45:00 sudo[31732] restore_perms: uid: [0, 1, 0] -> [0, 0, 0]
Aug 12 08:45:00 sudo[31732] restore_perms: gid: [320000001, 0, 320000001]
-> [320000001, 0, 320000001]
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:00 sudo[31732] <- restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:412 := true
Aug 12 08:45:00 sudo[31732] <- open_sudoers @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:916 :=
0x559aca469c60
Aug 12 08:45:00 sudo[31732] <- push_include_int @ toke.l:1003 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:2 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:3 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:4 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:5 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:6 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:7 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:8 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:9 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:10 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:11 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:12 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:13 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:14 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:15 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:16 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:17 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:18 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:19 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:20 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:21 #
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers.d/README:22 #
Aug 12 08:45:00 sudo[31732] -> pop_include @ toke.l:1011
Aug 12 08:45:00 sudo[31732] <- pop_include @ toke.l:1044 := true
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:159
Aug 12 08:45:00 sudo[31732] -> sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:69
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_expand @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:87 := true
Aug 12 08:45:00 sudo[31732] <- sudo_lbuf_append_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/lbuf.c:190 := true
Aug 12 08:45:00 sudo[31732] /etc/sudoers:31
Aug 12 08:45:00 sudo[31732] -> pop_include @ toke.l:1011
Aug 12 08:45:00 sudo[31732] <- pop_include @ toke.l:1014 := false
Aug 12 08:45:00 sudo[31732] <- sudo_file_parse @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:121 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_file_setdefs @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:130
Aug 12 08:45:00 sudo[31732] -> update_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:531
Aug 12 08:45:00 sudo[31732] -> set_default @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:192
Aug 12 08:45:00 sudo[31732] <- set_default @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:331 := true
Aug 12 08:45:00 sudo[31732] -> set_default @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:192
Aug 12 08:45:00 sudo[31732] <- set_default @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:331 := true
Aug 12 08:45:00 sudo[31732] -> set_default @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:192
Aug 12 08:45:00 sudo[31732] -> store_str @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:715
Aug 12 08:45:00 sudo[31732] <- store_str @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:728 := 1
Aug 12 08:45:00 sudo[31732] <- set_default @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:331 := true
Aug 12 08:45:00 sudo[31732] <- update_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:566 := true
Aug 12 08:45:00 sudo[31732] <- sudo_file_setdefs @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:137 := 0
Aug 12 08:45:00 sudo[31732] -> set_runaspw @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:1082
Aug 12 08:45:00 sudo[31732] -> sudo_getpwnam @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:198
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:284 := (nil)
Aug 12 08:45:00 sudo[31732] -> sudo_make_pwitem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:82
Aug 12 08:45:00 sudo[31732] <- sudo_make_pwitem @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil_impl.c:147 :=
0x559aca462d00
Aug 12 08:45:00 sudo[31732] -> rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:177
Aug 12 08:45:00 sudo[31732] <- rbinsert @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:265 := 0
Aug 12 08:45:00 sudo[31732] sudo_getpwnam: user root [] -> uid 0 [] (cached)
Aug 12 08:45:00 sudo[31732] <- sudo_getpwnam @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:248 :=
0x559aca462d28
Aug 12 08:45:00 sudo[31732] <- set_runaspw @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:1102 := true
Aug 12 08:45:00 sudo[31732] -> update_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:531
Aug 12 08:45:00 sudo[31732] <- update_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:566 := true
Aug 12 08:45:00 sudo[31732] -> set_fqdn @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:1022
Aug 12 08:45:00 sudo[31732] -> resolve_host @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:984
Aug 12 08:45:00 sudo[31732] <- resolve_host @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:1010 := true
Aug 12 08:45:00 sudo[31732] host docker-dev-01.internal.emerlyn.com, shost
docker-dev-01, runhost docker-dev-01.internal.emerlyn.com, srunhost
docker-dev-01.internal.emerlyn.com @ set_fqdn()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:1070
Aug 12 08:45:00 sudo[31732] <- set_fqdn @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:1071 := true
Aug 12 08:45:00 sudo[31732] -> restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:366
Aug 12 08:45:00 sudo[31732] restore_perms: uid: [0, 0, 0] -> [320000001, 0,
0]
Aug 12 08:45:00 sudo[31732] restore_perms: gid: [320000001, 0, 320000001]
-> [320000001, 320000001, 320000001]
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:00 sudo[31732] <- restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:412 := true
Aug 12 08:45:00 sudo[31732] <- sudoers_policy_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:253 := 1
Aug 12 08:45:00 sudo[31732] <- policy_open @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:1261 := 1
Aug 12 08:45:00 sudo[31732] -> init_signals @
/build/sudo-L2mAoN/sudo-1.8.16/src/signal.c:121
Aug 12 08:45:00 sudo[31732] -> pipe_nonblock @
/build/sudo-L2mAoN/sudo-1.8.16/src/exec.c:975
Aug 12 08:45:00 sudo[31732] <- pipe_nonblock @
/build/sudo-L2mAoN/sudo-1.8.16/src/exec.c:993 := 0
Aug 12 08:45:00 sudo[31732] <- init_signals @
/build/sudo-L2mAoN/sudo-1.8.16/src/signal.c:154
Aug 12 08:45:00 sudo[31732] -> policy_list @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:1317
Aug 12 08:45:00 sudo[31732] -> sudoers_policy_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/policy.c:762
Aug 12 08:45:00 sudo[31732] -> sudoers_policy_main @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:266
Aug 12 08:45:00 sudo[31732] -> unlimit_nproc @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:118
Aug 12 08:45:00 sudo[31732] <- unlimit_nproc @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:128
Aug 12 08:45:00 sudo[31732] -> set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:110
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:638
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:640
Aug 12 08:45:00 sudo[31732] set_perms: PERM_INITIAL: ruid: 320000001, euid:
0, suid: 0, rgid: 320000001, egid: 320000001, sgid: 320000001
Aug 12 08:45:00 sudo[31732] <- set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:353 := true
Aug 12 08:45:00 sudo[31732] -> set_cmnd @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:744
Aug 12 08:45:00 sudo[31732] -> update_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:531
Aug 12 08:45:00 sudo[31732] <- update_defaults @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/defaults.c:566 := true
Aug 12 08:45:00 sudo[31732] <- set_cmnd @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:836 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_sss_lookup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:1114
Aug 12 08:45:00 sudo[31732] -> sudo_sss_result_get @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:761
Aug 12 08:45:00 sudo[31732] -> sudo_sss_checkpw @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:467
Aug 12 08:45:00 sudo[31732] <- sudo_sss_checkpw @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:479 := 0
Aug 12 08:45:00 sudo[31732]   username=jgoddard
Aug 12 08:45:00 sudo[31732] domainname=NULL
Aug 12 08:45:00 sudo[31732] state |= USERMATCH
Aug 12 08:45:00 sudo[31732] Received 1 rule(s)
Aug 12 08:45:00 sudo[31732] -> sudo_sss_filter_result @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:223
Aug 12 08:45:00 sudo[31732] in_res=0x559aca458110, count=1, act=INCLUDE
Aug 12 08:45:00 sudo[31732] malloc: cnt=1
Aug 12 08:45:00 sudo[31732] -> sudo_sss_result_filterp @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:746
Aug 12 08:45:00 sudo[31732] -> sudo_sss_check_host @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:653
Aug 12 08:45:00 sudo[31732] val[0]=+office
Aug 12 08:45:00 sudo[31732] -> addr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:195
Aug 12 08:45:00 sudo[31732] -> addr_matches_if @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:56
Aug 12 08:45:00 sudo[31732] <- addr_matches_if @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:66 := false
Aug 12 08:45:00 sudo[31732] IP address +office matches local host: false @
addr_matches()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:206
Aug 12 08:45:00 sudo[31732] <- addr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:207 := false
Aug 12 08:45:00 sudo[31732] -> netgr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1015
Aug 12 08:45:00 sudo[31732] -> sudo_getdomainname @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:953
Aug 12 08:45:00 sudo[31732] <- sudo_getdomainname @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:992 := (null)
Aug 12 08:45:00 sudo[31732] netgroup office matches (
docker-dev-01.internal.emerlyn.com|docker-dev-01.internal.emerlyn.com,
jgoddard, ): false @ netgr_matches()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1041
Aug 12 08:45:00 sudo[31732] <- netgr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1044 := false
Aug 12 08:45:00 sudo[31732] -> hostname_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:819
Aug 12 08:45:00 sudo[31732] host docker-dev-01.internal.emerlyn.com matches
sudoers pattern +office: false @ hostname_matches()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:829
Aug 12 08:45:00 sudo[31732] <- hostname_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:830 := false
Aug 12 08:45:00 sudo[31732] sssd/ldap sudoHost '+office' ... not
Aug 12 08:45:00 sudo[31732] <- sudo_sss_check_host @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:687 := false
Aug 12 08:45:00 sudo[31732] <- sudo_sss_result_filterp @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:752 := 0
Aug 12 08:45:00 sudo[31732] reallocating result: 0x559aca464860 (count: 1
-> 0)
Aug 12 08:45:00 sudo[31732] <- sudo_sss_filter_result @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:295 := 0x559aca458270
Aug 12 08:45:00 sudo[31732] u_sss_result=(0x559aca458110, 1) =>
f_sss_result=(0x559aca458270, 0)
Aug 12 08:45:00 sudo[31732] <- sudo_sss_result_get @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:827 := 0x559aca458270
Aug 12 08:45:00 sudo[31732] perform search for pwflag 54
Aug 12 08:45:00 sudo[31732] Done with LDAP searches
Aug 12 08:45:00 sudo[31732] sudo_sss_lookup(54)=0x80
Aug 12 08:45:00 sudo[31732] <- sudo_sss_lookup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:1227 := 128
Aug 12 08:45:00 sudo[31732] -> sudo_file_lookup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:153
Aug 12 08:45:00 sudo[31732] -> userlist_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:102
Aug 12 08:45:00 sudo[31732] -> userpw_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:843
Aug 12 08:45:00 sudo[31732] user jgoddard matches sudoers user root: false
@ userpw_matches()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:856
Aug 12 08:45:00 sudo[31732] <- userpw_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:857 := false
Aug 12 08:45:00 sudo[31732] <- userlist_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:136 := -1
Aug 12 08:45:00 sudo[31732] -> userlist_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:102
Aug 12 08:45:00 sudo[31732] -> usergr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:896
Aug 12 08:45:00 sudo[31732] -> user_in_group @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:805
Aug 12 08:45:00 sudo[31732] -> sudo_get_grlist @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:719
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:281 :=
0x559aca461f70
Aug 12 08:45:00 sudo[31732] <- sudo_get_grlist @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:760 :=
0x559aca461658
Aug 12 08:45:00 sudo[31732] -> sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:456
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:281 :=
0x559aca461fe0
Aug 12 08:45:00 sudo[31732] sudo_getgrgid: gid 320000001 [] -> group
jgoddard [] (cache hit)
Aug 12 08:45:00 sudo[31732] <- sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:503 :=
0x559aca461f28
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:443
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:445
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in group admin
Aug 12 08:45:00 sudo[31732] <- user_in_group @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false
Aug 12 08:45:00 sudo[31732] user jgoddard matches group admin: false @
usergr_matches() /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:940
Aug 12 08:45:00 sudo[31732] <- usergr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:941 := false
Aug 12 08:45:00 sudo[31732] <- userlist_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:136 := -1
Aug 12 08:45:00 sudo[31732] -> userlist_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:102
Aug 12 08:45:00 sudo[31732] -> usergr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:896
Aug 12 08:45:00 sudo[31732] -> user_in_group @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:805
Aug 12 08:45:00 sudo[31732] -> sudo_get_grlist @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:719
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:281 :=
0x559aca461f70
Aug 12 08:45:00 sudo[31732] <- sudo_get_grlist @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:760 :=
0x559aca461658
Aug 12 08:45:00 sudo[31732] -> sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:456
Aug 12 08:45:00 sudo[31732] -> rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:277
Aug 12 08:45:00 sudo[31732] <- rbfind @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:281 :=
0x559aca461fe0
Aug 12 08:45:00 sudo[31732] sudo_getgrgid: gid 320000001 [] -> group
jgoddard [] (cache hit)
Aug 12 08:45:00 sudo[31732] <- sudo_getgrgid @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:503 :=
0x559aca461f28
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:443
Aug 12 08:45:00 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:00 sudo[31732] <- sudo_gr_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:445
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:00 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:00 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in group sudo
Aug 12 08:45:00 sudo[31732] <- user_in_group @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false
Aug 12 08:45:00 sudo[31732] user jgoddard matches group sudo: false @
usergr_matches() /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:940
Aug 12 08:45:00 sudo[31732] <- usergr_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:941 := false
Aug 12 08:45:00 sudo[31732] <- userlist_matches @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:136 := -1
Aug 12 08:45:00 sudo[31732] <- sudo_file_lookup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/parse.c:202 := 132
Aug 12 08:45:00 sudo[31732] -> rebuild_env @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:850
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep XDG_SESSION_ID=79: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := true
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := 1
Aug 12 08:45:00 sudo[31732] keep TERM=xterm: YES
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := true
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: TERM=xterm
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep SHELL=/bin/bash: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep SSH_CLIENT=10.72.110.104 27271 22: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep SSH_TTY=/dev/pts/0: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep USER=jgoddard: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := true
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := true
Aug 12 08:45:00 sudo[31732] keep
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36::
YES
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := true
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv:
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep MAIL=/var/mail/jgoddard: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := true
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := true
Aug 12 08:45:00 sudo[31732] keep
PATH=/home/jgoddard/bin:/home/jgoddard/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:
YES
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := true
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv:
PATH=/home/jgoddard/bin:/home/jgoddard/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep PWD=/home/jgoddard: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := true
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := 1
Aug 12 08:45:00 sudo[31732] keep LANG=en_US.UTF-8: YES
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := true
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: LANG=en_US.UTF-8
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := true
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := true
Aug 12 08:45:00 sudo[31732] keep KRB5CCNAME=KEYRING:persistent:320000001:
YES
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := true
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv:
KRB5CCNAME=KEYRING:persistent:320000001
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep SHLVL=1: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := true
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := true
Aug 12 08:45:00 sudo[31732] keep HOME=/home/jgoddard: YES
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := true
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: HOME=/home/jgoddard
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep LOGNAME=jgoddard: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep SSH_CONNECTION=10.72.110.104 27271
10.72.100.66 22: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep LESSOPEN=| /usr/bin/lesspipe %s: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep XDG_RUNTIME_DIR=/run/user/320000001: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep LESSCLOSE=/usr/bin/lesspipe %s %s: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:745
Aug 12 08:45:00 sudo[31732] -> matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:670
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_check @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:683 := -1
Aug 12 08:45:00 sudo[31732] -> matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:694
Aug 12 08:45:00 sudo[31732] -> matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:574
Aug 12 08:45:00 sudo[31732] <- matches_env_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:596 := false
Aug 12 08:45:00 sudo[31732] <- matches_env_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:702 := false
Aug 12 08:45:00 sudo[31732] keep _=/usr/bin/sudo: NO
Aug 12 08:45:00 sudo[31732] <- env_should_keep @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:760 := false
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: MAIL=/var/mail/root
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] -> user_is_exempt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:270
Aug 12 08:45:00 sudo[31732] <- user_is_exempt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:274 := false
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: LOGNAME=root
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: USER=root
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: USERNAME=root
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: SHELL=/bin/bash
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: SUDO_COMMAND=list
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: SUDO_USER=jgoddard
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: SUDO_UID=320000001
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] -> sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:395
Aug 12 08:45:00 sudo[31732] -> sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:370
Aug 12 08:45:00 sudo[31732] sudo_putenv: SUDO_GID=320000001
Aug 12 08:45:00 sudo[31732] <- sudo_putenv @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:381 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_setenv2 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:418 := 0
Aug 12 08:45:00 sudo[31732] <- rebuild_env @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/env.c:1081 := true
Aug 12 08:45:00 sudo[31732] -> check_user @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:179
Aug 12 08:45:00 sudo[31732] -> get_authpw @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:286
Aug 12 08:45:00 sudo[31732] -> sudo_pw_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:101
Aug 12 08:45:00 sudo[31732] <- sudo_pw_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:103
Aug 12 08:45:00 sudo[31732] <- get_authpw @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:317 := 0x559aca461588
Aug 12 08:45:00 sudo[31732] -> sudo_auth_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:98
Aug 12 08:45:00 sudo[31732] -> sudo_pam_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:91
Aug 12 08:45:00 sudo[31732] <- sudo_pam_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:143 := 0
Aug 12 08:45:00 sudo[31732] <- sudo_auth_init @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:158 := 0
Aug 12 08:45:00 sudo[31732] -> user_is_exempt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:270
Aug 12 08:45:00 sudo[31732] <- user_is_exempt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:274 := false
Aug 12 08:45:00 sudo[31732] -> check_user_interactive @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:96
Aug 12 08:45:00 sudo[31732] -> sudo_pw_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:101
Aug 12 08:45:00 sudo[31732] <- sudo_pw_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:103
Aug 12 08:45:00 sudo[31732] -> timestamp_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:376
Aug 12 08:45:00 sudo[31732] -> ts_secure_dir @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:204
Aug 12 08:45:00 sudo[31732] checking /var/run/sudo/ts @ ts_secure_dir()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:206
Aug 12 08:45:00 sudo[31732] -> sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:43
Aug 12 08:45:00 sudo[31732] <- sudo_secure_path @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/secure_path.c:62 := 0
Aug 12 08:45:00 sudo[31732] <- ts_secure_dir @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:237 := true
Aug 12 08:45:00 sudo[31732] -> ts_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:251
Aug 12 08:45:00 sudo[31732] <- ts_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:268 := 14
Aug 12 08:45:00 sudo[31732] -> get_boottime @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/boottime.c:67
Aug 12 08:45:00 sudo[31732] found btime in /proc/stat: 1470836613 @
get_boottime() /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/boottime.c:82
Aug 12 08:45:00 sudo[31732] <- get_boottime @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/boottime.c:94 := true
Aug 12 08:45:00 sudo[31732] <- timestamp_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:434 :=
0x559aca471d40
Aug 12 08:45:00 sudo[31732] -> timestamp_lock @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:570
Aug 12 08:45:00 sudo[31732] -> timestamp_lock_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:460
Aug 12 08:45:00 sudo[31732] -> sudo_lock_region_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/locking.c:60
Aug 12 08:45:00 sudo[31732] <- sudo_lock_region_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/locking.c:76 := true
Aug 12 08:45:00 sudo[31732] <- timestamp_lock_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:497 := true
Aug 12 08:45:00 sudo[31732] searching for tty time stamp record @
timestamp_lock()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:607
Aug 12 08:45:00 sudo[31732] -> ts_fill4 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:326
Aug 12 08:45:00 sudo[31732] <- ts_fill4 @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:351
Aug 12 08:45:00 sudo[31732] -> ts_find_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:117
Aug 12 08:45:00 sudo[31732] -> ts_match_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:77
Aug 12 08:45:00 sudo[31732] <- ts_match_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:96 := false
Aug 12 08:45:00 sudo[31732] -> ts_match_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:77
Aug 12 08:45:00 sudo[31732] <- ts_match_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:102 := true
Aug 12 08:45:00 sudo[31732] <- ts_find_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:135 := true
Aug 12 08:45:00 sudo[31732] found existing tty time stamp record @
timestamp_lock()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:611
Aug 12 08:45:00 sudo[31732] tty time stamp position is 80 @
timestamp_lock()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:621
Aug 12 08:45:00 sudo[31732] -> timestamp_unlock_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:503
Aug 12 08:45:00 sudo[31732] -> sudo_lock_region_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/locking.c:60
Aug 12 08:45:00 sudo[31732] <- sudo_lock_region_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/locking.c:76 := true
Aug 12 08:45:00 sudo[31732] <- timestamp_unlock_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:510 := true
Aug 12 08:45:00 sudo[31732] -> timestamp_lock_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:460
Aug 12 08:45:00 sudo[31732] -> sudo_lock_region_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/locking.c:60
Aug 12 08:45:00 sudo[31732] <- sudo_lock_region_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/locking.c:76 := true
Aug 12 08:45:00 sudo[31732] <- timestamp_lock_record @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:497 := true
Aug 12 08:45:00 sudo[31732] <- timestamp_lock @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:656 := true
Aug 12 08:45:00 sudo[31732] -> timestamp_status @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:689
Aug 12 08:45:00 sudo[31732] -> ts_read @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:521
Aug 12 08:45:00 sudo[31732] read 40 byte record at 80 @ ts_read()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:549
Aug 12 08:45:00 sudo[31732] <- ts_read @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:556 := 40
Aug 12 08:45:00 sudo[31732] time stamp record disabled @ timestamp_status()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:720
Aug 12 08:45:00 sudo[31732] <- timestamp_status @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:780 := 1
Aug 12 08:45:00 sudo[31732] -> display_lecture @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:233
Aug 12 08:45:00 sudo[31732] <- display_lecture @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:237 := false
Aug 12 08:45:00 sudo[31732] -> expand_prompt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/prompt.c:49
Aug 12 08:45:00 sudo[31732] <- expand_prompt @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/prompt.c:156 := [sudo]
password for jgoddard:
Aug 12 08:45:00 sudo[31732] -> verify_user @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:220
Aug 12 08:45:00 sudo[31732] -> sudo_pam_verify @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:151
Aug 12 08:45:00 sudo[31732] -> converse @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:393
Aug 12 08:45:00 sudo[31732] number of PAM messages: 1 @ converse()
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:401
Aug 12 08:45:00 sudo[31732] -> auth_getpass @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:404
Aug 12 08:45:00 sudo[31732] -> tgetpass @
/build/sudo-L2mAoN/sudo-1.8.16/src/tgetpass.c:93
Aug 12 08:45:00 sudo[31732] -> tty_present @
/build/sudo-L2mAoN/sudo-1.8.16/src/tgetpass.c:383
Aug 12 08:45:00 sudo[31732] <- tty_present @
/build/sudo-L2mAoN/sudo-1.8.16/src/tgetpass.c:384 := true
Aug 12 08:45:00 sudo[31732] -> sudo_term_noecho_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/term.c:130
Aug 12 08:45:00 sudo[31732] <- sudo_term_noecho_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/term.c:141 := true
Aug 12 08:45:00 sudo[31732] -> getln @
/build/sudo-L2mAoN/sudo-1.8.16/src/tgetpass.c:326
Aug 12 08:45:04 sudo[31732] <- getln @
/build/sudo-L2mAoN/sudo-1.8.16/src/tgetpass.c:369 := *********
Aug 12 08:45:04 sudo[31732] -> sudo_term_restore_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/term.c:112
Aug 12 08:45:04 sudo[31732] <- sudo_term_restore_v1 @
/build/sudo-L2mAoN/sudo-1.8.16/lib/util/term.c:120 := true
Aug 12 08:45:04 sudo[31732] <- tgetpass @
/build/sudo-L2mAoN/sudo-1.8.16/src/tgetpass.c:245 := *********
Aug 12 08:45:04 sudo[31732] <- auth_getpass @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:433 :=
*********
Aug 12 08:45:04 sudo[31732] <- converse @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:493 := 0
Aug 12 08:45:05 sudo[31732] <- sudo_pam_verify @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:168 := 0
Aug 12 08:45:05 sudo[31732] <- verify_user @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:331 := 1
Aug 12 08:45:05 sudo[31732] -> timestamp_close @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:663
Aug 12 08:45:05 sudo[31732] <- timestamp_close @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/timestamp.c:671
Aug 12 08:45:05 sudo[31732] -> sudo_pw_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:121
Aug 12 08:45:05 sudo[31732] -> sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:110
Aug 12 08:45:05 sudo[31732] <- sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:115
Aug 12 08:45:05 sudo[31732] <- sudo_pw_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:123
Aug 12 08:45:05 sudo[31732] <- check_user_interactive @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:167 := 1
Aug 12 08:45:05 sudo[31732] -> sudo_auth_cleanup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:170
Aug 12 08:45:05 sudo[31732] -> sudo_pam_cleanup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:214
Aug 12 08:45:05 sudo[31732] <- sudo_pam_cleanup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/pam.c:221 := 0
Aug 12 08:45:05 sudo[31732] <- sudo_auth_cleanup @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/auth/sudo_auth.c:180 := 0
Aug 12 08:45:05 sudo[31732] -> sudo_pw_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:121
Aug 12 08:45:05 sudo[31732] -> sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:110
Aug 12 08:45:05 sudo[31732] <- sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:115
Aug 12 08:45:05 sudo[31732] <- sudo_pw_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:123
Aug 12 08:45:05 sudo[31732] <- check_user @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/check.c:218 := 1
Aug 12 08:45:05 sudo[31732] -> log_failure @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:289
Aug 12 08:45:05 sudo[31732] -> log_denial @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:207
Aug 12 08:45:05 sudo[31732] -> audit_failure @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/audit.c:63
Aug 12 08:45:05 sudo[31732] -> linux_audit_command @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/linux_audit.c:65
Aug 12 08:45:05 sudo[31732] -> linux_audit_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/linux_audit.c:42
Aug 12 08:45:05 sudo[31732] <- linux_audit_open @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/linux_audit.c:56 := 14
Aug 12 08:45:05 sudo[31732] <- linux_audit_command @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/linux_audit.c:103 := 0
Aug 12 08:45:05 sudo[31732] <- audit_failure @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/audit.c:96 := 0
Aug 12 08:45:05 sudo[31732] -> new_logline @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:793
Aug 12 08:45:05 sudo[31732] <- new_logline @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:921 := command not
allowed ; TTY=pts/0 ; PWD=/home/jgoddard ; USER=root ; COMMAND=list
Aug 12 08:45:05 sudo[31732] -> set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:110
Aug 12 08:45:05 sudo[31732] set_perms: PERM_ROOT: uid: [320000001, 0, 0] ->
[0, 0, 0]
Aug 12 08:45:05 sudo[31732] set_perms: PERM_ROOT: gid: [320000001,
320000001, 320000001] -> [320000001, 0, 320000001]
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:638
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_addref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:640
Aug 12 08:45:05 sudo[31732] <- set_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:353 := true
Aug 12 08:45:05 sudo[31732] -> should_mail @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:756
Aug 12 08:45:05 sudo[31732] <- should_mail @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:762 := false
Aug 12 08:45:05 sudo[31732] -> do_syslog @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:99
Aug 12 08:45:05 sudo[31732] -> mysyslog @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:77
Aug 12 08:45:05 sudo[31732] <- mysyslog @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:85
Aug 12 08:45:05 sudo[31732] <- do_syslog @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:140
Aug 12 08:45:05 sudo[31732] -> restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:366
Aug 12 08:45:05 sudo[31732] restore_perms: uid: [0, 0, 0] -> [320000001, 0,
0]
Aug 12 08:45:05 sudo[31732] restore_perms: gid: [320000001, 0, 320000001]
-> [320000001, 320000001, 320000001]
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:05 sudo[31732] <- restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:412 := true
Aug 12 08:45:05 sudo[31732] <- log_denial @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:279 := true
Aug 12 08:45:05 sudo[31732] <- log_failure @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/logging.c:311 := true
Aug 12 08:45:05 sudo[31732] -> rewind_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:80
Aug 12 08:45:05 sudo[31732] -> restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:366
Aug 12 08:45:05 sudo[31732] restore_perms: uid: [320000001, 0, 0] ->
[320000001, 0, 0]
Aug 12 08:45:05 sudo[31732] restore_perms: gid: [320000001, 320000001,
320000001] -> [320000001, 320000001, 320000001]
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:05 sudo[31732] <- restore_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:412 := true
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:658
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:660
Aug 12 08:45:05 sudo[31732] <- rewind_perms @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/set_perms.c:90 := true
Aug 12 08:45:05 sudo[31732] -> restore_nproc @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:139
Aug 12 08:45:05 sudo[31732] <- restore_nproc @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:144
Aug 12 08:45:05 sudo[31732] -> sudo_endpwent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:399
Aug 12 08:45:05 sudo[31732] -> sudo_freepwcache @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:382
Aug 12 08:45:05 sudo[31732] -> rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:363
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] <- rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:366
Aug 12 08:45:05 sudo[31732] -> rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:363
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:110
Aug 12 08:45:05 sudo[31732] <- sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:115
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:110
Aug 12 08:45:05 sudo[31732] <- sudo_pw_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:115
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] <- rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:366
Aug 12 08:45:05 sudo[31732] <- sudo_freepwcache @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:393
Aug 12 08:45:05 sudo[31732] <- sudo_endpwent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:404
Aug 12 08:45:05 sudo[31732] -> sudo_endgrent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:706
Aug 12 08:45:05 sudo[31732] -> sudo_freegrcache @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:685
Aug 12 08:45:05 sudo[31732] -> rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:363
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:05 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:05 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:05 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:432
Aug 12 08:45:05 sudo[31732] <- sudo_gr_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:437
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] <- rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:366
Aug 12 08:45:05 sudo[31732] -> rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:363
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] <- rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:366
Aug 12 08:45:05 sudo[31732] -> rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:363
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:345
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] -> sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:647
Aug 12 08:45:05 sudo[31732] <- sudo_grlist_delref_item @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:652
Aug 12 08:45:05 sudo[31732] <- rbdestroy_int @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:353
Aug 12 08:45:05 sudo[31732] <- rbdestroy @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/redblack.c:366
Aug 12 08:45:05 sudo[31732] <- sudo_freegrcache @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:700
Aug 12 08:45:05 sudo[31732] <- sudo_endgrent @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:711
Aug 12 08:45:05 sudo[31732] <- sudoers_policy_main @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sudoers.c:649 := 0
Aug 12 08:45:05 sudo[31732] <- sudoers_policy_list @
/build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/policy.c:784 := 0
Aug 12 08:45:05 sudo[31732] <- policy_list @
/build/sudo-L2mAoN/sudo-1.8.16/src/sudo.c:1327 := 0


Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/857565dd/attachment.htm>

From pspacek at redhat.com  Fri Aug 12 13:41:53 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 12 Aug 2016 15:41:53 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <72abd120-5581-618a-e099-0e09e4483161@redhat.com>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
Message-ID: <a4e5f219-c366-c82d-3c7e-21c9d4c21e3a@redhat.com>

On 12.8.2016 13:58, Petr Spacek wrote:
> On 12.8.2016 13:26, Guido Schmitz wrote:
>> Hi!
>>
>> I want to migrate my existing DNS setup to FreeIPA. As this existing
>> setup already uses DNSSEC, I want to import my current DNSSEC keys into
>> FreeIPA to have a smooth transition over to IPA's DNS. (The authorative
>> DNS servers for the zones are set up as slaves that get the zone via
>> AXFR and can seamlessly switch to AXFR from IPA.)
>>
>> In my test migration, I have created the DNS zone I want to migrate in
>> FreeIPA and have enabled DNSSEC.
>>
>> As far as I understand IPA's implementation of DNSSEC, OpenDNSSEC takes
>> care of key management and key rollover [1]. Hence, I have imported my
>> existing DNSSEC keys to OpenDNSSEC according to OpenDNSSEC's HOWTO [2]
>> and OpenDNSSEC correctly shows the imported keys along with the DNSSEC
>> keys generated by IPA.
>>
>> I thought that ipa-dnskeysyncd would take care of syncing the keys from
>> OpenDNSSEC to 389 LDAP, but this does not happen: In 389 LDAP, only the
>> keys initially created by IPA (while enabling DNSSEC for this zone)
>> exist and hence, only these keys are used to sign the zone.
>>
>> Do I need to manually insert my existing DNSSEC keys into the LDAP or
>> take some other additional steps?
> 
> Hello!
> 
> In theory ipa-dnskeysyncd should take care of it. The important step is to
> ensure that all the imported keys have CKA_EXTRACTABLE PKCS#11 flag (in
> SoftHSM) set to TRUE otherwise the synchronization will not work.
> 
> Please note that we never tested this so following text is just untested theory:
> 
> Start with usual DNSSEC debugging for FreeIPA:
> http://www.freeipa.org/page/Troubleshooting#DNSSEC_signing_does_not_work
> 
> Besides all other things, I would double-check that (on FreeIPA DNSSEC key
> master server):
> 1) ods-ksmutil key list --verbose
> shows the imported keys in state active or publish
> 
> 2) Command
> python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py
> shows that keys are CKA_EXTRACTABLE.
> 
> 3) If all of the above seems to be okay, check logs for ipa-dnskeysyncd and
> ipa-ods-exporter services:
> journalctl -u ipa-dnskeysyncd -u ipa-ods-exporter
> 
> ipa-ods-exporter is the piece doing dirty export work.
> 
> I hope it helps.

Please note that on Fedora 24 you might be hitting this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1366640

> Petr^2 Spacek
> 
> 
>>
>> Cheers,
>> -Guido
>>
>>
>>
>> [1] https://www.freeipa.org/page/V4/DNSSEC_Support#Implementation
>> [2] https://wiki.opendnssec.org/display/DOCS/Migrating+to+OpenDNSSEC



From jhrozek at redhat.com  Fri Aug 12 13:58:39 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 12 Aug 2016 15:58:39 +0200
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
Message-ID: <20160812135839.GV19405@hendrix>

On Fri, Aug 12, 2016 at 08:53:53AM -0400, Jeff Goddard wrote:
> Jakub,
> 
> Here is the log file output:

How is the sudorule defined?

> Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in group admin
> Aug 12 08:45:00 sudo[31732] <- user_in_group @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false
> Aug 12 08:45:00 sudo[31732] user jgoddard matches group admin: false @
> usergr_matches() /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:940
> Aug 12 08:45:00 sudo[31732] <- usergr_matches @

Here it looks like sudo tried to match user's groups against the groups
allowed to run sudo and admin didn't match.



From jgoddard at emerlyn.com  Fri Aug 12 14:00:12 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 12 Aug 2016 10:00:12 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <20160812135839.GV19405@hendrix>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
Message-ID: <CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>

The rule is defined that all members of the developer group have sudo
access to all commands available on the machines in the office group.

Jeff

On Fri, Aug 12, 2016 at 9:58 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Fri, Aug 12, 2016 at 08:53:53AM -0400, Jeff Goddard wrote:
> > Jakub,
> >
> > Here is the log file output:
>
> How is the sudorule defined?
>
> > Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in group
> admin
> > Aug 12 08:45:00 sudo[31732] <- user_in_group @
> > /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false
> > Aug 12 08:45:00 sudo[31732] user jgoddard matches group admin: false @
> > usergr_matches() /build/sudo-L2mAoN/sudo-1.8.
> 16/plugins/sudoers/match.c:940
> > Aug 12 08:45:00 sudo[31732] <- usergr_matches @
>
> Here it looks like sudo tried to match user's groups against the groups
> allowed to run sudo and admin didn't match.
>



-- 
Jeff Goddard
Director of Information Technology
Emerlyn Technology

Email: jgoddard at emerlyn.com
Telephone: (603) 447-8571
Toll free: (888) 363-7596 ext. 108
Fax: (603) 356-3346
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/4b21d48f/attachment.htm>

From Louis.Francoeur at esignlive.com  Fri Aug 12 14:10:18 2016
From: Louis.Francoeur at esignlive.com (Louis Francoeur)
Date: Fri, 12 Aug 2016 14:10:18 +0000
Subject: [Freeipa-users] Problem with replication
Message-ID: <1471011018717.92378@esignlive.com>

Since the rpm update to ipa-server-dns-4.2.0-15.0.1.el7.centos.18.x86_64 (running on Centos 7),


most of my replication started to failed with:


last update status: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server


Then setup contains about 10 ipa servers in 5 different locations.


But i went and ran an ipa-replica-conncheck i get this:


# ipa-replica-conncheck --replica server.domain.local
Check connection from master to remote replica 'server.domain.local':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): WARNING
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): WARNING
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.

Connection from master to replica is OK.



I even ran the following without issue:

# kinit -kt /etc/dirsrv/ds.keytab ldap/`hostname`
# klist
# ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
# ldapsearch -Y GSSAPI -h the.other.master.fqdn -b "" -s base

Not really sure what to check for next?

Any hint?


Thanks

Louis Francoeur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/bb59b89d/attachment.htm>

From lkrispen at redhat.com  Fri Aug 12 15:17:59 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Fri, 12 Aug 2016 17:17:59 +0200
Subject: [Freeipa-users] Problem with replication
In-Reply-To: <1471011018717.92378@esignlive.com>
References: <1471011018717.92378@esignlive.com>
Message-ID: <57ADE8A7.3080509@redhat.com>


On 08/12/2016 04:10 PM, Louis Francoeur wrote:
>
> Since the rpm update to 
> ipa-server-dns-4.2.0-15.0.1.el7.centos.18.x86_64 (running on Centos 7),
>
>
> most of my replication started to failed with:
>
what do you mean by "most of", if some servers still work and others 
don't is there something different ?
>
>
> last update status: -1 Incremental update has failed and requires 
> administrator actionLDAP error: Can't contact LDAP server
>
what is in the error log of directory server ? Identify one broken 
replication connection and check both supplier and consumer side
>
>
> Then setup contains about 10 ipa servers in 5 different locations.
>
>
> But i went and ran an ipa-replica-conncheck i get this:
>
>
> # ipa-replica-conncheck --replica server.domain.local
> Check connection from master to remote replica 'server.domain.local':
>    Directory Service: Unsecure port (389): OK
>    Directory Service: Secure port (636): OK
>    Kerberos KDC: TCP (88): OK
>    Kerberos KDC: UDP (88): WARNING
>    Kerberos Kpasswd: TCP (464): OK
>    Kerberos Kpasswd: UDP (464): WARNING
>    HTTP Server: Unsecure port (80): OK
>    HTTP Server: Secure port (443): OK
> The following UDP ports could not be verified as open: 88, 464
> This can happen if they are already bound to an application
> and ipa-replica-conncheck cannot attach own UDP responder.
>
> Connection from master to replica is OK.
>
>
>
> I even ran the following without issue:
>
>     # kinit -kt /etc/dirsrv/ds.keytab ldap/`hostname`
>     # klist
>     # ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
>     # ldapsearch -Y GSSAPI -h the.other.master.fqdn -b "" -s base
>
> Not really sure what to check for next?
>
> Any hint?
>
>
> Thanks
>
> Louis Francoeur
>
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/75c3192c/attachment.htm>

From Michael.Sean.Conley at raytheon.com  Fri Aug 12 17:13:56 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Fri, 12 Aug 2016 12:13:56 -0500
Subject: [Freeipa-users] ldaps Java script issues with RH IdM - odd that I
	cannot make it connect...
Message-ID: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>



So, having some fun today, trying to get a javascript in a docker container
to speak to FreeIPA via LDAPS.
I made sure that the key was inserted into the store,
(aba-idam:/etc/ipa/ca.crt), and ensured that an ldap user was created for
ldap binding (coincidentally I used "binding").
I also added a user in ipa called ddfusr, and set its password, and logged
in via kinit to ensure that we could check it.  it is available, and is
able to log in and getent its information, not to mention I can see it has
Kerberos info and all that jazz.

So, based on the ldif, we entered the data we expect to be able to log in
with into the java script.  And so we get back an error=32.

What am I missing here?

Information included here:

LDASEARCH RESPONSE binding
# ldapsearch -x uid=binding
	# extended LDIF
	#
	# LDAPv3
	# base <dc=aba,dc=house,dc=com> (default) with scope subtree
	# filter: uid=binding
	# requesting: ALL
	#

	# search result
	search: 2
	result: 0 Success

	# numResponses: 1

LDAPSEARCH RESPONSE ddfusr
# ldapsearch -x uid=ddfusr
	# extended LDIF
	#
	# LDAPv3
	# base <dc=aba,dc=house,dc=com> (default) with scope subtree
	# filter: uid=ddfusr
	# requesting: ALL
	#

	# ddfusr, users, compat, aba.house.com
	dn: uid=ddfusr,cn=users,cn=compat,dc=aba,dc=house,dc=com
	cn: ddf user
	objectClass: posixAccount
	objectClass: top
	gidNumber: 1043600007
	gecos: ddf user
	uidNumber: 1043600007
	loginShell: /bin/sh
	homeDirectory: /home/ddfusr
	uid: ddfusr

	# ddfusr, users, accounts, aba.house.com
	dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=house,dc=com
	displayName: ddf user
	uid: ddfusr
	objectClass: ipaobject
	objectClass: person
	objectClass: top
	objectClass: ipasshuser
	objectClass: inetorgperson
	objectClass: organizationalperson
	objectClass: krbticketpolicyaux
	objectClass: krbprincipalaux
	objectClass: inetuser
	objectClass: posixaccount
	objectClass: ipaSshGroupOfPubKeys
	objectClass: mepOriginEntry
	objectClass: ipauserauthtypeclass
	loginShell: /bin/sh
	initials: du
	gecos: ddf user
	sn: user
	homeDirectory: /home/ddfusr
	givenName: ddf
	cn: ddf user
	uidNumber: 1043600007
	gidNumber: 1043600007

	# search result
	search: 2
	result: 0 Success

	# numResponses: 3
	# numEntries: 2

KLIST RESPONSE
# klist
	Ticket cache: KEYRING:persistent:0:krb_ccache_wtB5z4N
	Default principal: ddfusr at ABA.HOUSE.COM

	Valid starting       Expires              Service principal
	08/12/2016 11:56:17  08/13/2016 11:56:14
krbtgt/ABA.HOUSE.COM at ABA.HOUSE.COM


GETENT RESPONSE
# getent passwd ddfusr
	ddfusr:*:1043600007:1043600007:ddf user:/home/ddfusr:/bin/sh


LDAP-MODULE.XML
	<jaas:config name="karaf" rank="1">
		<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
					flags="required">
		  initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
		  connection.username=cn=binding
		  connection.password=password!
		  connection.url=ldaps://aba-idam.aba.house.com:636
		  user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com
		  user.filter=(uid=%u)
		  user.search.subtree=true
		  role.base.dn=cn=JBoss,dc=aba,dc=house,dc=com
		  role.name.attribute=cn
		  role.filter=
(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)
		  role.search.subtree=true
		  role.mapping=admin=group,admin,manager,viewer,webconsole
		  authentication=simple
		  ssl.protocol=SSL
		  ssl.truststore=truststore
		  ssl.algorithm=PKIX
		</jaas:module>
	</jaas:config>

	<jaas:keystore name="truststore"
			path="file:${javax.net.ssl.trustStore}"
			keystorePassword="${javax.net.ssl.trustStorePassword}" />

JAVA LOG FILE:
	2016-08-12 11:10:27,174 | WARN  | d]-nio2-thread-5 | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.4 | Can't connect to the LDAP
server: [LDAP: error code 32 - No Such Object]
	javax.naming.AuthenticationException: [LDAP: error code 32 - No Such
Object]
			at com.sun.jndi.ldap.LdapClient.authenticate
(LdapClient.java:295)[:1.8.0_65]
			at com.sun.jndi.ldap.LdapCtx.connect
(LdapCtx.java:2788)[:1.8.0_65]
			at com.sun.jndi.ldap.LdapCtx.<init>
(LdapCtx.java:319)[:1.8.0_65]
			at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL
(LdapCtxFactory.java:192)[:1.8.0_65]
			at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs
(LdapCtxFactory.java:210)[:1.8.0_65]
			at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance
(LdapCtxFactory.java:153)[:1.8.0_65]
			at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext
(LdapCtxFactory.java:83)[:1.8.0_65]
			at javax.naming.spi.NamingManager.getInitialContext
(NamingManager.java:684)
			at javax.naming.InitialContext.getDefaultInitCtx
(InitialContext.java:313)[:1.8.0_65]
			at javax.naming.InitialContext.init
(InitialContext.java:244)[:1.8.0_65]
			at javax.naming.InitialContext.<init>
(InitialContext.java:216)[:1.8.0_65]
			at javax.naming.directory.InitialDirContext.<init>
(InitialDirContext.java:101)[:1.8.0_65]
			at org.apache.karaf.jaas.modules.ldap.LDAPCache.open
(LDAPCache.java:113)[116:org.apache.karaf.jaas.modules:4.0.4]
			at
org.apache.karaf.jaas.modules.ldap.LDAPCache.doGetUserDnAndNamespace
(LDAPCache.java:147)[116:org.apache.karaf.jaas.modules:4.0.4]
			at
org.apache.karaf.jaas.modules.ldap.LDAPCache.getUserDnAndNamespace
(LDAPCache.java:138)[116:org.apache.karaf.jaas.modules:4.0.4]
			at
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin
(LDAPLoginModule.java:110)[116:org.apache.karaf.jaas.modules:4.0.4]
			at
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login
(LDAPLoginModule.java:54)[116:org.apache.karaf.jaas.modules:4.0.4]
			at org.apache.karaf.jaas.boot.ProxyLoginModule.login
(ProxyLoginModule.java:83)[org.apache.karaf.jaas.boot-4.0.4.jar:]
			at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)[:1.8.0_65]
			at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)[:1.8.0_65]
			at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)[:1.8.0_65]
			at java.lang.reflect.Method.invoke
(Method.java:497)[:1.8.0_65]
			at javax.security.auth.login.LoginContext.invoke
(LoginContext.java:755)[:1.8.0_65]
			at javax.security.auth.login.LoginContext.access$000
(LoginContext.java:195)[:1.8.0_65]
			at javax.security.auth.login.LoginContext$4.run
(LoginContext.java:682)[:1.8.0_65]
			at javax.security.auth.login.LoginContext$4.run
(LoginContext.java:680)[:1.8.0_65]
			at java.security.AccessController.doPrivileged(Native
Method)[:1.8.0_65]
			at javax.security.auth.login.LoginContext.invokePriv
(LoginContext.java:680)[:1.8.0_65]
			at javax.security.auth.login.LoginContext.login
(LoginContext.java:587)[:1.8.0_65]
			at
org.apache.karaf.shell.ssh.KarafJaasAuthenticator.authenticate
(KarafJaasAuthenticator.java:78)
			at
org.apache.sshd.server.auth.UserAuthKeyboardInteractive.checkPassword
(UserAuthKeyboardInteractive.java:75)[1:org.apache.sshd.core:0.14.0]
			at
org.apache.sshd.server.auth.UserAuthKeyboardInteractive.doAuth
(UserAuthKeyboardInteractive.java:68)[1:org.apache.sshd.core:0.14.0]
			at org.apache.sshd.server.auth.AbstractUserAuth.next
(AbstractUserAuth.java:53)[1:org.apache.sshd.core:0.14.0]
			at
org.apache.sshd.server.session.ServerUserAuthService.process
(ServerUserAuthService.java:159)[1:org.apache.sshd.core:0.14.0]
			at
org.apache.sshd.common.session.AbstractSession.doHandleMessage
(AbstractSession.java:431)[1:org.apache.sshd.core:0.14.0]
			at
org.apache.sshd.common.session.AbstractSession.handleMessage
(AbstractSession.java:326)[1:org.apache.sshd.core:0.14.0]
			at org.apache.sshd.common.session.AbstractSession.decode
(AbstractSession.java:780)[1:org.apache.sshd.core:0.14.0]
			at
org.apache.sshd.common.session.AbstractSession.messageReceived
(AbstractSession.java:308)[1:org.apache.sshd.core:0.14.0]
			at
org.apache.sshd.common.AbstractSessionIoHandler.messageReceived
(AbstractSessionIoHandler.java:54)[1:org.apache.sshd.core:0.14.0]
			at org.apache.sshd.common.io.nio2.Nio2Session
$1.onCompleted(Nio2Session.java:184)[1:org.apache.sshd.core:0.14.0]
			at org.apache.sshd.common.io.nio2.Nio2Session
$1.onCompleted(Nio2Session.java:170)[1:org.apache.sshd.core:0.14.0]
			at org.apache.sshd.common.io.nio2.Nio2CompletionHandler
$1.run(Nio2CompletionHandler.java:32)
			at java.security.AccessController.doPrivileged(Native
Method)[:1.8.0_65]
			at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed
(Nio2CompletionHandler.java:30)[1:org.apache.sshd.core:0.14.0]
			at sun.nio.ch.Invoker.invokeUnchecked
(Invoker.java:126)[:1.8.0_65]
			at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.8.0_65]
			at sun.nio.ch.AsynchronousChannelGroupImpl$1.run
(AsynchronousChannelGroupImpl.java:112)[:1.8.0_65]
			at java.util.concurrent.ThreadPoolExecutor.runWorker
(ThreadPoolExecutor.java:1142)[:1.8.0_65]
			at java.util.concurrent.ThreadPoolExecutor$Worker.run
(ThreadPoolExecutor.java:617)[:1.8.0_65]
			at java.lang.Thread.run(Thread.java:745)[:1.8.0_65]


RH IDM ACCESS LOG FILE
	[12/Aug/2016:11:05:34 -0500] conn=850 fd=112 slot=112 SSL connection
from 172.17.4.64 to 172.17.4.20
	[12/Aug/2016:11:05:34 -0500] conn=850 TLS1.2 256-bit AES-GCM
	[12/Aug/2016:11:05:34 -0500] conn=850 op=0 BIND dn="cn=binding"
method=128 version=3
	[12/Aug/2016:11:05:34 -0500] conn=850 op=0 RESULT err=32 tag=97
nentries=0 etime=0
	[12/Aug/2016:11:05:34 -0500] conn=850 op=-1 fd=112 closed - B1

Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/28682916/attachment.htm>

From Louis.Francoeur at esignlive.com  Fri Aug 12 17:24:31 2016
From: Louis.Francoeur at esignlive.com (Louis Francoeur)
Date: Fri, 12 Aug 2016 17:24:31 +0000
Subject: [Freeipa-users] Fw:  Problem with replication
In-Reply-To: <57ADE8A7.3080509@redhat.com>
References: <1471011018717.92378@esignlive.com>,<57ADE8A7.3080509@redhat.com>
Message-ID: <1471022671237.54980@esignlive.com>



On 08/12/2016 04:10 PM, Louis Francoeur wrote:

Since the rpm update to ipa-server-dns-4.2.0-15.0.1.el7.centos.18.x86_64 (running on Centos 7),


most of my replication started to failed with:

what do you mean by "most of", if some servers still work and others don't is there something different ?

All servers were created as a replica from server3

Server1 - 3 of 4 replication failing

Server2 - 2 of 2 replication failing

Server3 - 1 of 6 replication failing - Originating server for all others

Server4 - 4 of 4 replication failing

Server5 - 1 of 2 replication failing

Server6 - 3 of 3 replication failing

Server7 - 2 of 2 replication failing

Server8 - 3 of 3 replication failing

Server9 - all ok (only 1 replication)

Server10 - 1 of 1 replication failing



last update status: -1 Incremental update has failed and requires administrator actionLDAP error: Can't contact LDAP server

what is in the error log of directory server ? Identify one broken replication connection and check both supplier and consumer side

This is the one i see more often:

attrlist_replace - attr_replace (nsslapd-referral, ldap://server.domain.local:389/o%3Dipaca) failed.

Connection seems fine both side

I saw this but i am not sure i understand what to look for

https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html

ldapsearch -ZZ -h server.domain.local -D "cn=Directory Manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" | grep "nsds50ruv\|nsDS5ReplicaId"

nsDS5ReplicaId: 66
nsds50ruv: {replicageneration} 56d0badb000000600000
nsds50ruv: {replica 66 ldap://server2.domain.local:389} 56e85e4600
nsds50ruv: {replica 96 ldap://server3.domain.local:389} 56d0bae10
nsds50ruv: {replica 71 ldap://server2.domain.local:389} 56e857a000
nsds50ruv: {replica 76 ldap://server1.domain.local:389} 56e84f7f00
nsds50ruv: {replica 81 ldap://server5.domain.local:389} 56e31c930
nsds50ruv: {replica 86 ldap://server8.domain.local:389} 56e313230
nsds50ruv: {replica 91 ldap://server8.domain.local:389} 56d8a2b00
nsds50ruv: {replica 97 ldap://server6.domain.local:389} 56d0bb000
nsds50ruv: {replica 61 ldap://server7.domain.local:389} 56f190110
nsds50ruv: {replica 1095 ldap://server9.domain.local:389} 572a48e7000
nsds50ruv: {replica 1090 ldap://server9.domain.local:389} 572a582f000
nsds50ruv: {replica 1085 ldap://server9.domain.local:389} 572b4af6000
nsds50ruv: {replica 56 ldap://server9.domain.local:389} 57333a4900000
nsds50ruv: {replica 1080 ldap://server10.domain.local:389} 5733810500


The others errors i saw were:

NSMMReplicationPlugin - agmt="cn=meToserver1.domain.local" (server1:389): Warning: unable to send endReplication extended operation (Can't contact LDAP server)

NSMMReplicationPlugin - process_postop: Failed to apply update (579fa2a4000000060000) error (-1).  Aborting replication session(conn=23243 op=6)

Then setup contains about 10 ipa servers in 5 different locations.


But i went and ran an ipa-replica-conncheck i get this:


# ipa-replica-conncheck --replica server.domain.local
Check connection from master to remote replica 'server.domain.local':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): WARNING
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): WARNING
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK
The following UDP ports could not be verified as open: 88, 464
This can happen if they are already bound to an application
and ipa-replica-conncheck cannot attach own UDP responder.

Connection from master to replica is OK.



I even ran the following without issue:

# kinit -kt /etc/dirsrv/ds.keytab ldap/`hostname`
# klist
# ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
# ldapsearch -Y GSSAPI -h the.other.master.fqdn -b "" -s base

Not really sure what to check for next?

Any hint?


Thanks

Louis Francoeur



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/32f5894f/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/32f5894f/attachment.txt>

From pspacek at redhat.com  Fri Aug 12 17:24:39 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 12 Aug 2016 19:24:39 +0200
Subject: [Freeipa-users] ldaps Java script issues with RH IdM - odd that
 I cannot make it connect...
In-Reply-To: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>
References: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>
Message-ID: <42b2abca-d0fc-f4f6-affa-221a5d1967d0@redhat.com>

On 12.8.2016 19:13, Michael Sean Conley wrote:
> 		  role.filter=
> (member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)

I suspect that this filter is incorrect. Likely, it should be only
"(uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)".

I hope it helps.

-- 
Petr^2 Spacek



From jstephen at redhat.com  Fri Aug 12 18:27:17 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Fri, 12 Aug 2016 14:27:17 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
Message-ID: <79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>

This looks suspicious

    /Aug 12 08:45:00 sudo[31732] val[0]=+office//
    //Aug 12 08:45:00 sudo[31732] -> addr_matches @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:195//
    //Aug 12 08:45:00 sudo[31732] -> addr_matches_if @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:56//
    //Aug 12 08:45:00 sudo[31732] <- addr_matches_if @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:66 :=
    false//
    //Aug 12 08:45:00 sudo[31732] IP address +office matches local host:
    false @ addr_matches()
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:206//
    //Aug 12 08:45:00 sudo[31732] <- addr_matches @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:207 :=
    false//
    //Aug 12 08:45:00 sudo[31732] -> netgr_matches @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1015//
    //Aug 12 08:45:00 sudo[31732] -> sudo_getdomainname @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:953//
    //Aug 12 08:45:00 sudo[31732] <- sudo_getdomainname @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:992 := (null)//
    //Aug 12 08:45:00 sudo[31732] netgroup office matches
    (//docker-dev-01.internal.emerlyn.com
    <http://docker-dev-01.internal.emerlyn.com>//|//docker-dev-01.internal.emerlyn.com
    <http://docker-dev-01.internal.emerlyn.com>//, jgoddard, ): false @
    netgr_matches()
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1041//
    //Aug 12 08:45:00 sudo[31732] <- netgr_matches @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1044 := false//
    //Aug 12 08:45:00 sudo[31732] -> hostname_matches @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:819//
    //Aug 12 08:45:00 sudo[31732] host
    //docker-dev-01.internal.emerlyn.com
    <http://docker-dev-01.internal.emerlyn.com>//matches sudoers pattern
    +office: false @ hostname_matches()
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:829//
    //Aug 12 08:45:00 sudo[31732] <- hostname_matches @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:830 := false//
    //Aug 12 08:45:00 sudo[31732] sssd/ldap sudoHost '+office' ... not//
    //Aug 12 08:45:00 sudo[31732] <- sudo_sss_check_host @
    /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:687 := false/

It doesn't seem to find this host as part of the hostgroup, I suspect 
the problem is because of this entry in nsswitch:

      netgroup:       nis sss

Could you try just 'sss' or 'files sss' ?

A successful hostgroup match should look something like this instead:

        /Aug 12 14:20:32 sudo[25075] val[0]=+nonproduction//
        //Aug 12 14:20:32 sudo[25075] -> addr_matches @ ./match_addr.c:190//
        //Aug 12 14:20:32 sudo[25075] -> addr_matches_if @
        ./match_addr.c:62//
        //Aug 12 14:20:32 sudo[25075] <- addr_matches_if @
        ./match_addr.c:100 := false//
        //Aug 12 14:20:32 sudo[25075] <- addr_matches @
        ./match_addr.c:200 := false//
        //Aug 12 14:20:32 sudo[25075] -> sudo_sss_ipa_hostname_matches @
        ./sssd.c:558//
        //Aug 12 14:20:32 sudo[25075] -> hostname_matches @ ./match.c:740//
        //Aug 12 14:20:32 sudo[25075] <- hostname_matches @
        ./match.c:751 := false//
        //Aug 12 14:20:32 sudo[25075] -> netgr_matches @ ./match.c:856//
        //Aug 12 14:20:32 sudo[25075] (rhel7-ipa-client.example.com, *,
        example.com) found in netgroup nonproduction//
        //Aug 12 14:20:32 sudo[25075] <- netgr_matches @ ./match.c:909
        := true//
        //Aug 12 14:20:32 sudo[25075] IPA hostname
        (rhel7-ipa-client.example.com) matches +nonproduction => true//
        //Aug 12 14:20:32 sudo[25075] <- sudo_sss_ipa_hostname_matches @
        ./sssd.c:569 := true//
        //Aug 12 14:20:32 sudo[25075] sssd/ldap sudoHost
        '+nonproduction' ... MATCH!//
        //Aug 12 14:20:32 sudo[25075] <- sudo_sss_check_host @
        ./sssd.c:614 := true/

Kind regards,
Justin Stephenson

On 08/12/2016 10:00 AM, Jeff Goddard wrote:
> The rule is defined that all members of the developer group have sudo 
> access to all commands available on the machines in the office group.
>
> Jeff
>
> On Fri, Aug 12, 2016 at 9:58 AM, Jakub Hrozek <jhrozek at redhat.com 
> <mailto:jhrozek at redhat.com>> wrote:
>
>     On Fri, Aug 12, 2016 at 08:53:53AM -0400, Jeff Goddard wrote:
>     > Jakub,
>     >
>     > Here is the log file output:
>
>     How is the sudorule defined?
>
>     > Aug 12 08:45:00 sudo[31732] user_in_group: user jgoddard NOT in
>     group admin
>     > Aug 12 08:45:00 sudo[31732] <- user_in_group @
>     > /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/pwutil.c:855 := false
>     > Aug 12 08:45:00 sudo[31732] user jgoddard matches group admin:
>     false @
>     > usergr_matches()
>     /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:940
>     > Aug 12 08:45:00 sudo[31732] <- usergr_matches @
>
>     Here it looks like sudo tried to match user's groups against the
>     groups
>     allowed to run sudo and admin didn't match.
>
>
>
>
> -- 
> Jeff Goddard
> Director of Information Technology
> Emerlyn Technology
>
> Email: jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>
> Telephone: (603) 447-8571
> Toll free: (888) 363-7596 ext. 108
> Fax: (603) 356-3346
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/82e7ad28/attachment.htm>

From jgoddard at emerlyn.com  Fri Aug 12 18:35:08 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 12 Aug 2016 14:35:08 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
Message-ID: <CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>

I made the edit as suggested - removing nis and just leaving sss -
restarted sssd and then re-tried. I also tried with files sss. Still
getting the same result.

Thanks,

Jeff

On Fri, Aug 12, 2016 at 2:27 PM, Justin Stephenson <jstephen at redhat.com>
wrote:

> This looks suspicious
>
> *Aug 12 08:45:00 sudo[31732] val[0]=+office*
> *Aug 12 08:45:00 sudo[31732] -> addr_matches @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:195*
> *Aug 12 08:45:00 sudo[31732] -> addr_matches_if @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:56*
> *Aug 12 08:45:00 sudo[31732] <- addr_matches_if @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:66 := false*
> *Aug 12 08:45:00 sudo[31732] IP address +office matches local host: false
> @ addr_matches()
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:206*
> *Aug 12 08:45:00 sudo[31732] <- addr_matches @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:207 := false*
> *Aug 12 08:45:00 sudo[31732] -> netgr_matches @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1015*
> *Aug 12 08:45:00 sudo[31732] -> sudo_getdomainname @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:953*
> *Aug 12 08:45:00 sudo[31732] <- sudo_getdomainname @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:992 := (null)*
> *Aug 12 08:45:00 sudo[31732] netgroup office matches (**docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>**|**docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>**, jgoddard, ): false @
> netgr_matches() /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1041*
> *Aug 12 08:45:00 sudo[31732] <- netgr_matches @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1044 := false*
> *Aug 12 08:45:00 sudo[31732] -> hostname_matches @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:819*
> *Aug 12 08:45:00 sudo[31732] host **docker-dev-01.internal.emerlyn.com
> <http://docker-dev-01.internal.emerlyn.com>** matches sudoers pattern
> +office: false @ hostname_matches()
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:829*
> *Aug 12 08:45:00 sudo[31732] <- hostname_matches @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:830 := false*
> *Aug 12 08:45:00 sudo[31732] sssd/ldap sudoHost '+office' ... not*
> *Aug 12 08:45:00 sudo[31732] <- sudo_sss_check_host @
> /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:687 := false*
>
> It doesn't seem to find this host as part of the hostgroup, I suspect the
> problem is because of this entry in nsswitch:
>
>      netgroup:       nis sss
>
> Could you try just 'sss' or 'files sss' ?
>
> A successful hostgroup match should look something like this instead:
>
> *Aug 12 14:20:32 sudo[25075] val[0]=+nonproduction*
> *Aug 12 14:20:32 sudo[25075] -> addr_matches @ ./match_addr.c:190*
> *Aug 12 14:20:32 sudo[25075] -> addr_matches_if @ ./match_addr.c:62*
> *Aug 12 14:20:32 sudo[25075] <- addr_matches_if @ ./match_addr.c:100 :=
> false*
> *Aug 12 14:20:32 sudo[25075] <- addr_matches @ ./match_addr.c:200 := false*
> *Aug 12 14:20:32 sudo[25075] -> sudo_sss_ipa_hostname_matches @
> ./sssd.c:558*
> *Aug 12 14:20:32 sudo[25075] -> hostname_matches @ ./match.c:740*
> *Aug 12 14:20:32 sudo[25075] <- hostname_matches @ ./match.c:751 := false*
> *Aug 12 14:20:32 sudo[25075] -> netgr_matches @ ./match.c:856*
> *Aug 12 14:20:32 sudo[25075] (rhel7-ipa-client.example.com
> <http://rhel7-ipa-client.example.com>, *, example.com <http://example.com>)
> found in netgroup nonproduction*
> *Aug 12 14:20:32 sudo[25075] <- netgr_matches @ ./match.c:909 := true*
> *Aug 12 14:20:32 sudo[25075] IPA hostname (rhel7-ipa-client.example.com
> <http://rhel7-ipa-client.example.com>) matches +nonproduction => true*
> *Aug 12 14:20:32 sudo[25075] <- sudo_sss_ipa_hostname_matches @
> ./sssd.c:569 := true*
> *Aug 12 14:20:32 sudo[25075] sssd/ldap sudoHost '+nonproduction' ...
> MATCH!*
> *Aug 12 14:20:32 sudo[25075] <- sudo_sss_check_host @ ./sssd.c:614 := true*
>
> Kind regards,
> Justin Stephenson
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/d0169eb8/attachment.htm>

From rcritten at redhat.com  Fri Aug 12 19:39:02 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 12 Aug 2016 15:39:02 -0400
Subject: [Freeipa-users] ldaps Java script issues with RH IdM - odd that
 I cannot make it connect...
In-Reply-To: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>
References: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>
Message-ID: <57AE25D6.4090305@redhat.com>

Michael Sean Conley wrote:
> So, having some fun today, trying to get a javascript in a docker
> container to speak to FreeIPA via LDAPS.
> I made sure that the key was inserted into the store,
> (aba-idam:/etc/ipa/ca.crt), and ensured that an ldap user was created
> for ldap binding (coincidentally I used "binding").
> I also added a user in ipa called ddfusr, and set its password, and
> logged in via kinit to ensure that we could check it.  it is available,
> and is able to log in and getent its information, not to mention I can
> see it has Kerberos info and all that jazz.

You need the full DN for the user binding, not just cn=binding.

You can confirm the bind on the cli using ldapsearch :

ldapsearch -Z -H ldap://ipa.example.com -D 
'uid=admin,cn=users,cn=accounts,dc=example,dc=com' -W -b 
'cn=users,cn=accounts,dc=example,dc=com' '(uid=admin)' cn

> So, based on the ldif, we entered the data we expect to be able to log
> in with into the java script.  And so we get back an error=32.
>
> What am I missing here?
>
> Information included here:
>
> LDASEARCH RESPONSE binding
> # ldapsearch -x uid=binding
> # extended LDIF
> #
> # LDAPv3
> # base <dc=aba,dc=house,dc=com> (default) with scope subtree
> # filter: uid=binding
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1

Filter returned no matches. Is it uid=binding or cn=binding?

rob



From jstephen at redhat.com  Fri Aug 12 19:53:32 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Fri, 12 Aug 2016 15:53:32 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
Message-ID: <5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>

In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created 
automatically in the IPA compat tree under 'cn=ng,cn=compat,$suffix' 
because sudo has no understanding of hostgroups.

You should be able to query this on a client with

       # getent netgroup office

This should return nisNetgroupTriple for each host in the hostgroup

      (ipa-client-1.example.com,-,example.com) 
(ipa-client-2.example.com,-,example.com)

I would check this in your environment between working and non-working 
systems.

I believe in later versions of sssd they added IPA sudo schema support 
to eliminate the need for the compat tree so this could be related to 
the issue if newer ubuntu clients are not working but CentOS is working.

What version of sssd are you running?

Kind regards,

Justin Stephenson

On 08/12/2016 02:35 PM, Jeff Goddard wrote:
> I made the edit as suggested - removing nis and just leaving sss - 
> restarted sssd and then re-tried. I also tried with files sss. Still 
> getting the same result.
>
> Thanks,
>
> Jeff
>
> On Fri, Aug 12, 2016 at 2:27 PM, Justin Stephenson 
> <jstephen at redhat.com <mailto:jstephen at redhat.com>> wrote:
>
>     This looks suspicious
>
>         /Aug 12 08:45:00 sudo[31732] val[0]=+office//
>         //Aug 12 08:45:00 sudo[31732] -> addr_matches @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:195//
>         //Aug 12 08:45:00 sudo[31732] -> addr_matches_if @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:56//
>         //Aug 12 08:45:00 sudo[31732] <- addr_matches_if @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:66
>         := false//
>         //Aug 12 08:45:00 sudo[31732] IP address +office matches local
>         host: false @ addr_matches()
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:206//
>         //Aug 12 08:45:00 sudo[31732] <- addr_matches @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match_addr.c:207
>         := false//
>         //Aug 12 08:45:00 sudo[31732] -> netgr_matches @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1015//
>         //Aug 12 08:45:00 sudo[31732] -> sudo_getdomainname @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:953//
>         //Aug 12 08:45:00 sudo[31732] <- sudo_getdomainname @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:992 :=
>         (null)//
>         //Aug 12 08:45:00 sudo[31732] netgroup office matches
>         (//docker-dev-01.internal.emerlyn.com
>         <http://docker-dev-01.internal.emerlyn.com>//|//docker-dev-01.internal.emerlyn.com
>         <http://docker-dev-01.internal.emerlyn.com>//, jgoddard, ):
>         false @ netgr_matches()
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1041//
>         //Aug 12 08:45:00 sudo[31732] <- netgr_matches @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:1044 :=
>         false//
>         //Aug 12 08:45:00 sudo[31732] -> hostname_matches @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:819//
>         //Aug 12 08:45:00 sudo[31732] host
>         //docker-dev-01.internal.emerlyn.com
>         <http://docker-dev-01.internal.emerlyn.com>//matches sudoers
>         pattern +office: false @ hostname_matches()
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:829//
>         //Aug 12 08:45:00 sudo[31732] <- hostname_matches @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/match.c:830 :=
>         false//
>         //Aug 12 08:45:00 sudo[31732] sssd/ldap sudoHost '+office' ...
>         not//
>         //Aug 12 08:45:00 sudo[31732] <- sudo_sss_check_host @
>         /build/sudo-L2mAoN/sudo-1.8.16/plugins/sudoers/sssd.c:687 :=
>         false/
>
>     It doesn't seem to find this host as part of the hostgroup, I
>     suspect the problem is because of this entry in nsswitch:
>
>          netgroup:       nis sss
>
>     Could you try just 'sss' or 'files sss' ?
>
>     A successful hostgroup match should look something like this instead:
>
>             /Aug 12 14:20:32 sudo[25075] val[0]=+nonproduction//
>             //Aug 12 14:20:32 sudo[25075] -> addr_matches @
>             ./match_addr.c:190//
>             //Aug 12 14:20:32 sudo[25075] -> addr_matches_if @
>             ./match_addr.c:62//
>             //Aug 12 14:20:32 sudo[25075] <- addr_matches_if @
>             ./match_addr.c:100 := false//
>             //Aug 12 14:20:32 sudo[25075] <- addr_matches @
>             ./match_addr.c:200 := false//
>             //Aug 12 14:20:32 sudo[25075] ->
>             sudo_sss_ipa_hostname_matches @ ./sssd.c:558//
>             //Aug 12 14:20:32 sudo[25075] -> hostname_matches @
>             ./match.c:740//
>             //Aug 12 14:20:32 sudo[25075] <- hostname_matches @
>             ./match.c:751 := false//
>             //Aug 12 14:20:32 sudo[25075] -> netgr_matches @
>             ./match.c:856//
>             //Aug 12 14:20:32 sudo[25075]
>             (rhel7-ipa-client.example.com
>             <http://rhel7-ipa-client.example.com>, *, example.com
>             <http://example.com>) found in netgroup nonproduction//
>             //Aug 12 14:20:32 sudo[25075] <- netgr_matches @
>             ./match.c:909 := true//
>             //Aug 12 14:20:32 sudo[25075] IPA hostname
>             (rhel7-ipa-client.example.com
>             <http://rhel7-ipa-client.example.com>) matches
>             +nonproduction => true//
>             //Aug 12 14:20:32 sudo[25075] <-
>             sudo_sss_ipa_hostname_matches @ ./sssd.c:569 := true//
>             //Aug 12 14:20:32 sudo[25075] sssd/ldap sudoHost
>             '+nonproduction' ... MATCH!//
>             //Aug 12 14:20:32 sudo[25075] <- sudo_sss_check_host @
>             ./sssd.c:614 := true/
>
>     Kind regards,
>     Justin Stephenson
>
>>
>>
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/b0e7805f/attachment.htm>

From jgoddard at emerlyn.com  Fri Aug 12 19:57:49 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 12 Aug 2016 15:57:49 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
Message-ID: <CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>

On Fri, Aug 12, 2016 at 3:53 PM, Justin Stephenson <jstephen at redhat.com>
wrote:

> In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created
> automatically in the IPA compat tree under 'cn=ng,cn=compat,$suffix'
> because sudo has no understanding of hostgroups.
>
> You should be able to query this on a client with
>
>       # getent netgroup office
>
> This should return nisNetgroupTriple for each host in the hostgroup
>
>      (ipa-client-1.example.com,-,example.com) (ipa-client-2.example.com,-,
> example.com)
>
> I would check this in your environment between working and non-working
> systems.
>
> I believe in later versions of sssd they added IPA sudo schema support to
> eliminate the need for the compat tree so this could be related to the
> issue if newer ubuntu clients are not working but CentOS is working.
>
> What version of sssd are you running?
>
> Kind regards,
>
> Justin Stephenson
> On 08/12/2016 02:35 PM, Jeff Goddard wrote:
>
> I made the edit as suggested - removing nis and just leaving sss -
> restarted sssd and then re-tried. I also tried with files sss. Still
> getting the same result.
>
> Thanks,
>
> Jeff
>
> The query returns the expect results:

 getent netgroup office
office                (docker-dev-01.internal.emerlyn.com,-,
internal.emerlyn.com) (docker-dev-02.internal.emerlyn.com,-,
internal.emerlyn.com) (docker-dev-03.internal.emerlyn.com,-,
internal.emerlyn.com) [more hosts]

sssd version is 1.13.4

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/4ce47b9a/attachment.htm>

From freeipa at jacobdevans.com  Fri Aug 12 20:03:52 2016
From: freeipa at jacobdevans.com (Jake)
Date: Fri, 12 Aug 2016 16:03:52 -0400 (EDT)
Subject: [Freeipa-users] Does FreeIPA require ICMP to be allowed? Can it
 cause login speed issues?
Message-ID: <325230309.21354.1471032232557@vegas.jacobdevans.com>

Hey Guys, 
Can anyone tell me if there are issues caused by blocking ICMP requests between ipa clients, ipa servers and ad servers? 

We typically filter ICMP between all systems. 

Also, if anyone has good documentation as to what ports are required between each I'd really appreciate it! 

>From IPA Server to AD Server (trust) 
>From IPA Client to IPA Server 
>From IPA Client to AD Server (if any, unsure if kerberos/ldap is needed here or not on v4) 
>From AD Client to IPA Client (ad users on windows machines accessing ipa client over ssh with kerberos gssapi) 

Thanks! Have a good weekend! 

-Jake 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/cedf27bf/attachment.htm>

From Michael.Sean.Conley at raytheon.com  Fri Aug 12 20:46:19 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Fri, 12 Aug 2016 15:46:19 -0500
Subject: [Freeipa-users] ldaps Java script issues with RH IdM - odd that
 I cannot make it connect...
In-Reply-To: <57AE25D6.4090305@redhat.com>
References: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>
	<57AE25D6.4090305@redhat.com>
Message-ID: <OFAEAEAA0E.D8239BCD-ON8625800D.006E48FB-8625800D.00721A9D@raytheon.com>

UID binding - I believe - from what I saw in the script.


I ran the nifty search...  First on user "binding"...

Got an error 32.

tried it with ddfusr

# ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddfusr)' cn
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=users,cn=accounts,dc=aba,dc=home,dc=com> with scope subtree
# filter: (uid=ddfusr)
# requesting: cn
#

# ddfusr, users, accounts, aba.home.com
dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com
cn: ddf user

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1


Fabulous.

So, I then checked the java xml file...

 <jaas:config name="karaf" rank="1">
    <jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=cn=ddfusr
      connection.password=iloveaba!
      connection.url=ldaps://aba-idam.aba.house.com:636
      user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com
      role.name.attribute=cn
      role.filter=(member=
uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)
      role.search.subtree=true
      role.mapping=admin=group,admin,manager,viewer,webconsole
      authentication=simple
      ssl.protocol=SSL
      ssl.truststore=truststore
      ssl.algorithm=PKIX
    </jaas:module>
  </jaas:config>

and I tried to log in with the ddfusr account and....

Error 32.

Rassin Frassin!  It's too Friday for this.

Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/f9621d5a/attachment.htm>

From rcritten at redhat.com  Fri Aug 12 21:13:19 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 12 Aug 2016 17:13:19 -0400
Subject: [Freeipa-users] ldaps Java script issues with RH IdM - odd that
 I cannot make it connect...
In-Reply-To: <OFAEAEAA0E.D8239BCD-ON8625800D.006E48FB-8625800D.00721A9D@raytheon.com>
References: <OF89C977AC.4F3FC56B-ON8625800D.005E9845-8625800D.005EA8FB@raytheon.com>
	<57AE25D6.4090305@redhat.com>
	<OFAEAEAA0E.D8239BCD-ON8625800D.006E48FB-8625800D.00721A9D@raytheon.com>
Message-ID: <57AE3BEF.7060702@redhat.com>

Michael Sean Conley wrote:
> UID binding - I believe - from what I saw in the script.
>
>
> I ran the nifty search...  First on user "binding"...
>
> Got an error 32.
>
> tried it with ddfusr
>
> # ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
> 'uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
> 'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddfusr)' cn
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=users,cn=accounts,dc=aba,dc=home,dc=com> with scope subtree
> # filter: (uid=ddfusr)
> # requesting: cn
> #
>
> # ddfusr, users, accounts, aba.home.com
> dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com
> cn: ddf user
>
> # search result
> search: 3
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Fabulous.
>
> So, I then checked the java xml file...
>
>   <jaas:config name="karaf" rank="1">
>      <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>                   flags="required">
>        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>        connection.username=cn=ddfusr
>        connection.password=iloveaba!
>        connection.url=ldaps://aba-idam.aba.house.com:636
>        user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com
>        user.filter=(uid=%u)
>        user.search.subtree=true
>        role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com
>        role.name.attribute=cn
>
> role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)
>        role.search.subtree=true
>        role.mapping=admin=group,admin,manager,viewer,webconsole
>        authentication=simple
>        ssl.protocol=SSL
>        ssl.truststore=truststore
>        ssl.algorithm=PKIX
>      </jaas:module>
>    </jaas:config>
>
> and I tried to log in with the ddfusr account and....
>
> Error 32.

You're still using the wrong user to bind. There is no cn=ddfusr. At 
best there is a uid=ddfusr if the user.base is automatically added 
(which it probably isn't).

It probably needs to be 
uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com just like in the 
ldapsearch.

rob



From jcnt at use.startmail.com  Fri Aug 12 22:38:04 2016
From: jcnt at use.startmail.com (Josh)
Date: Fri, 12 Aug 2016 18:38:04 -0400
Subject: [Freeipa-users] updating certificates
In-Reply-To: <98acba84-d06a-64dd-4521-57cbcfc21ade@redhat.com>
References: <961a039c237577e3b3a460ab3a33e6d5.startmail@www.startmail.com>
	<57728EB8.2050805@redhat.com>
	<61e11459-f429-2d93-c0f4-d489911b0ecf@use.startmail.com>
	<98acba84-d06a-64dd-4521-57cbcfc21ade@redhat.com>
Message-ID: <4f409a5a-b29f-ac67-5588-963199b39634@use.startmail.com>

Hi Florence,

I am using latest RHEL 7.2 IPA and would really like to find proper 
instructions because every new client still gets old certificates in its 
/etc/ipa/nssdb and requires manual update.

Josh.

On 08/10/2016 04:22 AM, Florence Blanc-Renaud wrote:
> Hi Josh,
>
> depending on your IPA version, you may consider using 
> ipa-server-certinstall and ipa-certupdate.
>
> ipa-server-certinstall can be used to install a new certificate for 
> Apache/LDAP servers, and ipa-certupdate to update the NSS DBs with the 
> CA certificates found in the LDAP server.
>
> Flo.
>
> On 08/09/2016 05:48 PM, Josh wrote:
>> Rob,
>>
>> One must also update /etc/ipa/nssdb the same way, otherwise ipa cli tool
>> gets SEC_ERROR_UNTRUSTED_ISSUER !
>>
>> It would be nice to have an IPA tool  to update all certificates in all
>> required places.
>>
>> Also, why would I need to add CA that already in system ca-trust to the
>> private IPA nssdb?
>>
>> Josh.
>>
>>
>> On 06/28/2016 10:50 AM, Rob Crittenden wrote:
>>> jcnt at use.startmail.com wrote:
>>>> Greetings,
>>>>
>>>> About a year ago I installed my freeipa server with certificates from
>>>> startssl using command line options --dirsrv-cert-file 
>>>> --http-cert-file
>>>> etc.
>>>> The certificate is about to expire, what is the proper way to 
>>>> update it
>>>> in all places?
>>>
>>> It depends on whether you kept the original CSR or not. If you kept
>>> the original CSR and are just renewing the certificate(s) then when
>>> you get the new one, use certutil to add the updated cert to the
>>> appropriate NSS database like:
>>>
>>> # certutil -A -n Server-Cert -d /etc/httpd/alias -t u,u,u -a -i
>>> /path/to/new.crt
>>>
>>> If you need to generate a new CSR then you can use
>>> ipa-server-certinstall to install the updated key and crt files.
>>>
>>> In either case probably worth backing up /etc/httpd/alias/*.db and
>>> /etc/dirsrv/slapd-INSTANCE/*.db.
>>>
>>> rob
>>>
>>
>



From Michael.Sean.Conley at raytheon.com  Fri Aug 12 22:51:05 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Fri, 12 Aug 2016 17:51:05 -0500
Subject: [Freeipa-users] ldaps Java script issues with RH IdM - odd that
 I cannot make it connect...
Message-ID: <OF57B8BC3B.74FCC8BD-ON8625800D.007D7E9F-8625800D.007D86E5@raytheon.com>



so if I am reading you correctly....
connection.username=cn=ddfusr
should be
connection.username=uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com?




Michael Sean Conley



From:	Rob Crittenden <rcritten at redhat.com>
To:	Michael Sean Conley <Michael.Sean.Conley at raytheon.com>,
            freeipa-users at redhat.com
Date:	08/12/2016 04:13 PM
Subject:	Re: [Freeipa-users] ldaps Java script issues with RH IdM - odd
            that I cannot make it connect...



Michael Sean Conley wrote:
> UID binding - I believe - from what I saw in the script.
>
>
> I ran the nifty search...  First on user "binding"...
>
> Got an error 32.
>
> tried it with ddfusr
>
> # ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
> 'uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
> 'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddfusr)' cn
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=users,cn=accounts,dc=aba,dc=home,dc=com> with scope subtree
> # filter: (uid=ddfusr)
> # requesting: cn
> #
>
> # ddfusr, users, accounts, aba.home.com
> dn: uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com
> cn: ddf user
>
> # search result
> search: 3
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Fabulous.
>
> So, I then checked the java xml file...
>
>   <jaas:config name="karaf" rank="1">
>      <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>                   flags="required">
>        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>        connection.username=cn=ddfusr
>        connection.password=iloveaba!
>        connection.url=ldaps://aba-idam.aba.house.com:636
>        user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com
>        user.filter=(uid=%u)
>        user.search.subtree=true
>        role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com
>        role.name.attribute=cn
>
> role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)
>        role.search.subtree=true
>        role.mapping=admin=group,admin,manager,viewer,webconsole
>        authentication=simple
>        ssl.protocol=SSL
>        ssl.truststore=truststore
>        ssl.algorithm=PKIX
>      </jaas:module>
>    </jaas:config>
>
> and I tried to log in with the ddfusr account and....
>
> Error 32.

You're still using the wrong user to bind. There is no cn=ddfusr. At
best there is a uid=ddfusr if the user.base is automatically added
(which it probably isn't).

It probably needs to be
uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com just like in the
ldapsearch.

rob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/69210b36/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160812/69210b36/attachment.gif>

From rakesh.rajasekharan at gmail.com  Sat Aug 13 11:00:51 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Sat, 13 Aug 2016 16:30:51 +0530
Subject: [Freeipa-users] freeipa server capacity planning
Message-ID: <CANAMAkpQbGVEmOGqET1-L_DoTrA80za+xvSWDkxP61fgXwcY6g@mail.gmail.com>

Hi,

I have successfully running freeipa setup across my envs.. and now planning
to move it to one of the prod envs where we have around 4000 clients.

I am running a single IPA server instance with regular backups being taken
to handle any disasters

Are there any recommendations on the system configuration, I am using a 4
CPU, 30GB Ram machine. will that be ok or should I upgrade to a higher
configuration

Also, the default File descriptors is set to 8192 by IPA, with the number
of clients does it make sense to increase the value of
nsslapd-maxdescriptors.

Please let me know


Thanks,

Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160813/42df755d/attachment.htm>

From jhrozek at redhat.com  Sun Aug 14 18:16:18 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Sun, 14 Aug 2016 20:16:18 +0200
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
	<CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
Message-ID: <4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>

Hi Pavel, can you help us with this thread?

> On 12 Aug 2016, at 21:57, Jeff Goddard <jgoddard at emerlyn.com> wrote:
> 
> 
> 
> On Fri, Aug 12, 2016 at 3:53 PM, Justin Stephenson <jstephen at redhat.com> wrote:
> In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created automatically in the IPA compat tree under 'cn=ng,cn=compat,$suffix' because sudo has no understanding of hostgroups.
> 
> You should be able to query this on a client with 
>       # getent netgroup office
> 
> This should return nisNetgroupTriple for each host in the hostgroup
>      (ipa-client-1.example.com,-,example.com) (ipa-client-2.example.com,-,example.com)
> 
> I would check this in your environment between working and non-working systems.
> I believe in later versions of sssd they added IPA sudo schema support to eliminate the need for the compat tree so this could be related to the issue if newer ubuntu clients are not working but CentOS is working.
> 
> What version of sssd are you running?
> Kind regards,
> 
> Justin Stephenson
> On 08/12/2016 02:35 PM, Jeff Goddard wrote:
>> I made the edit as suggested - removing nis and just leaving sss - restarted sssd and then re-tried. I also tried with files sss. Still getting the same result.
>> 
>> Thanks,
>> 
>> Jeff
> The query returns the expect results:
> 
>  getent netgroup office
> office                (docker-dev-01.internal.emerlyn.com,-,internal.emerlyn.com) (docker-dev-02.internal.emerlyn.com,-,internal.emerlyn.com) (docker-dev-03.internal.emerlyn.com,-,internal.emerlyn.com) [more hosts]
> 
> sssd version is 1.13.4
> 
> Jeff
> 
> 
> 




From dkowis+freeipa at shlrm.org  Sun Aug 14 19:31:28 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Sun, 14 Aug 2016 14:31:28 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu 16.04.1
	install
Message-ID: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>

I'm new to this, but super excited to find a nice authentication
solution. Trying to figure out why part of the installation failed,
perhaps someone here can point me in the right direction?

The `ipa-server-install` command makes it all the way through, except to
where it starts to do the client install. In the logs I see this:

2016-08-14T19:00:48Z DEBUG Configuring client side components
2016-08-14T19:00:48Z DEBUG Starting external process
2016-08-14T19:00:48Z DEBUG args=/usr/sbin/ipa-client-install --on-master
--unattended --domain dark.kow.is --server freeipavm.dark.kow.is --realm
DARK.KOW.IS --hostname freeipavm.dark.kow.is
2016-08-14T19:01:20Z DEBUG Process finished, return code=1
2016-08-14T19:01:20Z DEBUG   File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in
execute
    return_value = self.run()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/cli.py", line
318, in run
    cfgr.run()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 310, in run
    self.execute()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 332, in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 362, in __runner
    step()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 586, in _configure
    next(executor)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 449, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 446, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 362, in __runner
    step()
  File "/usr/lib/python2.7/dist-packages/ipapython/install/core.py",
line 359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/dist-packages/ipapython/install/common.py",
line 63, in _install
    for nothing in self._installer(self.parent):
  File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
line 1513, in main
    install(self)
  File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
line 267, in decorated
    func(installer)
  File
"/usr/lib/python2.7/dist-packages/ipaserver/install/server/install.py",
line 1036, in install
    sys.exit("Configuration of client side components failed!")

2016-08-14T19:01:20Z DEBUG The ipa-server-install command failed,
exception: SystemExit: Configuration of client side components failed!
2016-08-14T19:01:20Z ERROR Configuration of client side components failed!
2016-08-14T19:01:20Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information

On the original console where the install happens:

<snip>
Skipping synchronizing time with NTP server.
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
trying https://freeipavm.dark.kow.is/ipa/json
Forwarding 'ping' to json server 'https://freeipavm.dark.kow.is/ipa/json'
Cannot connect to the server due to generic error: Authentication method
not supported: sasl mechanism not supported
Installation failed. As this is IPA server, changes will not be rolled back.
ipa.ipapython.install.cli.install_tool(Server): ERROR    Configuration
of client side components failed!
ipa.ipapython.install.cli.install_tool(Server): ERROR    The
ipa-server-install command failed. See /var/log/ipaserver-install.log
for more information


A google search for freeipa authentication method not supported sasl
mechanism not supported

Or just for freeipa sasl mechanism not supported doesn't find me
anything useful :(

Perhaps someone else has had this error before, or maybe just knows what
I need to do?

Thanks in advance!

--
David Kowis


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160814/923249c6/attachment.sig>

From jgoddard at emerlyn.com  Sun Aug 14 21:16:56 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Sun, 14 Aug 2016 17:16:56 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
	<CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
	<4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
Message-ID: <CA+No-6G7QmcX=QrsY_GwAKC=zM9Y6LoAbzk+1qCmZqMkzMSm0g@mail.gmail.com>

Just some additional information, this is a default install however as a
modification after running the ipa-client-install executable I followed
these instructions  so that users get an automatically-created home
directory:

https://debian-administration.org/article/403/Giving_users_a_home_directory_automatically

I greatly appreciate your time and efforts on this problem.

Jeff

On Sun, Aug 14, 2016 at 2:16 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> Hi Pavel, can you help us with this thread?
>
> > On 12 Aug 2016, at 21:57, Jeff Goddard <jgoddard at emerlyn.com> wrote:
> >
> >
> >
> > On Fri, Aug 12, 2016 at 3:53 PM, Justin Stephenson <jstephen at redhat.com>
> wrote:
> > In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created
> automatically in the IPA compat tree under 'cn=ng,cn=compat,$suffix'
> because sudo has no understanding of hostgroups.
> >
> > You should be able to query this on a client with
> >       # getent netgroup office
> >
> > This should return nisNetgroupTriple for each host in the hostgroup
> >      (ipa-client-1.example.com,-,example.com) (ipa-client-2.example.com
> ,-,example.com)
> >
> > I would check this in your environment between working and non-working
> systems.
> > I believe in later versions of sssd they added IPA sudo schema support
> to eliminate the need for the compat tree so this could be related to the
> issue if newer ubuntu clients are not working but CentOS is working.
> >
> > What version of sssd are you running?
> > Kind regards,
> >
> > Justin Stephenson
> > On 08/12/2016 02:35 PM, Jeff Goddard wrote:
> >> I made the edit as suggested - removing nis and just leaving sss -
> restarted sssd and then re-tried. I also tried with files sss. Still
> getting the same result.
> >>
> >> Thanks,
> >>
> >> Jeff
> > The query returns the expect results:
> >
> >  getent netgroup office
> > office                (docker-dev-01.internal.emerlyn.com,-,internal.
> emerlyn.com) (docker-dev-02.internal.emerlyn.com,-,internal.emerlyn.com) (
> docker-dev-03.internal.emerlyn.com,-,internal.emerlyn.com) [more hosts]
> >
> > sssd version is 1.13.4
> >
> > Jeff
> >
> >
> >
>
>
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160814/ffb85ece/attachment.htm>

From dkowis+freeipa at shlrm.org  Mon Aug 15 00:57:11 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Sun, 14 Aug 2016 19:57:11 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
Message-ID: <2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>

On 08/14/2016 02:31 PM, David Kowis wrote:
> Perhaps someone else has had this error before, or maybe just knows what
> I need to do?

Digging through the mailing list, I only find this guy:
https://www.redhat.com/archives/freeipa-devel/2014-October/msg00480.html

Seems someone had the exact same problem I did almost two years ago, and
didn't post about their solution, if they got any solution.

--
David Kowis



> 
> Thanks in advance!
> 
> --
> David Kowis
> 
> 
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160814/bcfc03e3/attachment.sig>

From dkowis+freeipa at shlrm.org  Mon Aug 15 01:29:11 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Sun, 14 Aug 2016 20:29:11 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
Message-ID: <fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>

On 08/14/2016 07:57 PM, David Kowis wrote:
> On 08/14/2016 02:31 PM, David Kowis wrote:
>> Perhaps someone else has had this error before, or maybe just knows what
>> I need to do?
> 
> Digging through the mailing list, I only find this guy:
> https://www.redhat.com/archives/freeipa-devel/2014-October/msg00480.html
> 
> Seems someone had the exact same problem I did almost two years ago, and
> didn't post about their solution, if they got any solution.

Narrowed it down a bit further:


Aug 14 20:27:24 freeipavm ipa-dnskeysyncd[31211]: ipa: WARNING: session
memcached servers not running
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]: ipa         : INFO
LDAP bind...
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]: Traceback (most recent
call last):
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
"/usr/lib/ipa/ipa-dnskeysyncd", line 92, in <module>
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:
ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 932, in
sasl_interactive_bind_s
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     res =
self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 900, in
_apply_method_s
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     return
func(self,*args,**kwargs)
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 244, in
sasl_interactive_bind_s
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in
_ldap_call
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     result =
func(*args,**kwargs)
Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:
ldap.STRONG_AUTH_NOT_SUPPORTED: {'info': 'sasl mechanism not supported',
'desc': 'Authentication method not supported'}
Aug 14 20:27:26 freeipavm systemd[1]: ipa-dnskeysyncd.service: Main
process exited, code=exited, status=1/FAILURE
Aug 14 20:27:26 freeipavm systemd[1]: ipa-dnskeysyncd.service: Unit
entered failed state.
Aug 14 20:27:26 freeipavm systemd[1]: ipa-dnskeysyncd.service: Failed
with result 'exit-code'.


Seems this service doesn't start with the sasl mechanism not supported.

Does anyone know what's missing, or how I can get further information?
Is it the LDAP server, or am I missing a sasl lib for python? Maybe a
configuration file?


--
David Kowis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160814/f0172eea/attachment.sig>

From pspacek at redhat.com  Mon Aug 15 09:33:03 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 15 Aug 2016 11:33:03 +0200
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
Message-ID: <bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>

On 15.8.2016 03:29, David Kowis wrote:
> On 08/14/2016 07:57 PM, David Kowis wrote:
>> On 08/14/2016 02:31 PM, David Kowis wrote:
>>> Perhaps someone else has had this error before, or maybe just knows what
>>> I need to do?
>>
>> Digging through the mailing list, I only find this guy:
>> https://www.redhat.com/archives/freeipa-devel/2014-October/msg00480.html
>>
>> Seems someone had the exact same problem I did almost two years ago, and
>> didn't post about their solution, if they got any solution.
> 
> Narrowed it down a bit further:
> 
> 
> Aug 14 20:27:24 freeipavm ipa-dnskeysyncd[31211]: ipa: WARNING: session
> memcached servers not running
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]: ipa         : INFO
> LDAP bind...
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]: Traceback (most recent
> call last):
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
> "/usr/lib/ipa/ipa-dnskeysyncd", line 92, in <module>
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:
> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
> "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 932, in
> sasl_interactive_bind_s
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     res =
> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
> "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 900, in
> _apply_method_s
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     return
> func(self,*args,**kwargs)
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
> "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 244, in
> sasl_interactive_bind_s
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     return
> self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:   File
> "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in
> _ldap_call
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:     result =
> func(*args,**kwargs)
> Aug 14 20:27:26 freeipavm ipa-dnskeysyncd[31211]:
> ldap.STRONG_AUTH_NOT_SUPPORTED: {'info': 'sasl mechanism not supported',
> 'desc': 'Authentication method not supported'}
> Aug 14 20:27:26 freeipavm systemd[1]: ipa-dnskeysyncd.service: Main
> process exited, code=exited, status=1/FAILURE
> Aug 14 20:27:26 freeipavm systemd[1]: ipa-dnskeysyncd.service: Unit
> entered failed state.
> Aug 14 20:27:26 freeipavm systemd[1]: ipa-dnskeysyncd.service: Failed
> with result 'exit-code'.
> 
> 
> Seems this service doesn't start with the sasl mechanism not supported.
> 
> Does anyone know what's missing, or how I can get further information?
> Is it the LDAP server, or am I missing a sasl lib for python? Maybe a
> configuration file?


This is weird as LDAP SASL & GSSAPI is pretty standard thing.

In any case, you can check server logs or use tcpdump/wireshark and see if the
error somes from LDAP server or if it is client side error.

That would tell us where to focus.

-- 
Petr^2 Spacek



From pspacek at redhat.com  Mon Aug 15 09:43:01 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 15 Aug 2016 11:43:01 +0200
Subject: [Freeipa-users] Does FreeIPA require ICMP to be allowed? Can it
 cause login speed issues?
In-Reply-To: <325230309.21354.1471032232557@vegas.jacobdevans.com>
References: <325230309.21354.1471032232557@vegas.jacobdevans.com>
Message-ID: <132bd832-7ef9-ea8c-0cd2-39ad82134005@redhat.com>

On 12.8.2016 22:03, Jake wrote:
> Hey Guys, 
> Can anyone tell me if there are issues caused by blocking ICMP requests between ipa clients, ipa servers and ad servers? 

For IPv4:
In theory, if your network is in ideal state and no service ever goes down
(unrealistic), it should work.

In practice, you will be observing long timeouts from time to time because the
clients will not be able to immediately detect that a service is down and
quickly fail-over to another server.


For IPv6: The network will totally break.


> We typically filter ICMP between all systems.
> 
> Also, if anyone has good documentation as to what ports are required between each I'd really appreciate it! 
> 
>>From IPA Server to AD Server (trust) 
>>From IPA Client to IPA Server 
>>From IPA Client to AD Server (if any, unsure if kerberos/ldap is needed here or not on v4) 
>>From AD Client to IPA Client (ad users on windows machines accessing ipa client over ssh with kerberos gssapi) 

For IPA servers, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#prereq-ports

For IPA clients, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/clients-prereqs.html#prereq-ports-clients

For AD trusts, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-requirements.html#trust-req-ports


IPA & AD clients in cross-forest trust need to be able to communicate with IPA
and AD servers at least for Kerberos, but I would not bother with filtering
these specifically. Take them as clients joined to both realms.

-- 
Petr^2 Spacek



From pspacek at redhat.com  Mon Aug 15 09:46:53 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 15 Aug 2016 11:46:53 +0200
Subject: [Freeipa-users] freeipa server capacity planning
In-Reply-To: <CANAMAkpQbGVEmOGqET1-L_DoTrA80za+xvSWDkxP61fgXwcY6g@mail.gmail.com>
References: <CANAMAkpQbGVEmOGqET1-L_DoTrA80za+xvSWDkxP61fgXwcY6g@mail.gmail.com>
Message-ID: <d0f8fe38-d28f-9f43-cf7b-5fa07ba5ac0e@redhat.com>

On 13.8.2016 13:00, Rakesh Rajasekharan wrote:
> Hi,
> 
> I have successfully running freeipa setup across my envs.. and now planning
> to move it to one of the prod envs where we have around 4000 clients.

The most important characteristics to consider is: What the clients do?

Do they cache intelligently (e.g. using SSSD)? If it is the case then your
config should be fine.

Are they 'dumb' and do LDAP operations all the time? Then you can face
problems even with smaller number of clients, it depends.

Sorry for nor having better answer.

Petr^2 Spacek


> I am running a single IPA server instance with regular backups being taken
> to handle any disasters
> 
> Are there any recommendations on the system configuration, I am using a 4
> CPU, 30GB Ram machine. will that be ok or should I upgrade to a higher
> configuration
> 
> Also, the default File descriptors is set to 8192 by IPA, with the number
> of clients does it make sense to increase the value of
> nsslapd-maxdescriptors.

I do not know myself, please try to look up answer in
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Performance_Tuning_Guide/index.html

Petr^2 Spacek



From suygur at firstderivatives.com  Mon Aug 15 10:13:30 2016
From: suygur at firstderivatives.com (Stefan Uygur)
Date: Mon, 15 Aug 2016 10:13:30 +0000
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
Message-ID: <38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>

Hi Everyone,
Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.

I followed the link provided by Mark Reynold:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_Passwords

I applied the instructions multiple times and also followed these instructions as well:
http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

With no joy.

Mark suggested:
The problem here is that "cn=directory manager" does not exist in a database.  It only exists in the cn=config entry, so ldappasswd will not work.  
But I'm not sure if your problem is the directory manager account though.  You need to look through the Directory Server access log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which BIND dn is failing.  It could be a different user/account.

So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from local to /var/run/slapd-INSTANCE-COM.socke
t
[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory manager" method=128 version=3
[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97 nentries=0 etime=0
[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1

I don't think it is that difficult to manage/change Directory Manager password but I cannot get away with it myself so I must be doing something wrong or the solutions provided (instructions) are not applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64) I have.

Any help would be greatly appreciated.

Stefan

-----Original Message-----
From: Mark Reynolds [mailto:mareynol at redhat.com] 
Sent: 14 July 2016 15:27
To: Stefan Uygur; Alexander Bokovoy
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa replication issue



On 07/14/2016 10:10 AM, Stefan Uygur wrote:
> Hi Alexander,
> Thanks for a quick reply first of all and to be honest actually I have tried that link too, it didn't work either.
>
> This is my ipa version: ipa-server-3.0.0-47.el6_7.2.x86_64 and the 
> system is RHEL 6
>
> When I reproduce the last step of the instructions you provided:
>
> ldappasswd -h localhost -ZZ -p 389 -x -D "cn=Directory Manager" -W -T 
> dm_password Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> Or trying this one (because I am not sure if I have dogtag 10):
>
> ldappasswd -h localhost -ZZ -p 7389 -x -D "cn=Directory Manager" -W -T 
> dm_password Enter LDAP Password:
> Result: No such object (32)
> Additional info: No such Entry exists.
The problem here is that "cn=directory manager" does not exist in a database.  It only exists in the cn=config entry, so ldappasswd will not work.  You must follow this process:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_Passwords

But I'm not sure if your problem is the directory manager account though.  You need to look through the Directory Server access log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which BIND dn is failing.  It could be a different user/account.

Mark
>
> I couldn't figure out clearly, your help much appreciated wherever you can.
>
> Many thanks
>
>
> -----Original Message-----
> From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
> Sent: 14 July 2016 14:39
> To: Stefan Uygur
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Freeipa replication issue
>
> On Thu, 14 Jul 2016, Stefan Uygur wrote:
>> Hi All,
>> Sorry if this would appear to be an obvious issue and maybe someone 
>> has already discussed about it but I couldn't get anywhere 
>> information about how to resolve this issue that I am experiencing.
>>
>> Basically I have an IPA master server where the admin password was 
>> originally the same as Directory Manager password, within months the 
>> admin password was changed and DM left as it was.
>>
>> But I have followed the instructions given in below link to reset DM
>> password:
>>
>> https://www.centos.org/docs/5/html/CDS/install/8.0/Installation_Guide
>> -C
>> ommon_Usage-Resetting_Passwords.html
> This is incorrect document as it is not relevant to IPA.
>
> Use 
> http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>
>> Which I have tested after the reset using ldapsearch and it seems to 
>> be working perfectly.
>>
>> But when I try to prepare the replica it keep telling me that is 
>> wrong password as per below:
>>
>> ipa-replica-prepare ipa2.example.com --ip-address 10.0.0.3 Directory 
>> Manager (existing master) password:
>> The password provided is incorrect for LDAP server ipa1.example.com
>>
>>
>> Usint the following to test the DM password:
>>
>> ldapsearch -x -D "cn=directory manager" -w DM_PASSWD base -b "" "objectclass=*"
>>
>> Which gives me the correct result, long output.....but again, when I 
>> try to prepare replica still getting wrong password.
> There are more places where DM password is used for replica. You changed it only 389-ds but didn't change other places. Use instructions above.
>
>
> --
> / Alexander Bokovoy
>




From g.schmitz at gtrs.de  Mon Aug 15 10:14:41 2016
From: g.schmitz at gtrs.de (Guido Schmitz)
Date: Mon, 15 Aug 2016 12:14:41 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <72abd120-5581-618a-e099-0e09e4483161@redhat.com>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
Message-ID: <dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>

On 12.08.2016 13:58, Petr Spacek wrote:
> On 12.8.2016 13:26, Guido Schmitz wrote:
>> Hi!
>>
>> I want to migrate my existing DNS setup to FreeIPA. As this existing
>> setup already uses DNSSEC, I want to import my current DNSSEC keys into
>> FreeIPA to have a smooth transition over to IPA's DNS. (The authorative
>> DNS servers for the zones are set up as slaves that get the zone via
>> AXFR and can seamlessly switch to AXFR from IPA.)
>>
>> In my test migration, I have created the DNS zone I want to migrate in
>> FreeIPA and have enabled DNSSEC.
>>
>> As far as I understand IPA's implementation of DNSSEC, OpenDNSSEC takes
>> care of key management and key rollover [1]. Hence, I have imported my
>> existing DNSSEC keys to OpenDNSSEC according to OpenDNSSEC's HOWTO [2]
>> and OpenDNSSEC correctly shows the imported keys along with the DNSSEC
>> keys generated by IPA.
>>
>> I thought that ipa-dnskeysyncd would take care of syncing the keys from
>> OpenDNSSEC to 389 LDAP, but this does not happen: In 389 LDAP, only the
>> keys initially created by IPA (while enabling DNSSEC for this zone)
>> exist and hence, only these keys are used to sign the zone.
>>
>> Do I need to manually insert my existing DNSSEC keys into the LDAP or
>> take some other additional steps?
> 
> Hello!
> 
> In theory ipa-dnskeysyncd should take care of it. The important step is to
> ensure that all the imported keys have CKA_EXTRACTABLE PKCS#11 flag (in
> SoftHSM) set to TRUE otherwise the synchronization will not work.

That seems to be my problem: The CKA_EXTRACTABLE flag is not set on the
imported keys. I do not have any clue on how to set this flag.

I have used the following command to import the keys:

sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf softhsm2-util
--import ksk.pem --slot 0 --pin *PIN* --label ipaDNSSEC --id *ID*

softhsm2-util does not seem to have any parameter to set the
CKA_EXTRACTABLE flag.

Are there other ways to import keys into the SoftHSM that allow setting
this flag? Or is there a possibility to modify the flag later (although
this would be contrary to the idea of an "HSM")?


-Guido



> 
> Please note that we never tested this so following text is just untested theory:
> 
> Start with usual DNSSEC debugging for FreeIPA:
> http://www.freeipa.org/page/Troubleshooting#DNSSEC_signing_does_not_work
> 
> Besides all other things, I would double-check that (on FreeIPA DNSSEC key
> master server):
> 1) ods-ksmutil key list --verbose
> shows the imported keys in state active or publish
> 
> 2) Command
> python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py
> shows that keys are CKA_EXTRACTABLE.
> 
> 3) If all of the above seems to be okay, check logs for ipa-dnskeysyncd and
> ipa-ods-exporter services:
> journalctl -u ipa-dnskeysyncd -u ipa-ods-exporter
> 
> ipa-ods-exporter is the piece doing dirty export work.
> 
> I hope it helps.
> 
> Petr^2 Spacek
> 
> 
>>
>> Cheers,
>> -Guido
>>
>>
>>
>> [1] https://www.freeipa.org/page/V4/DNSSEC_Support#Implementation
>> [2] https://wiki.opendnssec.org/display/DOCS/Migrating+to+OpenDNSSEC
>>
> 
> 



From abokovoy at redhat.com  Mon Aug 15 10:27:57 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 15 Aug 2016 13:27:57 +0300
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
Message-ID: <20160815102757.5an2vuljyzpw725g@redhat.com>

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>Hi Everyone,
>Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.
>
>I followed the link provided by Mark Reynold:
>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_Passwords
>
>I applied the instructions multiple times and also followed these instructions as well:
>http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>
>With no joy.
>
>Mark suggested:
>The problem here is that "cn=directory manager" does not exist in a
>database.  It only exists in the cn=config entry, so ldappasswd will
>not work.  But I'm not sure if your problem is the directory manager
>account though.  You need to look through the Directory Server access
>log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which
>BIND dn is failing.  It could be a different user/account.
>
>So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
>[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101 nentries=0 etime=0 notes=U
>[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from local to /var/run/slapd-INSTANCE-COM.socke
>t
>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory manager" method=128 version=3
>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97 nentries=0 etime=0
>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
>
>I don't think it is that difficult to manage/change Directory Manager
>password but I cannot get away with it myself so I must be doing
>something wrong or the solutions provided (instructions) are not
>applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64) I
>have.
Please follow instructions in the FreeIPA's howto link above. Really,
they tell you where and how you should change DM password. As I said
before, you need to change more places which recorded the password at
the time of install. You claim that the instruction does not work but it
is very clear from the logs above that you haven't updated all places
where DM password was recorded and as such, you get some code using
older version of the DM password. This older version of DM password
comes from one of the fails you actually did not change.

-- 
/ Alexander Bokovoy



From suygur at firstderivatives.com  Mon Aug 15 10:38:49 2016
From: suygur at firstderivatives.com (Stefan Uygur)
Date: Mon, 15 Aug 2016 10:38:49 +0000
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <20160815102757.5an2vuljyzpw725g@redhat.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
	<20160815102757.5an2vuljyzpw725g@redhat.com>
Message-ID: <38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>

Hi Alexander,
Thanks for your reply and I do remember very well your feedback of course in relation to this issue.

The instructions are very simple, no discussion about that and I followed step by step ad exception of this step:
Configure all replicas to use the new password by editing /etc/pki-ca/password.conf for Dogtag 9 or /etc/pki/pki-tomcat/password.conf for Dogtag 10:

Which is not that clear to be honest as it is referring to replicas and not the master server itself.

I do not have any replica for this server, I am trying to set the first one in fact, so I don't think that step need to be re-produced in my case, unless I am really missing something in that paragraph.

Thanks again

-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com] 
Sent: 15 August 2016 11:28
To: Stefan Uygur
Cc: mreynolds at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa replication issue

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>Hi Everyone,
>Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.
>
>I followed the link provided by Mark Reynold:
>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/
>10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_P
>asswords
>
>I applied the instructions multiple times and also followed these instructions as well:
>http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>
>With no joy.
>
>Mark suggested:
>The problem here is that "cn=directory manager" does not exist in a 
>database.  It only exists in the cn=config entry, so ldappasswd will 
>not work.  But I'm not sure if your problem is the directory manager 
>account though.  You need to look through the Directory Server access 
>log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which 
>BIND dn is failing.  It could be a different user/account.
>
>So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
>[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101 
>nentries=0 etime=0 notes=U
>[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from 
>local to /var/run/slapd-INSTANCE-COM.socke t
>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory 
>manager" method=128 version=3
>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97 
>nentries=0 etime=0
>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
>
>I don't think it is that difficult to manage/change Directory Manager 
>password but I cannot get away with it myself so I must be doing 
>something wrong or the solutions provided (instructions) are not 
>applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64) I 
>have.
Please follow instructions in the FreeIPA's howto link above. Really, they tell you where and how you should change DM password. As I said before, you need to change more places which recorded the password at the time of install. You claim that the instruction does not work but it is very clear from the logs above that you haven't updated all places where DM password was recorded and as such, you get some code using older version of the DM password. This older version of DM password comes from one of the fails you actually did not change.

--
/ Alexander Bokovoy



From abokovoy at redhat.com  Mon Aug 15 11:05:38 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 15 Aug 2016 14:05:38 +0300
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
	<20160815102757.5an2vuljyzpw725g@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>
Message-ID: <20160815110538.ieo7tsaz5ep3gkpq@redhat.com>

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>Hi Alexander,
>Thanks for your reply and I do remember very well your feedback of
>course in relation to this issue.
>
>The instructions are very simple, no discussion about that and I
>followed step by step ad exception of this step: Configure all replicas
>to use the new password by editing /etc/pki-ca/password.conf for Dogtag
>9 or /etc/pki/pki-tomcat/password.conf for Dogtag 10:
>
>Which is not that clear to be honest as it is referring to replicas and
>not the master server itself.
In IPA the term 'replica' applies to all IPA masters. All of them are
replicas of each other on the base level. They may have additional
services running but at the very least they have LDAP, Kerberos KDC, and
HTTPd.

>
>I do not have any replica for this server, I am trying to set the first
>one in fact, so I don't think that step need to be re-produced in my
>case, unless I am really missing something in that paragraph.
These steps have to be done on all existing IPA masters, whether you
call them replicas or not.

Did you update /root/cacert.p12? If so, did you re-generate the replica
file afterwards? Point is, inside replica file there is a CA certificate
with a private key in PKCS#12 format which is encrypted using DM
password. If you have replica file generated before cacert.p12 was
updated with new DM password, then cacert.p12 inside the replica file
cannot be decrypted using new DM password, thus replica installation
will fail.


>
>Thanks again
>
>-----Original Message-----
>From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
>Sent: 15 August 2016 11:28
>To: Stefan Uygur
>Cc: mreynolds at redhat.com; freeipa-users at redhat.com
>Subject: Re: [Freeipa-users] Freeipa replication issue
>
>On Mon, 15 Aug 2016, Stefan Uygur wrote:
>>Hi Everyone,
>>Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.
>>
>>I followed the link provided by Mark Reynold:
>>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/
>>10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_P
>>asswords
>>
>>I applied the instructions multiple times and also followed these instructions as well:
>>http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>
>>With no joy.
>>
>>Mark suggested:
>>The problem here is that "cn=directory manager" does not exist in a
>>database.  It only exists in the cn=config entry, so ldappasswd will
>>not work.  But I'm not sure if your problem is the directory manager
>>account though.  You need to look through the Directory Server access
>>log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see which
>>BIND dn is failing.  It could be a different user/account.
>>
>>So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
>>[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101
>>nentries=0 etime=0 notes=U
>>[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from
>>local to /var/run/slapd-INSTANCE-COM.socke t
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory
>>manager" method=128 version=3
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97
>>nentries=0 etime=0
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
>>
>>I don't think it is that difficult to manage/change Directory Manager
>>password but I cannot get away with it myself so I must be doing
>>something wrong or the solutions provided (instructions) are not
>>applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64) I
>>have.
>Please follow instructions in the FreeIPA's howto link above. Really, they tell you where and how you should change DM password. As I said before, you need to change more places which recorded the password at the time of install. You claim that the instruction does not work but it is very clear from the logs above that you haven't updated all places where DM password was recorded and as such, you get some code using older version of the DM password. This older version of DM password comes from one of the fails you actually did not change.
>
>--
>/ Alexander Bokovoy

-- 
/ Alexander Bokovoy



From suygur at firstderivatives.com  Mon Aug 15 11:37:33 2016
From: suygur at firstderivatives.com (Stefan Uygur)
Date: Mon, 15 Aug 2016 11:37:33 +0000
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <20160815110538.ieo7tsaz5ep3gkpq@redhat.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
	<20160815102757.5an2vuljyzpw725g@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>
	<20160815110538.ieo7tsaz5ep3gkpq@redhat.com>
Message-ID: <38C784D32FB4354DAED01CCB1BB50535174B5B94@mail01.firstderivatives.com>

I did update the cacert but can't generate the replica file. That is where I am failing, it keep saying invalid ldap credential. The strange thing is trying to test/verify ldap password was working in my previous attempts (following steps) which now not working either.

I know you guys might be familiar with this process but I am not, and to be honest it is a bit frustrating because, what is the point of creating a full web UI for IPA and not having DM password change on the same....

Why everything has to be so complicated I mean, it is better to go back to ldap though.

-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com] 
Sent: 15 August 2016 12:06
To: Stefan Uygur
Cc: mreynolds at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa replication issue

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>Hi Alexander,
>Thanks for your reply and I do remember very well your feedback of 
>course in relation to this issue.
>
>The instructions are very simple, no discussion about that and I 
>followed step by step ad exception of this step: Configure all replicas 
>to use the new password by editing /etc/pki-ca/password.conf for Dogtag
>9 or /etc/pki/pki-tomcat/password.conf for Dogtag 10:
>
>Which is not that clear to be honest as it is referring to replicas and 
>not the master server itself.
In IPA the term 'replica' applies to all IPA masters. All of them are replicas of each other on the base level. They may have additional services running but at the very least they have LDAP, Kerberos KDC, and HTTPd.

>
>I do not have any replica for this server, I am trying to set the first 
>one in fact, so I don't think that step need to be re-produced in my 
>case, unless I am really missing something in that paragraph.
These steps have to be done on all existing IPA masters, whether you call them replicas or not.

Did you update /root/cacert.p12? If so, did you re-generate the replica file afterwards? Point is, inside replica file there is a CA certificate with a private key in PKCS#12 format which is encrypted using DM password. If you have replica file generated before cacert.p12 was updated with new DM password, then cacert.p12 inside the replica file cannot be decrypted using new DM password, thus replica installation will fail.


>
>Thanks again
>
>-----Original Message-----
>From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
>Sent: 15 August 2016 11:28
>To: Stefan Uygur
>Cc: mreynolds at redhat.com; freeipa-users at redhat.com
>Subject: Re: [Freeipa-users] Freeipa replication issue
>
>On Mon, 15 Aug 2016, Stefan Uygur wrote:
>>Hi Everyone,
>>Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.
>>
>>I followed the link provided by Mark Reynold:
>>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server
>>/ 
>>10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_
>>P
>>asswords
>>
>>I applied the instructions multiple times and also followed these instructions as well:
>>http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>
>>With no joy.
>>
>>Mark suggested:
>>The problem here is that "cn=directory manager" does not exist in a 
>>database.  It only exists in the cn=config entry, so ldappasswd will 
>>not work.  But I'm not sure if your problem is the directory manager 
>>account though.  You need to look through the Directory Server access 
>>log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see 
>>which BIND dn is failing.  It could be a different user/account.
>>
>>So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
>>[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101
>>nentries=0 etime=0 notes=U
>>[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from 
>>local to /var/run/slapd-INSTANCE-COM.socke t
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory 
>>manager" method=128 version=3
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97
>>nentries=0 etime=0
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
>>
>>I don't think it is that difficult to manage/change Directory Manager 
>>password but I cannot get away with it myself so I must be doing 
>>something wrong or the solutions provided (instructions) are not 
>>applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64) 
>>I have.
>Please follow instructions in the FreeIPA's howto link above. Really, they tell you where and how you should change DM password. As I said before, you need to change more places which recorded the password at the time of install. You claim that the instruction does not work but it is very clear from the logs above that you haven't updated all places where DM password was recorded and as such, you get some code using older version of the DM password. This older version of DM password comes from one of the fails you actually did not change.
>
>--
>/ Alexander Bokovoy

--
/ Alexander Bokovoy



From pspacek at redhat.com  Mon Aug 15 11:46:28 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 15 Aug 2016 13:46:28 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
Message-ID: <622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>

On 15.8.2016 12:14, Guido Schmitz wrote:
> On 12.08.2016 13:58, Petr Spacek wrote:
>> On 12.8.2016 13:26, Guido Schmitz wrote:
>>> Hi!
>>>
>>> I want to migrate my existing DNS setup to FreeIPA. As this existing
>>> setup already uses DNSSEC, I want to import my current DNSSEC keys into
>>> FreeIPA to have a smooth transition over to IPA's DNS. (The authorative
>>> DNS servers for the zones are set up as slaves that get the zone via
>>> AXFR and can seamlessly switch to AXFR from IPA.)
>>>
>>> In my test migration, I have created the DNS zone I want to migrate in
>>> FreeIPA and have enabled DNSSEC.
>>>
>>> As far as I understand IPA's implementation of DNSSEC, OpenDNSSEC takes
>>> care of key management and key rollover [1]. Hence, I have imported my
>>> existing DNSSEC keys to OpenDNSSEC according to OpenDNSSEC's HOWTO [2]
>>> and OpenDNSSEC correctly shows the imported keys along with the DNSSEC
>>> keys generated by IPA.
>>>
>>> I thought that ipa-dnskeysyncd would take care of syncing the keys from
>>> OpenDNSSEC to 389 LDAP, but this does not happen: In 389 LDAP, only the
>>> keys initially created by IPA (while enabling DNSSEC for this zone)
>>> exist and hence, only these keys are used to sign the zone.
>>>
>>> Do I need to manually insert my existing DNSSEC keys into the LDAP or
>>> take some other additional steps?
>>
>> Hello!
>>
>> In theory ipa-dnskeysyncd should take care of it. The important step is to
>> ensure that all the imported keys have CKA_EXTRACTABLE PKCS#11 flag (in
>> SoftHSM) set to TRUE otherwise the synchronization will not work.
> 
> That seems to be my problem: The CKA_EXTRACTABLE flag is not set on the
> imported keys. I do not have any clue on how to set this flag.
> 
> I have used the following command to import the keys:
> 
> sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf softhsm2-util
> --import ksk.pem --slot 0 --pin *PIN* --label ipaDNSSEC --id *ID*
> 
> softhsm2-util does not seem to have any parameter to set the
> CKA_EXTRACTABLE flag.
> 
> Are there other ways to import keys into the SoftHSM that allow setting
> this flag?

Any tool which can do key import from file into PKCS#11 token should work, in
theory.

If you do not find any such tool, it will be easiest to patch softhsm2-util to
set the flag to TRUE on import. I'm attaching quick and dirty patch which
should do the job (for softhsm compiled against OpenSSL).

1. Get the sources:
$ git clone https://github.com/opendnssec/SoftHSMv2.git

2. Apply the patch:
git am 0001-HACK-for-OpenSSL-version-import-all-keys-with-CKA_EX.patch

3. Use how-to
https://github.com/opendnssec/SoftHSMv2/#installation
to compile the tool.

4. You do not need to install the library into system paths, just execute the
softhsm2-util binary from the build directory to do import and use standard
library as before.

I hope it will help. Please let me know your findings so I can submit improved
patch upstream (if we were successful).

> Or is there a possibility to modify the flag later (although
> this would be contrary to the idea of an "HSM")?

It is not possible to change it after object creation for the reasons stated
above.

Petr^2 Spacek

> 
> 
> -Guido
> 
> 
> 
>>
>> Please note that we never tested this so following text is just untested theory:
>>
>> Start with usual DNSSEC debugging for FreeIPA:
>> http://www.freeipa.org/page/Troubleshooting#DNSSEC_signing_does_not_work
>>
>> Besides all other things, I would double-check that (on FreeIPA DNSSEC key
>> master server):
>> 1) ods-ksmutil key list --verbose
>> shows the imported keys in state active or publish
>>
>> 2) Command
>> python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py
>> shows that keys are CKA_EXTRACTABLE.
>>
>> 3) If all of the above seems to be okay, check logs for ipa-dnskeysyncd and
>> ipa-ods-exporter services:
>> journalctl -u ipa-dnskeysyncd -u ipa-ods-exporter
>>
>> ipa-ods-exporter is the piece doing dirty export work.
>>
>> I hope it helps.
>>
>> Petr^2 Spacek
>>
>>
>>>
>>> Cheers,
>>> -Guido
>>>
>>>
>>>
>>> [1] https://www.freeipa.org/page/V4/DNSSEC_Support#Implementation
>>> [2] https://wiki.opendnssec.org/display/DOCS/Migrating+to+OpenDNSSEC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-HACK-for-OpenSSL-version-import-all-keys-with-CKA_EX.patch
Type: text/x-patch
Size: 2079 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160815/f01c8e67/attachment.bin>

From abokovoy at redhat.com  Mon Aug 15 11:48:15 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 15 Aug 2016 14:48:15 +0300
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <38C784D32FB4354DAED01CCB1BB50535174B5B94@mail01.firstderivatives.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
	<20160815102757.5an2vuljyzpw725g@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>
	<20160815110538.ieo7tsaz5ep3gkpq@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B94@mail01.firstderivatives.com>
Message-ID: <20160815114815.5qx2uwi5gern663v@redhat.com>

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>I did update the cacert but can't generate the replica file. That is
>where I am failing, it keep saying invalid ldap credential. The strange
>thing is trying to test/verify ldap password was working in my previous
>attempts (following steps) which now not working either.
>
>I know you guys might be familiar with this process but I am not, and
>to be honest it is a bit frustrating because, what is the point of
>creating a full web UI for IPA and not having DM password change on the
>same....
>
>Why everything has to be so complicated I mean, it is better to go back
>to ldap though.
I can understand your frustration. However, for us it is already an old
story because the problem you are facing was solved several years ago.
Given that you chose to run old version and cannot use fixes we've done
(since 3.2.2, July 2013), I'm not sure what we can help other than
pointing to the documentation. As you can see, the fixes actually are
the same as documentation:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b402b3bc30af1e57b0451bd2ecfb121ee1739e5

As for the why 'not having DM password change on the UI', this would not
help you anyway as you stuck with older version. I'm not going into
details why none of the operations that require DM password is possible
in the UI, though. It is not just a password change.

>
>-----Original Message-----
>From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
>Sent: 15 August 2016 12:06
>To: Stefan Uygur
>Cc: mreynolds at redhat.com; freeipa-users at redhat.com
>Subject: Re: [Freeipa-users] Freeipa replication issue
>
>On Mon, 15 Aug 2016, Stefan Uygur wrote:
>>Hi Alexander,
>>Thanks for your reply and I do remember very well your feedback of
>>course in relation to this issue.
>>
>>The instructions are very simple, no discussion about that and I
>>followed step by step ad exception of this step: Configure all replicas
>>to use the new password by editing /etc/pki-ca/password.conf for Dogtag
>>9 or /etc/pki/pki-tomcat/password.conf for Dogtag 10:
>>
>>Which is not that clear to be honest as it is referring to replicas and
>>not the master server itself.
>In IPA the term 'replica' applies to all IPA masters. All of them are replicas of each other on the base level. They may have additional services running but at the very least they have LDAP, Kerberos KDC, and HTTPd.
>
>>
>>I do not have any replica for this server, I am trying to set the first
>>one in fact, so I don't think that step need to be re-produced in my
>>case, unless I am really missing something in that paragraph.
>These steps have to be done on all existing IPA masters, whether you call them replicas or not.
>
>Did you update /root/cacert.p12? If so, did you re-generate the replica file afterwards? Point is, inside replica file there is a CA certificate with a private key in PKCS#12 format which is encrypted using DM password. If you have replica file generated before cacert.p12 was updated with new DM password, then cacert.p12 inside the replica file cannot be decrypted using new DM password, thus replica installation will fail.
>
>
>>
>>Thanks again
>>
>>-----Original Message-----
>>From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
>>Sent: 15 August 2016 11:28
>>To: Stefan Uygur
>>Cc: mreynolds at redhat.com; freeipa-users at redhat.com
>>Subject: Re: [Freeipa-users] Freeipa replication issue
>>
>>On Mon, 15 Aug 2016, Stefan Uygur wrote:
>>>Hi Everyone,
>>>Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.
>>>
>>>I followed the link provided by Mark Reynold:
>>>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server
>>>/
>>>10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting_
>>>P
>>>asswords
>>>
>>>I applied the instructions multiple times and also followed these instructions as well:
>>>http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>>
>>>With no joy.
>>>
>>>Mark suggested:
>>>The problem here is that "cn=directory manager" does not exist in a
>>>database.  It only exists in the cn=config entry, so ldappasswd will
>>>not work.  But I'm not sure if your problem is the directory manager
>>>account though.  You need to look through the Directory Server access
>>>log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see
>>>which BIND dn is failing.  It could be a different user/account.
>>>
>>>So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
>>>[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101
>>>nentries=0 etime=0 notes=U
>>>[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from
>>>local to /var/run/slapd-INSTANCE-COM.socke t
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory
>>>manager" method=128 version=3
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97
>>>nentries=0 etime=0
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
>>>
>>>I don't think it is that difficult to manage/change Directory Manager
>>>password but I cannot get away with it myself so I must be doing
>>>something wrong or the solutions provided (instructions) are not
>>>applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64)
>>>I have.
>>Please follow instructions in the FreeIPA's howto link above. Really, they tell you where and how you should change DM password. As I said before, you need to change more places which recorded the password at the time of install. You claim that the instruction does not work but it is very clear from the logs above that you haven't updated all places where DM password was recorded and as such, you get some code using older version of the DM password. This older version of DM password comes from one of the fails you actually did not change.
>>
>>--
>>/ Alexander Bokovoy
>
>--
>/ Alexander Bokovoy
>
>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project

-- 
/ Alexander Bokovoy



From suygur at firstderivatives.com  Mon Aug 15 11:52:58 2016
From: suygur at firstderivatives.com (Stefan Uygur)
Date: Mon, 15 Aug 2016 11:52:58 +0000
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <20160815114815.5qx2uwi5gern663v@redhat.com>
References: <38C784D32FB4354DAED01CCB1BB505351745C5E1@mail01.firstderivatives.com>
	<20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
	<20160815102757.5an2vuljyzpw725g@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>
	<20160815110538.ieo7tsaz5ep3gkpq@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B94@mail01.firstderivatives.com>
	<20160815114815.5qx2uwi5gern663v@redhat.com>
Message-ID: <38C784D32FB4354DAED01CCB1BB50535174B5BBA@mail01.firstderivatives.com>

Alexander,
The reason I am using old version is not my choice, this is what RHEL 6 has in its repos. I have 8 instances of IPA servers and they are all RHEL 6 because we have our prod RHEL 6 and not yet ready to move to RHEL 7.

As for me it is still fully supported by RedHat, otherwise why they still have this version for RHEL 6.

We have support with RH but most likely I will experience the same trouble with them when I log the case. But I will try anyway.

Thank for your help, appreciate.

Stefan

-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com] 
Sent: 15 August 2016 12:48
To: Stefan Uygur
Cc: mreynolds at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Freeipa replication issue

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>I did update the cacert but can't generate the replica file. That is 
>where I am failing, it keep saying invalid ldap credential. The strange 
>thing is trying to test/verify ldap password was working in my previous 
>attempts (following steps) which now not working either.
>
>I know you guys might be familiar with this process but I am not, and 
>to be honest it is a bit frustrating because, what is the point of 
>creating a full web UI for IPA and not having DM password change on the 
>same....
>
>Why everything has to be so complicated I mean, it is better to go back 
>to ldap though.
I can understand your frustration. However, for us it is already an old story because the problem you are facing was solved several years ago.
Given that you chose to run old version and cannot use fixes we've done (since 3.2.2, July 2013), I'm not sure what we can help other than pointing to the documentation. As you can see, the fixes actually are the same as documentation:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b402b3bc30af1e57b0451bd2ecfb121ee1739e5

As for the why 'not having DM password change on the UI', this would not help you anyway as you stuck with older version. I'm not going into details why none of the operations that require DM password is possible in the UI, though. It is not just a password change.

>
>-----Original Message-----
>From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
>Sent: 15 August 2016 12:06
>To: Stefan Uygur
>Cc: mreynolds at redhat.com; freeipa-users at redhat.com
>Subject: Re: [Freeipa-users] Freeipa replication issue
>
>On Mon, 15 Aug 2016, Stefan Uygur wrote:
>>Hi Alexander,
>>Thanks for your reply and I do remember very well your feedback of 
>>course in relation to this issue.
>>
>>The instructions are very simple, no discussion about that and I 
>>followed step by step ad exception of this step: Configure all 
>>replicas to use the new password by editing /etc/pki-ca/password.conf 
>>for Dogtag
>>9 or /etc/pki/pki-tomcat/password.conf for Dogtag 10:
>>
>>Which is not that clear to be honest as it is referring to replicas 
>>and not the master server itself.
>In IPA the term 'replica' applies to all IPA masters. All of them are replicas of each other on the base level. They may have additional services running but at the very least they have LDAP, Kerberos KDC, and HTTPd.
>
>>
>>I do not have any replica for this server, I am trying to set the 
>>first one in fact, so I don't think that step need to be re-produced 
>>in my case, unless I am really missing something in that paragraph.
>These steps have to be done on all existing IPA masters, whether you call them replicas or not.
>
>Did you update /root/cacert.p12? If so, did you re-generate the replica file afterwards? Point is, inside replica file there is a CA certificate with a private key in PKCS#12 format which is encrypted using DM password. If you have replica file generated before cacert.p12 was updated with new DM password, then cacert.p12 inside the replica file cannot be decrypted using new DM password, thus replica installation will fail.
>
>
>>
>>Thanks again
>>
>>-----Original Message-----
>>From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
>>Sent: 15 August 2016 11:28
>>To: Stefan Uygur
>>Cc: mreynolds at redhat.com; freeipa-users at redhat.com
>>Subject: Re: [Freeipa-users] Freeipa replication issue
>>
>>On Mon, 15 Aug 2016, Stefan Uygur wrote:
>>>Hi Everyone,
>>>Sorry if I have to bring this topic back again but still no solution so far. I gave up for a while but I still need to solve this problem.
>>>
>>>I followed the link provided by Mark Reynold:
>>>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Serve
>>>r
>>>/
>>>10/html/Administration_Guide/dirmnger-pwd.html#dirmnger-pwd-Resetting
>>>_
>>>P
>>>asswords
>>>
>>>I applied the instructions multiple times and also followed these instructions as well:
>>>http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>>>
>>>With no joy.
>>>
>>>Mark suggested:
>>>The problem here is that "cn=directory manager" does not exist in a 
>>>database.  It only exists in the cn=config entry, so ldappasswd will 
>>>not work.  But I'm not sure if your problem is the directory manager 
>>>account though.  You need to look through the Directory Server access 
>>>log for "err=49" (/var/log/dirsrv/slapd-INSTANCE/access), and see 
>>>which BIND dn is failing.  It could be a different user/account.
>>>
>>>So I checked the logs as well and this is all I have from logs every time I attempt to prepare the replica:
>>>[15/Aug/2016:11:03:13 +0100] conn=10 op=13 RESULT err=0 tag=101
>>>nentries=0 etime=0 notes=U
>>>[15/Aug/2016:11:03:15 +0100] conn=11 fd=70 slot=70 connection from 
>>>local to /var/run/slapd-INSTANCE-COM.socke t
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 BIND dn="cn=directory 
>>>manager" method=128 version=3
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=0 RESULT err=49 tag=97
>>>nentries=0 etime=0
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 UNBIND
>>>[15/Aug/2016:11:03:15 +0100] conn=11 op=1 fd=70 closed - U1
>>>
>>>I don't think it is that difficult to manage/change Directory Manager 
>>>password but I cannot get away with it myself so I must be doing 
>>>something wrong or the solutions provided (instructions) are not 
>>>applicable to the version of IPA (ipa-server-3.0.0-47.el6_7.2.x86_64)
>>>I have.
>>Please follow instructions in the FreeIPA's howto link above. Really, they tell you where and how you should change DM password. As I said before, you need to change more places which recorded the password at the time of install. You claim that the instruction does not work but it is very clear from the logs above that you haven't updated all places where DM password was recorded and as such, you get some code using older version of the DM password. This older version of DM password comes from one of the fails you actually did not change.
>>
>>--
>>/ Alexander Bokovoy
>
>--
>/ Alexander Bokovoy
>
>--
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project

--
/ Alexander Bokovoy



From abokovoy at redhat.com  Mon Aug 15 12:06:22 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 15 Aug 2016 15:06:22 +0300
Subject: [Freeipa-users] Freeipa replication issue
In-Reply-To: <38C784D32FB4354DAED01CCB1BB50535174B5BBA@mail01.firstderivatives.com>
References: <20160714133856.p2j66wsicr2hx7aj@redhat.com>
	<38C784D32FB4354DAED01CCB1BB505351745C60F@mail01.firstderivatives.com>
	<0f695d7e-b5d7-bed2-d72f-d4c617846189@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B49F5@mail01.firstderivatives.com>
	<20160815102757.5an2vuljyzpw725g@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B29@mail01.firstderivatives.com>
	<20160815110538.ieo7tsaz5ep3gkpq@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5B94@mail01.firstderivatives.com>
	<20160815114815.5qx2uwi5gern663v@redhat.com>
	<38C784D32FB4354DAED01CCB1BB50535174B5BBA@mail01.firstderivatives.com>
Message-ID: <20160815120622.pgr5ufdhz7atgni6@redhat.com>

On Mon, 15 Aug 2016, Stefan Uygur wrote:
>Alexander,
>The reason I am using old version is not my choice, this is what RHEL 6
>has in its repos. I have 8 instances of IPA servers and they are all
>RHEL 6 because we have our prod RHEL 6 and not yet ready to move to
>RHEL 7.
>
>As for me it is still fully supported by RedHat, otherwise why they
>still have this version for RHEL 6.
Sure, that's something to talk about with Red Hat's support people.

>We have support with RH but most likely I will experience the same
>trouble with them when I log the case. But I will try anyway.
Yes, please file a case. I think it will at least allow you to share a
bit more details on what was actually done and would allow support to go
over the problem with you in an interactive session, if needed.

We obviously cannot look into your system here, at freeipa-users@, and
thus are stuck with whatever you chose to provide us about the details
of what was done and what is not.

-- 
/ Alexander Bokovoy



From paulsmith.techie at gmail.com  Fri Aug 12 00:18:40 2016
From: paulsmith.techie at gmail.com (Paul Smith)
Date: Thu, 11 Aug 2016 20:18:40 -0400
Subject: [Freeipa-users] Troubleshooting Forest-Trust to AD
Message-ID: <CAFbifKO4HgtRVHO9+ML3GPf860v6+ixkCEUyrvf-N8HUb+Q0Vg@mail.gmail.com>

I'm having issues establishing Trust with an existing Active Directory
domain (Windows Server 2012 R2). I can get IPA up and running and have
spent the day troubleshooting DNS\Kerberos

I think the main issue is something remaining in kerberos but i'm not sure
what.
I followed the deployment and troubleshooting guide as best I could with my
environment.
The problem happens when I try the ipa trust-add. I get a message:
ipa: ERROR: AD domain controller complains about communication sequence

I know that my time zone and time is in sync with the same server.
This is a proof-of-concept design that I'd like to explore\learn more
about. Below are details on the linux environment:

*uname -a*
Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27
16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

*lsb_release -a*
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:        16.04
Codename:       xenial

*ipa --version*
VERSION: 4.3.1, API_VERSION: 2.164

If anyone can help, I'd be more than willing to post the detailed samba
logs, as this is just a local lab environment

Thanks,
Paul Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160811/7372700d/attachment.htm>

From jpazdziora at redhat.com  Mon Aug 15 13:09:08 2016
From: jpazdziora at redhat.com (Jan Pazdziora)
Date: Mon, 15 Aug 2016 15:09:08 +0200
Subject: [Freeipa-users] FreeIPA server in Docker containers -- DNS-less,
	replicas, trusts
Message-ID: <20160815130908.GA25425@redhat.com>


Hello FreeIPA users interested in running the server in containers,

recently a couple of changes were pushed to

	https://github.com/adelton/docker-freeipa

and to adelton/freeipa-server images on Docker hub that you might be
interested in:

1) Option --setup-dns is no longer forced by the container image, you
   have to specify it yourself in the ipa-server-install-options
   file, together with any --forwarder settings. This makes DNS-less
   setups easier.

2) If your setup has Domain Level > 0, you can create replicas without
   GPG-encrypted replica information file, just by specifying
   ipa-replica-install-options file. Make sure bi-directional
   communication is allowed for the containers for replication to work.

3) Package (free)ipa-server-trust-ad and its dependencies are now on
   the image, making it possible to run ipa-adtrust-install and
   ipa trust-add, typically via docker exec -ti.

As has been the case for some time, docker run needs to be invoked
with

	-v /sys/fs/cgroup:/sys/fs/cgroup:ro

to make systemd in the container happy.

The automated build storage issues at Docker hub seem to have been
fixed and Fedora 23, 24, and CentOS 7 images are now up-to-date.

You can upgrade your setup by merely using new image and giving it the
existing directory used as the /data volume. The images will attempt
to do any configuration and data upgrades automatically. Only going
from older versions to newer ones works. Having backup of the directory
for cases when something fails during the upgrade process is useful.

For more information about running FreeIPA in containers, please check

	http://www.freeipa.org/page/Docker

and README at

	https://github.com/adelton/docker-freeipa

Sincerely,

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat



From pspacek at redhat.com  Mon Aug 15 13:49:46 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 15 Aug 2016 15:49:46 +0200
Subject: [Freeipa-users] Troubleshooting Forest-Trust to AD
In-Reply-To: <CAFbifKO4HgtRVHO9+ML3GPf860v6+ixkCEUyrvf-N8HUb+Q0Vg@mail.gmail.com>
References: <CAFbifKO4HgtRVHO9+ML3GPf860v6+ixkCEUyrvf-N8HUb+Q0Vg@mail.gmail.com>
Message-ID: <9b9660ee-b62b-6859-40db-0c25d04b0370@redhat.com>

On 12.8.2016 02:18, Paul Smith wrote:
> I'm having issues establishing Trust with an existing Active Directory
> domain (Windows Server 2012 R2). I can get IPA up and running and have
> spent the day troubleshooting DNS\Kerberos
> 
> I think the main issue is something remaining in kerberos but i'm not sure
> what.
> I followed the deployment and troubleshooting guide as best I could with my
> environment.
> The problem happens when I try the ipa trust-add. I get a message:
> ipa: ERROR: AD domain controller complains about communication sequence
> 
> I know that my time zone and time is in sync with the same server.
> This is a proof-of-concept design that I'd like to explore\learn more
> about. Below are details on the linux environment:
> 
> *uname -a*
> Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27
> 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
> 
> *lsb_release -a*
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description:    Ubuntu 16.04.1 LTS
> Release:        16.04
> Codename:       xenial
> 
> *ipa --version*
> VERSION: 4.3.1, API_VERSION: 2.164
> 
> If anyone can help, I'd be more than willing to post the detailed samba
> logs, as this is just a local lab environment

I would recommend you to start with
http://www.freeipa.org/page/Troubleshooting#Trusts

:-)

-- 
Petr^2 Spacek



From abokovoy at redhat.com  Mon Aug 15 14:19:42 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 15 Aug 2016 17:19:42 +0300
Subject: [Freeipa-users] Troubleshooting Forest-Trust to AD
In-Reply-To: <9b9660ee-b62b-6859-40db-0c25d04b0370@redhat.com>
References: <CAFbifKO4HgtRVHO9+ML3GPf860v6+ixkCEUyrvf-N8HUb+Q0Vg@mail.gmail.com>
	<9b9660ee-b62b-6859-40db-0c25d04b0370@redhat.com>
Message-ID: <20160815141942.wsnji7hgbyj42yna@redhat.com>

On Mon, 15 Aug 2016, Petr Spacek wrote:
>On 12.8.2016 02:18, Paul Smith wrote:
>> I'm having issues establishing Trust with an existing Active Directory
>> domain (Windows Server 2012 R2). I can get IPA up and running and have
>> spent the day troubleshooting DNS\Kerberos
>>
>> I think the main issue is something remaining in kerberos but i'm not sure
>> what.
>> I followed the deployment and troubleshooting guide as best I could with my
>> environment.
>> The problem happens when I try the ipa trust-add. I get a message:
>> ipa: ERROR: AD domain controller complains about communication sequence
>>
>> I know that my time zone and time is in sync with the same server.
>> This is a proof-of-concept design that I'd like to explore\learn more
>> about. Below are details on the linux environment:
>>
>> *uname -a*
>> Linux dclinux.linuxtrust.local 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27
>> 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
>>
>> *lsb_release -a*
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description:    Ubuntu 16.04.1 LTS
>> Release:        16.04
>> Codename:       xenial
>>
>> *ipa --version*
>> VERSION: 4.3.1, API_VERSION: 2.164
>>
>> If anyone can help, I'd be more than willing to post the detailed samba
>> logs, as this is just a local lab environment
Unless things changed, Ubuntu-built Samba is linked with Heimdal
kerberos, not MIT Kerberos, and thus cannot be used with FreeIPA for
trust setup.

See https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249
-- 
/ Alexander Bokovoy



From Michael.Sean.Conley at raytheon.com  Mon Aug 15 17:45:28 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Mon, 15 Aug 2016 12:45:28 -0500
Subject: [Freeipa-users] Original java script I ahave been TRYING to modify
 to use the flatness that is IPA.
Message-ID: <OF1E21DB84.616FD0E7-ON86258010.0060BB11-86258010.00618C1F@raytheon.com>


Hey gang, so this is the original file I was using to get us hooked in via
LDAPS for the webpage.
Note - it has OU's instead of CN's,

Anyway, I'm still at a loss.

What do you folks think?


  <jaas:config name="karaf" rank="1">
    <jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=cn=Directory Manager
      connection.password=password
      connection.url=ldaps://aba-ldap.aba.house.com:636
      user.base.dn=ou=ApplicationUsers,ou=People,dc=aba,dc=house,dc=com
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=ou=JBoss,ou=Roles,dc=aba,dc=house,dc=com
      role.name.attribute=cn
      role.filter=
(member=uid=%u,ou=ApplicationUsers,ou=People,dc=aba,dc=house,dc=com)
      role.search.subtree=true
      role.mapping=admin=group,admin,manager,viewer,webconsole
      authentication=simple
      ssl.protocol=SSL
      ssl.truststore=truststore
      ssl.algorithm=PKIX
    </jaas:module>
  </jaas:config>

  <jaas:keystore name="truststore"
        path="file:${javax.net.ssl.trustStore}"
        keystorePassword="${javax.net.ssl.trustStorePassword}" />

</blueprint>



Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160815/58566f5f/attachment.htm>

From linov.suresh at gmail.com  Mon Aug 15 18:18:23 2016
From: linov.suresh at gmail.com (Linov Suresh)
Date: Mon, 15 Aug 2016 14:18:23 -0400
Subject: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE
Message-ID: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>

We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0


We can only add the clients from IPA Server 01, not from IPA Server 02.
When I tried to add the client from IPA Server 02, getting the error,


ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information (KDC
returned error string: NOT_ALLOWED_TO_DELEGATE)

SASL/GSSAPI authentication started

SASL username: vpham at EXAMPLE.NET

SASL SSF: 56

SASL data security layer installed.

ldap_modify: No such object (32)

        additional info: Range Check error

modifying entry "fqdn=cpe-5061747522f9.example.net
,cn=computers,cn=accounts,dc=example,dc=net"


Could you please help us to fix this?


Appreciate your help in advance,


Linov Suresh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160815/2dc1d0e7/attachment.htm>

From Steven.Jones at vuw.ac.nz  Mon Aug 15 22:34:35 2016
From: Steven.Jones at vuw.ac.nz (Steven Jones)
Date: Mon, 15 Aug 2016 22:34:35 +0000
Subject: [Freeipa-users] Limited "self" registration to IPA and an IPA group
Message-ID: <ME1PR01MB02756CA2503676D04D0B2EB3D4120@ME1PR01MB0275.ausprd01.prod.outlook.com>

Hi,


I have a request to do limited automatic/self provisioning of users provisioning to specifc server.  The idea is a lecturer would setup students  into IPA and select a specific user group from a limited drop down menu.


Is this possible to do such provisioning a very tied down / limited access with the std IPA or would that need a custom web page/ application into the API (or what ever)?


regards

Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160815/44f502d7/attachment.htm>

From dkowis+freeipa at shlrm.org  Mon Aug 15 23:15:32 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Mon, 15 Aug 2016 18:15:32 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
Message-ID: <657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>

On 08/15/2016 04:33 AM, Petr Spacek wrote:
> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
> 
> In any case, you can check server logs or use tcpdump/wireshark and see if the
> error somes from LDAP server or if it is client side error.
> 
> That would tell us where to focus.
> 

Welp, I've got a pile of logs for you:
https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0

The last few lines are probably the relevant ones.

[15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
nentries=0 etime=0
[15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
[15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1


Something tries to bind with no dn, and then fails.... I think?

--
David Kowis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160815/845027db/attachment.sig>

From rcritten at redhat.com  Tue Aug 16 01:05:14 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 15 Aug 2016 21:05:14 -0400
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
Message-ID: <57B266CA.5000906@redhat.com>

David Kowis wrote:
> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>
>> In any case, you can check server logs or use tcpdump/wireshark and see if the
>> error somes from LDAP server or if it is client side error.
>>
>> That would tell us where to focus.
>>
>
> Welp, I've got a pile of logs for you:
> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>
> The last few lines are probably the relevant ones.
>
> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
> nentries=0 etime=0
> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>
>
> Something tries to bind with no dn, and then fails.... I think?

No this is typical logging for GSSAPI (minus the error).

The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus 
SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.

rob



From dkowis+freeipa at shlrm.org  Tue Aug 16 02:27:15 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Mon, 15 Aug 2016 21:27:15 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <57B266CA.5000906@redhat.com>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
	<57B266CA.5000906@redhat.com>
Message-ID: <5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>

On 08/15/2016 08:05 PM, Rob Crittenden wrote:
> David Kowis wrote:
>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>
>>> In any case, you can check server logs or use tcpdump/wireshark and
>>> see if the
>>> error somes from LDAP server or if it is client side error.
>>>
>>> That would tell us where to focus.
>>>
>>
>> Welp, I've got a pile of logs for you:
>> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>>
>> The last few lines are probably the relevant ones.
>>
>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
>> version=3 mech=GSSAPI
>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
>> nentries=0 etime=0
>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>>
>>
>> Something tries to bind with no dn, and then fails.... I think?
> 
> No this is typical logging for GSSAPI (minus the error).
> 
> The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
> SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.
> 
> rob


searched for gssapi:

libsasl2-modules-gssapi-mit/xenial,now 2.1.26.dfsg1-14build1 i386
[installed,automatic]
  Cyrus SASL - pluggable authentication modules (GSSAPI)


Pretty sure that's the equivalent package on ubuntu

# dpkg -L libsasl2-modules-gssapi-mit
/.
/usr
/usr/lib
/usr/lib/i386-linux-gnu
/usr/lib/i386-linux-gnu/sasl2
/usr/lib/i386-linux-gnu/sasl2/libscram.so.2.0.25
/usr/lib/i386-linux-gnu/sasl2/libgs2.so.2.0.25
/usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2.0.25
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/libsasl2-modules-gssapi-mit
/usr/share/doc
/usr/share/doc/libsasl2-modules-gssapi-mit
/usr/share/doc/libsasl2-modules-gssapi-mit/copyright
/usr/lib/i386-linux-gnu/sasl2/libgs2.so.2
/usr/lib/i386-linux-gnu/sasl2/libscram.so
/usr/lib/i386-linux-gnu/sasl2/libgs2.so
/usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2
/usr/lib/i386-linux-gnu/sasl2/libscram.so.2
/usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so
/usr/share/doc/libsasl2-modules-gssapi-mit/changelog.Debian.gz
/usr/share/doc/libsasl2-modules-gssapi-mit/NEWS.Debian.gz

python-gssapi is also installed.


--
David Kowis


PS: Sorry Rob for sending it directly, I derped in the mail client

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160815/0ba09d0f/attachment.sig>

From pspacek at redhat.com  Tue Aug 16 07:23:10 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 16 Aug 2016 09:23:10 +0200
Subject: [Freeipa-users] Original java script I ahave been TRYING to
 modify to use the flatness that is IPA.
In-Reply-To: <OF1E21DB84.616FD0E7-ON86258010.0060BB11-86258010.00618C1F@raytheon.com>
References: <OF1E21DB84.616FD0E7-ON86258010.0060BB11-86258010.00618C1F@raytheon.com>
Message-ID: <7fdd08eb-ae90-9906-f74c-9e6ae79ed5c4@redhat.com>

On 15.8.2016 19:45, Michael Sean Conley wrote:
> 
> Hey gang, so this is the original file I was using to get us hooked in via
> LDAPS for the webpage.
> Note - it has OU's instead of CN's,
> 
> Anyway, I'm still at a loss.
> 
> What do you folks think?
> 
> 
>   <jaas:config name="karaf" rank="1">
>     <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>                  flags="required">
>       initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>       connection.username=cn=Directory Manager
>       connection.password=password
>       connection.url=ldaps://aba-ldap.aba.house.com:636
>       user.base.dn=ou=ApplicationUsers,ou=People,dc=aba,dc=house,dc=com
>       user.filter=(uid=%u)
>       user.search.subtree=true
>       role.base.dn=ou=JBoss,ou=Roles,dc=aba,dc=house,dc=com
>       role.name.attribute=cn
>       role.filter=
> (member=uid=%u,ou=ApplicationUsers,ou=People,dc=aba,dc=house,dc=com)
>       role.search.subtree=true
>       role.mapping=admin=group,admin,manager,viewer,webconsole
>       authentication=simple
>       ssl.protocol=SSL
>       ssl.truststore=truststore
>       ssl.algorithm=PKIX
>     </jaas:module>
>   </jaas:config>
> 
>   <jaas:keystore name="truststore"
>         path="file:${javax.net.ssl.trustStore}"
>         keystorePassword="${javax.net.ssl.trustStorePassword}" />
> 
> </blueprint>

Hi,

Rob already replied to your previous e-mail with probable cause:

>>        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>>        connection.username=cn=ddfusr
>>        connection.password=iloveaba!
>>        connection.url=ldaps://aba-idam.aba.house.com:636
>>        user.base.dn=cn=users,cn=accounts,dc=aba,dc=house,dc=com
>>        user.filter=(uid=%u)
>>        user.search.subtree=true
>>        role.base.dn=cn=JBoss,cn=users,cn=accounts,dc=aba,dc=house,dc=com
>>        role.name.attribute=cn
>>
>> role.filter=(member=uid=%u,cn=users,cn=accounts,dc=aba,dc=house,dc=com)
>>        role.search.subtree=true
>>        role.mapping=admin=group,admin,manager,viewer,webconsole
>>        authentication=simple
>>        ssl.protocol=SSL
>>        ssl.truststore=truststore
>>        ssl.algorithm=PKIX
>>      </jaas:module>
>>    </jaas:config>
>>
>> and I tried to log in with the ddfusr account and....
>>
>> Error 32.
>
> You're still using the wrong user to bind. There is no cn=ddfusr. At
> best there is a uid=ddfusr if the user.base is automatically added
> (which it probably isn't).
>
> It probably needs to be
> uid=ddfusr,cn=users,cn=accounts,dc=aba,dc=home,dc=com just like in the
> ldapsearch.
>
> rob

I would start with fixing connection.username so it points to an actual user
object in LDAP.

It is hard to advise something else because I'm not familiar with the
software. If you have some documentation for the LDAPLogin module I can have a
look but a quick google query did not turn up docs to me.

-- 
Petr^2 Spacek



From pspacek at redhat.com  Tue Aug 16 07:25:42 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 16 Aug 2016 09:25:42 +0200
Subject: [Freeipa-users] KDC returned error string:
 NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
Message-ID: <646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>

On 15.8.2016 20:18, Linov Suresh wrote:
> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
> 
> 
> We can only add the clients from IPA Server 01, not from IPA Server 02.
> When I tried to add the client from IPA Server 02, getting the error,
> 
> 
> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure.  Minor code may provide more information (KDC
> returned error string: NOT_ALLOWED_TO_DELEGATE)
> 
> SASL/GSSAPI authentication started
> 
> SASL username: vpham at EXAMPLE.NET
> 
> SASL SSF: 56
> 
> SASL data security layer installed.
> 
> ldap_modify: No such object (32)
> 
>         additional info: Range Check error
> 
> modifying entry "fqdn=cpe-5061747522f9.example.net
> ,cn=computers,cn=accounts,dc=example,dc=net"
> 
> 
> Could you please help us to fix this?

We need to see exact steps you did before we can give you any meaningful advice.

Please have a look at
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html

It is a very nice document which describes general bug reporting procedure and
best practices.

We will certainly have a look but we need first see the information :-)

-- 
Petr^2 Spacek



From pspacek at redhat.com  Tue Aug 16 07:29:20 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 16 Aug 2016 09:29:20 +0200
Subject: [Freeipa-users] Limited "self" registration to IPA and an IPA
 group
In-Reply-To: <ME1PR01MB02756CA2503676D04D0B2EB3D4120@ME1PR01MB0275.ausprd01.prod.outlook.com>
References: <ME1PR01MB02756CA2503676D04D0B2EB3D4120@ME1PR01MB0275.ausprd01.prod.outlook.com>
Message-ID: <b9474de8-3612-9cf3-c1a3-b1c430a59951@redhat.com>

On 16.8.2016 00:34, Steven Jones wrote:
> Hi,
> 
> 
> I have a request to do limited automatic/self provisioning of users provisioning to specifc server.  The idea is a lecturer would setup students  into IPA and select a specific user group from a limited drop down menu.
> 
> 
> Is this possible to do such provisioning a very tied down / limited access with the std IPA or would that need a custom web page/ application into the API (or what ever)?

FreeIPA currently does not have pre-baked user interface to do this.

If you really want, it should be possible manually tune IPA permissions (or
LDAP Access Control Instructions directly) to do what you are asking for.

If you decide to implement this, feel free to ask this list - we will try to
help you.


If you don't implement this youself, you can use
https://fedorahosted.org/freeipa/ticket/5876
for tracking purposes.

-- 
Petr^2 Spacek



From techpkiuser at gmail.com  Tue Aug 16 09:24:41 2016
From: techpkiuser at gmail.com (Kaamel Periora)
Date: Tue, 16 Aug 2016 14:54:41 +0530
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
	<20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
Message-ID: <CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>

Thanks Rob and Fraser, appreciate your time in replying.

Currently we are not using FreeIPA but dogtag 9 as an standalone system
with RA and OCSP as well.

We thought of migrating to the FreeIPA after looking at the the ease of
management and excellent support community behind.

We require SSL/TLS server certificates and user certificates as well.

Currently our major issue is the continuous changes (not stable) in the
underlying OS which is Fedora. If we proceed with Dogtag over CentOS or
RedHat, will that suffice the stability requirements while delivering the
same level of integration with Fedora?

your opinion is much appreciated.

Kaamel

On Fri, Aug 12, 2016 at 6:10 AM, Fraser Tweedale <ftweedal at redhat.com>
wrote:

> On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> > Kamal Perera wrote:
> > > Dear all,
> > >
> > > Seeking your kind advices.
> > >
> > > If the requirement is for having a scalable corporate CA only, is it
> > > possible to get this requirement fulfilled with DogTag only, or install
> > > FreeIPA and use the CA functionality only.
> >
> > IPA limits dogtag to only those features it is interested in. This has
> been
> > expanding recently but you still lose some functionality.
> >
> > IMHO if all you want is a CA then managing IPA is overkill.
> >
> > > What are the functional differences and support limitations?
> >
> > Functionally it depends on what version of IPA you're talking about.
> Older
> > versions only exposed server certificates. Newer versions support user
> > certifications, custom profiles and more. It is still just a subset of
> what
> > dogtag supports.
> >
> > Support from whom? The dogtag community is happy to help (they've always
> > helped us).
> >
> There are lots of questions that can help you decide which path to
> take: what kinds of certs do you want to issue; to what entities;
> who will issue them; are you already using FreeIPA in your
> organisation?
>
> In regards to functional differences, Dogtag CA and KRA are
> supported with FreeIPA; token processing and standalone OCSP are
> not.  I disagree somewhat with Rob in that unless you need those
> other Dogtag subsystems, I see little disadvantage in using FreeIPA.
> It definitely makes deploying the CA easier and managing renewals
> easier.
>
> The more you tell us of your requirements, the more we can help :)
>
> Thanks,
> Fraser
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/ef00c956/attachment.htm>

From ftweedal at redhat.com  Tue Aug 16 09:34:08 2016
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Tue, 16 Aug 2016 19:34:08 +1000
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
	<20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>
Message-ID: <20160816093408.GT23927@dhcp-40-8.bne.redhat.com>

On Tue, Aug 16, 2016 at 02:54:41PM +0530, Kaamel Periora wrote:
> Thanks Rob and Fraser, appreciate your time in replying.
> 
> Currently we are not using FreeIPA but dogtag 9 as an standalone system
> with RA and OCSP as well.
> 
> We thought of migrating to the FreeIPA after looking at the the ease of
> management and excellent support community behind.
> 
> We require SSL/TLS server certificates and user certificates as well.
> 
> Currently our major issue is the continuous changes (not stable) in the
> underlying OS which is Fedora. If we proceed with Dogtag over CentOS or
> RedHat, will that suffice the stability requirements while delivering the
> same level of integration with Fedora?
> 
> your opinion is much appreciated.
> 
> Kaamel
> 
FreeIPA and Dogtag are both available in RHEL and CentOS, so you can
have FreeIPA's ease of management on a less rapidly-evolving
platform.

Caveat: the standalone OCSP subsystem is not supported on RHEL, but
the CA subsystem has an inbuilt OCSP responder which may suffice.

Thanks,
Fraser

> On Fri, Aug 12, 2016 at 6:10 AM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
> 
> > On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> > > Kamal Perera wrote:
> > > > Dear all,
> > > >
> > > > Seeking your kind advices.
> > > >
> > > > If the requirement is for having a scalable corporate CA only, is it
> > > > possible to get this requirement fulfilled with DogTag only, or install
> > > > FreeIPA and use the CA functionality only.
> > >
> > > IPA limits dogtag to only those features it is interested in. This has
> > been
> > > expanding recently but you still lose some functionality.
> > >
> > > IMHO if all you want is a CA then managing IPA is overkill.
> > >
> > > > What are the functional differences and support limitations?
> > >
> > > Functionally it depends on what version of IPA you're talking about.
> > Older
> > > versions only exposed server certificates. Newer versions support user
> > > certifications, custom profiles and more. It is still just a subset of
> > what
> > > dogtag supports.
> > >
> > > Support from whom? The dogtag community is happy to help (they've always
> > > helped us).
> > >
> > There are lots of questions that can help you decide which path to
> > take: what kinds of certs do you want to issue; to what entities;
> > who will issue them; are you already using FreeIPA in your
> > organisation?
> >
> > In regards to functional differences, Dogtag CA and KRA are
> > supported with FreeIPA; token processing and standalone OCSP are
> > not.  I disagree somewhat with Rob in that unless you need those
> > other Dogtag subsystems, I see little disadvantage in using FreeIPA.
> > It definitely makes deploying the CA easier and managing renewals
> > easier.
> >
> > The more you tell us of your requirements, the more we can help :)
> >
> > Thanks,
> > Fraser
> >



From techpkiuser at gmail.com  Tue Aug 16 10:59:02 2016
From: techpkiuser at gmail.com (Kaamel Periora)
Date: Tue, 16 Aug 2016 16:29:02 +0530
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <20160816093408.GT23927@dhcp-40-8.bne.redhat.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
	<20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>
	<20160816093408.GT23927@dhcp-40-8.bne.redhat.com>
Message-ID: <CAA0gsCOGOjV0XG8CWpD0jQNgy9410Nwhooc41-g1EhH-yBsQXA@mail.gmail.com>

Thanks Fraser.

So basically i can rule out FreeIPA and go ahead with DogTag.

According to our security requirements, it is not wise to let the genral
public access to the OCSP service running on the CA. I suppose having an
OCSP over Fedora while the others run on CentOS would do.

how about RA, can i have it over CentOS?

On Tue, Aug 16, 2016 at 3:04 PM, Fraser Tweedale <ftweedal at redhat.com>
wrote:

> On Tue, Aug 16, 2016 at 02:54:41PM +0530, Kaamel Periora wrote:
> > Thanks Rob and Fraser, appreciate your time in replying.
> >
> > Currently we are not using FreeIPA but dogtag 9 as an standalone system
> > with RA and OCSP as well.
> >
> > We thought of migrating to the FreeIPA after looking at the the ease of
> > management and excellent support community behind.
> >
> > We require SSL/TLS server certificates and user certificates as well.
> >
> > Currently our major issue is the continuous changes (not stable) in the
> > underlying OS which is Fedora. If we proceed with Dogtag over CentOS or
> > RedHat, will that suffice the stability requirements while delivering the
> > same level of integration with Fedora?
> >
> > your opinion is much appreciated.
> >
> > Kaamel
> >
> FreeIPA and Dogtag are both available in RHEL and CentOS, so you can
> have FreeIPA's ease of management on a less rapidly-evolving
> platform.
>
> Caveat: the standalone OCSP subsystem is not supported on RHEL, but
> the CA subsystem has an inbuilt OCSP responder which may suffice.
>
> Thanks,
> Fraser
>
> > On Fri, Aug 12, 2016 at 6:10 AM, Fraser Tweedale <ftweedal at redhat.com>
> > wrote:
> >
> > > On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> > > > Kamal Perera wrote:
> > > > > Dear all,
> > > > >
> > > > > Seeking your kind advices.
> > > > >
> > > > > If the requirement is for having a scalable corporate CA only, is
> it
> > > > > possible to get this requirement fulfilled with DogTag only, or
> install
> > > > > FreeIPA and use the CA functionality only.
> > > >
> > > > IPA limits dogtag to only those features it is interested in. This
> has
> > > been
> > > > expanding recently but you still lose some functionality.
> > > >
> > > > IMHO if all you want is a CA then managing IPA is overkill.
> > > >
> > > > > What are the functional differences and support limitations?
> > > >
> > > > Functionally it depends on what version of IPA you're talking about.
> > > Older
> > > > versions only exposed server certificates. Newer versions support
> user
> > > > certifications, custom profiles and more. It is still just a subset
> of
> > > what
> > > > dogtag supports.
> > > >
> > > > Support from whom? The dogtag community is happy to help (they've
> always
> > > > helped us).
> > > >
> > > There are lots of questions that can help you decide which path to
> > > take: what kinds of certs do you want to issue; to what entities;
> > > who will issue them; are you already using FreeIPA in your
> > > organisation?
> > >
> > > In regards to functional differences, Dogtag CA and KRA are
> > > supported with FreeIPA; token processing and standalone OCSP are
> > > not.  I disagree somewhat with Rob in that unless you need those
> > > other Dogtag subsystems, I see little disadvantage in using FreeIPA.
> > > It definitely makes deploying the CA easier and managing renewals
> > > easier.
> > >
> > > The more you tell us of your requirements, the more we can help :)
> > >
> > > Thanks,
> > > Fraser
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/91daf06a/attachment.htm>

From ftweedal at redhat.com  Tue Aug 16 11:55:48 2016
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Tue, 16 Aug 2016 21:55:48 +1000
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <CAA0gsCOGOjV0XG8CWpD0jQNgy9410Nwhooc41-g1EhH-yBsQXA@mail.gmail.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
	<20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>
	<20160816093408.GT23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCOGOjV0XG8CWpD0jQNgy9410Nwhooc41-g1EhH-yBsQXA@mail.gmail.com>
Message-ID: <20160816115548.GU23927@dhcp-40-8.bne.redhat.com>

On Tue, Aug 16, 2016 at 04:29:02PM +0530, Kaamel Periora wrote:
> Thanks Fraser.
> 
> So basically i can rule out FreeIPA and go ahead with DogTag.
> 
> According to our security requirements, it is not wise to let the genral
> public access to the OCSP service running on the CA. I suppose having an
> OCSP over Fedora while the others run on CentOS would do.
> 
Sure, you can deploy it that way.  I do not know of anyone who has
done so but it should work.

> how about RA, can i have it over CentOS?
> 
We no longer have a separate RA subsystem.  RA capabilities are
conceptually part of the CA subsystem now.

> On Tue, Aug 16, 2016 at 3:04 PM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
> 
> > On Tue, Aug 16, 2016 at 02:54:41PM +0530, Kaamel Periora wrote:
> > > Thanks Rob and Fraser, appreciate your time in replying.
> > >
> > > Currently we are not using FreeIPA but dogtag 9 as an standalone system
> > > with RA and OCSP as well.
> > >
> > > We thought of migrating to the FreeIPA after looking at the the ease of
> > > management and excellent support community behind.
> > >
> > > We require SSL/TLS server certificates and user certificates as well.
> > >
> > > Currently our major issue is the continuous changes (not stable) in the
> > > underlying OS which is Fedora. If we proceed with Dogtag over CentOS or
> > > RedHat, will that suffice the stability requirements while delivering the
> > > same level of integration with Fedora?
> > >
> > > your opinion is much appreciated.
> > >
> > > Kaamel
> > >
> > FreeIPA and Dogtag are both available in RHEL and CentOS, so you can
> > have FreeIPA's ease of management on a less rapidly-evolving
> > platform.
> >
> > Caveat: the standalone OCSP subsystem is not supported on RHEL, but
> > the CA subsystem has an inbuilt OCSP responder which may suffice.
> >
> > Thanks,
> > Fraser
> >
> > > On Fri, Aug 12, 2016 at 6:10 AM, Fraser Tweedale <ftweedal at redhat.com>
> > > wrote:
> > >
> > > > On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> > > > > Kamal Perera wrote:
> > > > > > Dear all,
> > > > > >
> > > > > > Seeking your kind advices.
> > > > > >
> > > > > > If the requirement is for having a scalable corporate CA only, is
> > it
> > > > > > possible to get this requirement fulfilled with DogTag only, or
> > install
> > > > > > FreeIPA and use the CA functionality only.
> > > > >
> > > > > IPA limits dogtag to only those features it is interested in. This
> > has
> > > > been
> > > > > expanding recently but you still lose some functionality.
> > > > >
> > > > > IMHO if all you want is a CA then managing IPA is overkill.
> > > > >
> > > > > > What are the functional differences and support limitations?
> > > > >
> > > > > Functionally it depends on what version of IPA you're talking about.
> > > > Older
> > > > > versions only exposed server certificates. Newer versions support
> > user
> > > > > certifications, custom profiles and more. It is still just a subset
> > of
> > > > what
> > > > > dogtag supports.
> > > > >
> > > > > Support from whom? The dogtag community is happy to help (they've
> > always
> > > > > helped us).
> > > > >
> > > > There are lots of questions that can help you decide which path to
> > > > take: what kinds of certs do you want to issue; to what entities;
> > > > who will issue them; are you already using FreeIPA in your
> > > > organisation?
> > > >
> > > > In regards to functional differences, Dogtag CA and KRA are
> > > > supported with FreeIPA; token processing and standalone OCSP are
> > > > not.  I disagree somewhat with Rob in that unless you need those
> > > > other Dogtag subsystems, I see little disadvantage in using FreeIPA.
> > > > It definitely makes deploying the CA easier and managing renewals
> > > > easier.
> > > >
> > > > The more you tell us of your requirements, the more we can help :)
> > > >
> > > > Thanks,
> > > > Fraser
> > > >
> >



From mkosek at redhat.com  Tue Aug 16 11:58:07 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Tue, 16 Aug 2016 13:58:07 +0200
Subject: [Freeipa-users] KDC returned error string:
 NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
Message-ID: <420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>

On 08/16/2016 09:25 AM, Petr Spacek wrote:
> On 15.8.2016 20:18, Linov Suresh wrote:
>> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
>>
>>
>> We can only add the clients from IPA Server 01, not from IPA Server 02.
>> When I tried to add the client from IPA Server 02, getting the error,
>>
>>
>> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
>> Unspecified GSS failure.  Minor code may provide more information (KDC
>> returned error string: NOT_ALLOWED_TO_DELEGATE)
>>
>> SASL/GSSAPI authentication started
>>
>> SASL username: vpham at EXAMPLE.NET
>>
>> SASL SSF: 56
>>
>> SASL data security layer installed.
>>
>> ldap_modify: No such object (32)
>>
>>         additional info: Range Check error
>>
>> modifying entry "fqdn=cpe-5061747522f9.example.net
>> ,cn=computers,cn=accounts,dc=example,dc=net"
>>
>>
>> Could you please help us to fix this?
> 
> We need to see exact steps you did before we can give you any meaningful advice.
> 
> Please have a look at
> http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
> 
> It is a very nice document which describes general bug reporting procedure and
> best practices.
> 
> We will certainly have a look but we need first see the information :-)
> 

Also, using IPA on RHEL-6.4 is discouraged. This is a really old release and
there are known issues (in cert renewals for example). Using at least RHEL-6.8
or, even better, RHEL-7.2 is preferred and would help you avoid known issues
and deficiencies (and the newer FreeIPA versions are way cooler anyway).



From g.schmitz at gtrs.de  Tue Aug 16 12:48:07 2016
From: g.schmitz at gtrs.de (Guido Schmitz)
Date: Tue, 16 Aug 2016 14:48:07 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
Message-ID: <bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>

> 
> Any tool which can do key import from file into PKCS#11 token should work, in
> theory.

I've tried pkcs11-tool from the OpenSC project and p11tool from GnuTLS.
p11tool seems to be able to take some (undocumented?) flags from the
command line when importing, but p11tool does not seem to work with
SoftHSM. So I've tried the procedure you suggested:

> 
> If you do not find any such tool, it will be easiest to patch softhsm2-util to
> set the flag to TRUE on import. I'm attaching quick and dirty patch which
> should do the job (for softhsm compiled against OpenSSL).
> 
> 1. Get the sources:
> $ git clone https://github.com/opendnssec/SoftHSMv2.git
> 
> 2. Apply the patch:
> git am 0001-HACK-for-OpenSSL-version-import-all-keys-with-CKA_EX.patch
> 
> 3. Use how-to
> https://github.com/opendnssec/SoftHSMv2/#installation
> to compile the tool.
> 
> 4. You do not need to install the library into system paths, just execute the
> softhsm2-util binary from the build directory to do import and use standard
> library as before.
> 
> I hope it will help. Please let me know your findings so I can submit improved
> patch upstream (if we were successful).
> 

Your patch was not sufficient enough. I've added a patch (to be applied
on top of your patch), which extends your patch to set the extractable flag.

Now, after a new import, the keys are indeed marked as extractable in
SoftHSM and (automatically) copied into the LDAP subtree
cn=keys,cn=sec,cn=dns.

I've noticed that the following flags of the keys still differ in the
output of "python2
/usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py":
'ipk11alwayssensitive': True for keys generated by IPA, False for
imported keys
'ipk11local': True for keys generated by IPA, False for imported keys

I do not know, if these flags are important for the whole process to
work, but I also do not know how to set these flags.

The imported keys are still not used by BIND: The keys are not added to
the zone subtree (cn=keys,idnsname=myzone.com,cn=dns) in LDAP, but the
command "sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf
ods-ksmutil key list --verbose" shows, that the newly imported key (I've
carried out tests only with the KSK so far) is assigned to the zone and
is in state "active".

-Guido
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-HACK-for-OpenSSL-version-import-all-keys-with-CKA_EX.patch
Type: text/x-patch
Size: 2076 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/6f9a0fbc/attachment.bin>

From deepak_dimri at hotmail.com  Tue Aug 16 13:43:46 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 16 Aug 2016 09:43:46 -0400
Subject: [Freeipa-users] Ansible Playbook
Message-ID: <SNT152-W583C1981CC6CBEB1E3EE8FF5130@phx.gbl>

Hi All,
I am looking to write ansible playbook to automatically register my EC2 instances as freeIPA clients to my IPA Server and then add the client(s) to a particular hostgroup based on EC2 tag value. For example EC2 tag key value= prod will add the client to prod hostgroup. I am wondering if there is any freeIPA client module available for this purpose already that i can leverage?
Many Thanks,Deepak


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/cec56e54/attachment.htm>

From Michael.Sean.Conley at raytheon.com  Tue Aug 16 13:49:57 2016
From: Michael.Sean.Conley at raytheon.com (Michael Sean Conley)
Date: Tue, 16 Aug 2016 08:49:57 -0500
Subject: [Freeipa-users] Original java script I have been TRYING to
 modify to use the flatness that is IPA.
In-Reply-To: <mailman.23876.1471339485.3910.freeipa-users@redhat.com>
References: <mailman.23876.1471339485.3910.freeipa-users@redhat.com>
Message-ID: <OF13D7623E.E3683852-ON86258011.004AB49B-86258011.004BFC04@raytheon.com>

So, I did a lot more research on our issue.

We fixed it - Miller time was had by all that wanted a good beer.

Did some ldap searches  - to get the specific binding user - we did this...

ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=users,cn=accounts,dc=aba,dc=home,dc=com' '(uid=ddf)' uid

And made sure to enter in the full connection.username and its associated
context. - Rob was exactly right!
but, we still got errors until we looked at the role (ahem: Roles) played
in the game.


So, the Roles were REALLY important in the script...

We created a role called admin, and added the user as the script REALLY
needs the user to be an admin - I dunno why, but the developers said so,
so....

we then did an ldap search on the role of admin....

ldapsearch -Z -H ldap://aba-idam.aba.home.com -D
'uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com' -W -b
'cn=admin,cn=groups,cn=compat,dc=aba,dc=home,dc=com' 'cn=admin'

then entering those properties as below...

 <ext:property-placeholder />

  <jaas:config name="karaf" rank="1">
    <jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory

connection.username=uid=ddf,cn=users,cn=accounts,dc=aba,dc=home,dc=com
      connection.password=iloveaba!
      connection.url=ldaps://aba-idam.aba.home.com:636
      user.base.dn=cn=users,cn=accounts,dc=aba,dc=home,dc=com
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=cn=groups,cn=compat,dc=aba,dc=home,dc=com
      role.name.attribute=cn
      role.filter=(member=uid=%u,cn=groups,cn=compat,dc=aba,dc=home,dc=com)
      role.search.subtree=true
      role.mapping=admin=group,admin,manager,viewer,webconsole
      authentication=simple
      ssl.protocol=SSL
      ssl.truststore=truststore
      ssl.algorithm=PKIX
    </jaas:module>
  </jaas:config>


Saved it, crossed our fingers and tried to log in to the docker object...

[admin at aba-desktop ~]$ ssh ddf at localhost -p 8101
Password authentication
Password:
 ____                  _          __  __ _
/ ___|  ___ _ ____   _(_) ___ ___|  \/  (_)_  __
\___ \ / _ \ '__\ \ / / |/ __/ _ \ |\/| | \ \/ /
 ___) |  __/ |   \ V /| | (_|  __/ |  | | |>  <
|____/ \___|_|    \_/ |_|\___\___|_|  |_|_/_/\_\

  Apache ServiceMix (7.0.0.M1)

Hit '<tab>' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown ServiceMix.

ddf at root>



BOOM!


Thank you Rob and Petr!!!!




Michael Sean Conley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/bd21e851/attachment.htm>

From ke.zhang at n-dimension.com  Tue Aug 16 14:19:47 2016
From: ke.zhang at n-dimension.com (Ke Zhang)
Date: Tue, 16 Aug 2016 10:19:47 -0400
Subject: [Freeipa-users] Integrating Samba 4 File server with FreeIPA 4.2
Message-ID: <CACuP5qaAUK7TMet_5HLTtwHoqeC4WZVbXry-1awaJigz3rGYvQ@mail.gmail.com>

Hi All,
I recently did a FreeIPA implementation and so far it seems to be all
great.
FreeIPA on CentOS 7.2 and Ubuntu 15 and 16 clients.

I'm now at the point where I want to integrate a Samba File server. I can't
seem to find any decent updated documentation.
I tried the procedure mentioned in here
https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
But doesn't seem to work. It won't authenticate.

looking at the log:

../auth/kerberos/gssapi_pac.c:116(gssapi_obtain_pac_blob) obtaining PAC via
GSSAPI gss_get_name_attribute failed: The operation or option is not
available or unsupported: No such file or directory


Are there any other updated documents? Or can someone give me the steps to
do the integration?

Thank you.


-- 
Ke Zhang - Infrastructure Specialist, N-Dimension Solutions Inc.
ke.zhang at n-dimension.com | 905-707-8884 ext 264
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/a83f53d3/attachment.htm>

From freeipa at jacobdevans.com  Tue Aug 16 14:38:28 2016
From: freeipa at jacobdevans.com (Jake)
Date: Tue, 16 Aug 2016 10:38:28 -0400 (EDT)
Subject: [Freeipa-users] Login Troubles with Centos7 and external users
 (4.2.0-15.0.1.el7.centos.17)
In-Reply-To: <20160804054546.p7lx32ywe5kel6ny@redhat.com>
References: <321512465.8453.1470248083218@vegas.jacobdevans.com>
	<20160804054546.p7lx32ywe5kel6ny@redhat.com>
Message-ID: <1929339900.22663.1471358308430@vegas.jacobdevans.com>

This was very helpful, Thank You!

Thank You, 

Jacob D. Evans 
Cloud Consultant 
717.417.8324

----- Original Message -----
From: "Alexander Bokovoy" <abokovoy at redhat.com>
To: "Jake" <freeipa at jacobdevans.com>
Cc: freeipa-users at redhat.com
Sent: Thursday, August 4, 2016 1:46:51 AM
Subject: Re: [Freeipa-users] Login Troubles with Centos7 and external users (4.2.0-15.0.1.el7.centos.17)

On Wed, 03 Aug 2016, Jake wrote:
>Hello All,
>I'm new to FreeIPA and am having some issues with my endpoints.
>
>First attempts to login as username at legacy.example.org always fail with:
>Logs on client:
>sshd[3771]: Invalid user username at legacy.example.org from 192.168.1.123
>sshd[3771]: input_userauth_request: invalid user username at legacy.example.org [preauth]
>
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1003][1][name=NOUSER]
>[sssd[be[ipa.example.com]]] [sysdb_get_real_name] (0x0040): sysdb_search_object_by_uuid did not return a single result.
>[sssd[be[ipa.example.com]]] [groups_by_user_done] (0x0040): Failed to canonicalize name, using [NOUSER].
>[sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users
>[sssd[be[ipa.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,0,Account info lookup failed
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][idnumber=1644425765]
>[sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null).
>[sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed.
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success (Success)
>
>running the command 'getent password username at legacy.example.org' on the ipa server works fine
>
>Logs from server:
>[sssd[be[ipa.example.com]]] [be_get_account_info] (0x0200): Got request for [0x1001][1][name=username]
>[sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0080): Sudomain lookup failed, will try to reset sudomain..
>[sssd[be[ipa.example.com]]] [child_sig_handler] (0x0100): child [26269] finished successfully.
>[sssd[be[ipa.example.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'legacy.example.org' as 'neutral'
>[sssd[be[ipa.example.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'neutral'
>[sssd[be[ipa.example.com]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [1432158262]: Subdomain is inactive.
>[sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: 1432158262
>[sssd[be[ipa.example.com]]] [ipa_account_info_error_text] (0x0020): Bug: dp_error is OK on failed request
>[sssd[be[ipa.example.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,1432158262,Account info lookup failed
>
>
>Stuff:
>(4) IPA Masters at ipa.example.com
>(4) root domain controllers in example.com
>(4) child domain controllers in new.example.com
>(4) second domain in legacy.example.org
>
>There is a (1) way trust between ipa.example.com and example.com (forest trust)
>There is a (1) way trust between ipa.example.com and legacy.example.org (forest with single domain)
>There is a (2) way trust between example.com and legacy.example.org (forest transitive trust)
Was the trust between example.com and legacy.example.org established
before establishing trust between IPA and any of those forest roots?

Can you check in the trust properties on AD side for both forest roots,
what is the state of name suffix routing to IPA domain? It should be
enabled for both.

If not, you need to solve conflicts.

There is a documentation reference on Microsoft side how to add
exclusion entries for name routing suffixes. This is the detailed
instruction:
https://msdn.microsoft.com/it-it/library/cc786254%28v=ws.10%29.aspx

For configuration where:
  - AD example.com trusts IPA at ipa.example.com
  - AD example.org trusts AD example.com
  - a trust is tried to be established between ipa.example.com and
    example.org and a conflict is generated in example.org for
    example.com namespace.

A sequence might be like a following one:
   1. Establish trust between example.com and ipa.example.com
   2. Establish trust between example.com and example.org
   3. Now, as Administrator in example.org, do what
https://msdn.microsoft.com/it-it/library/cc786254%28v=ws.10%29.aspx
describes for the trust 'example.com' and add exclusion entry for
ipa.example.com
   4. Establish trust between ipa.example.com and example.org

It is important to add the exclusion entry before step 4 or there will
be conflict recorded which cannot be cleared easily right now due to a
combination of bugs in both IPA and Active Directory.


>
>Users are in legacy.example.org and new.example.com
>User Computers are in new .example.com
>Linux Servers are in ipa.example.com as hostname linux.example.com
>
>Gist for kbr5.conf https://gist.github.com/JakeDEvans/8e787bc5751d3d0e8f3b18943d63f00b
>Gist for sssd.conf https://gist.github.com/JakeDEvans/ed34098b96b6e061095da85e1db58d70
>
>all other configs unmodified.
>
>Also, is it normal that the login is very slow?
>
>Thanks All,
>-Jake
>
>

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Evans, Jacob.vcf
Type: text/x-vcard
Size: 439 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/8126ca88/attachment.vcf>

From pspacek at redhat.com  Tue Aug 16 14:55:14 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 16 Aug 2016 16:55:14 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
Message-ID: <757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>

On 16.8.2016 14:48, Guido Schmitz wrote:
>>
>> Any tool which can do key import from file into PKCS#11 token should work, in
>> theory.
> 
> I've tried pkcs11-tool from the OpenSC project and p11tool from GnuTLS.
> p11tool seems to be able to take some (undocumented?) flags from the
> command line when importing, but p11tool does not seem to work with
> SoftHSM. So I've tried the procedure you suggested:
> 
>>
>> If you do not find any such tool, it will be easiest to patch softhsm2-util to
>> set the flag to TRUE on import. I'm attaching quick and dirty patch which
>> should do the job (for softhsm compiled against OpenSSL).
>>
>> 1. Get the sources:
>> $ git clone https://github.com/opendnssec/SoftHSMv2.git
>>
>> 2. Apply the patch:
>> git am 0001-HACK-for-OpenSSL-version-import-all-keys-with-CKA_EX.patch
>>
>> 3. Use how-to
>> https://github.com/opendnssec/SoftHSMv2/#installation
>> to compile the tool.
>>
>> 4. You do not need to install the library into system paths, just execute the
>> softhsm2-util binary from the build directory to do import and use standard
>> library as before.
>>
>> I hope it will help. Please let me know your findings so I can submit improved
>> patch upstream (if we were successful).
>>
> 
> Your patch was not sufficient enough. I've added a patch (to be applied
> on top of your patch), which extends your patch to set the extractable flag.

Ah, I see! I modified the wrong table, thank you for noticing that.

> Now, after a new import, the keys are indeed marked as extractable in
> SoftHSM and (automatically) copied into the LDAP subtree
> cn=keys,cn=sec,cn=dns.
> 
> I've noticed that the following flags of the keys still differ in the
> output of "python2
> /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py":
> 'ipk11alwayssensitive': True for keys generated by IPA, False for
> imported keys
> 'ipk11local': True for keys generated by IPA, False for imported keys

These two should not make any difference in our case. (They indicate that the
keys were not created inside the HSM in question and could possibly be exposed
in plain text somewhere.)

> I do not know, if these flags are important for the whole process to
> work, but I also do not know how to set these flags.
> 
> The imported keys are still not used by BIND: The keys are not added to
> the zone subtree (cn=keys,idnsname=myzone.com,cn=dns) in LDAP, but the
> command "sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf
> ods-ksmutil key list --verbose" shows, that the newly imported key (I've
> carried out tests only with the KSK so far) is assigned to the zone and
> is in state "active".

Now it is getting interesting :-)

First of all, what version of FreeIPA packages and on what distro are you
using? There are significant differences between package versions.

The export is handled by ipa-ods-exporter service on IPA DNSSEC key master
server. Look at its logs and see if it reports any errors.

I'm not sure how OpenDNSSEC handles key import. IPA is waiting on OpenDNSSEC
signer's socket for events which indicate key state change. If this does not
happen the key is not exported.

You can trigger this manually by calling command
"ods-signer ipa-full-update"
or
"ods-signer update <zone name>"

Watch the ipa-ods-exporter service logs when you run this command and watch
out for any problems. You might add debug=True to /etc/ipa/default.conf if you
need to see more details about the process.

-- 
Petr^2 Spacek



From zarko.dudic at oracle.com  Tue Aug 16 15:40:13 2016
From: zarko.dudic at oracle.com (Zarko Dudic)
Date: Tue, 16 Aug 2016 08:40:13 -0700
Subject: [Freeipa-users] ipa-server-install ERROR: IPA CA certificate not
	found in ...
Message-ID: <605a11e4-e50c-c414-1d19-c65ce882dba8@oracle.com>


Hi all,

I have the problem to install FreeIPA 4.2.0-15.0.1.el7_2.17.x86_64 with 
External CA as the Root CA. Here are details.

1) Run "ipa-server-install --external-ca", and send .csr to be signed by 
External CA, but VeriSign rejects signing this since info like 
Organization, OU, L, ST, C are missing.

2) Okay, so I try this workaround, create cert request manually with 
command:

      # certutil -R -d /tmp -a -g 2048 -s 
'CN=<fqdn>,OU=<some-ou>,O=<company>,L=<town>,ST=California,C=US'

3) I verify request via 
https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp 
(looks good)

4) Now VeriSign accepts .csr and I receive the certificate (.cer file) 
via email.

5) I also download two additional certs for trust chain, one is 
VeriSign's public primary root CA and the second one is Company's 
itermediate CA, both (.pem files)

6) Now the problem begins, run the comamnd:

    # ipa-server-install --external-cert-file=/tmp/freeipa.cer 
--external-cert-file=/tmp/Company_CA_G2.pem 
--external-cert-file=/tmp/VeriSign_Root_CA.pem -vv


One of screen messages are:

ipa         : DEBUG    stderr=
ipa         : DEBUG    Starting external process
ipa         : DEBUG    args='/usr/bin/certutil' '-d' '/tmp/tmplsusxY' 
'-M' '-n' 'CN=VeriSign Class 3 Public Primary Certification Authority - 
G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign 
Trust Network,O="VeriSign, Inc.",C=US' '-t' 'C,,'
ipa         : DEBUG    Process finished, return code=0
ipa         : DEBUG    stdout=
ipa         : DEBUG    stderr=
ipa.ipapython.install.cli.install_tool(Server): DEBUG      File 
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in 
execute
     return_value = self.run()
   File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", 
line 311, in run
     cfgr.run()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 279, in run
     self.validate()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 288, in validate
     for nothing in self._validator():
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 343, in __runner
     self._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 365, in _handle_exception
     util.raise_exc_info(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 333, in __runner
     step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 87, in run_generator_with_yield_from
     raise_exc_info(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 65, in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 517, in _configure
     validator.next()
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 343, in __runner
     self._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 421, in _handle_exception
     self.__parent._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 365, in _handle_exception
     util.raise_exc_info(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 418, in _handle_exception
     super(ComponentBase, self)._handle_exception(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 365, in _handle_exception
     util.raise_exc_info(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", 
line 333, in __runner
     step()
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 87, in run_generator_with_yield_from
     raise_exc_info(exc_info)
   File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", 
line 65, in run_generator_with_yield_from
     value = gen.send(prev_value)
   File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", 
line 63, in _install
     for nothing in self._installer(self.parent):
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 1612, in main
     install_check(self)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 263, in decorated
     func(installer)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 601, in install_check
     ca.install_check(False, None, options)
   File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 
69, in install_check
     options.external_cert_files, options.subject)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
line 1016, in load_external_cert
     "IPA CA certificate not found in %s" % (", ".join(files)))

ipa.ipapython.install.cli.install_tool(Server): DEBUG    The 
ipa-server-install command failed, exception: ScriptError: IPA CA 
certificate not found in /tmp/freeipa.cer, /tmp/Company_CA_G2.pem, 
/tmp/VeriSign_Root_CA.pem
ipa.ipapython.install.cli.install_tool(Server): ERROR    IPA CA 
certificate not found in /tmp/freeipa.cer, /tmp/Company_CA_G2.pem, 
/tmp/VeriSign_Root_CA.pem


Please let me know if any more info is needed, appreciate any help.

-- 
Thanks,
Zarko



From rcritten at redhat.com  Tue Aug 16 16:04:25 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 16 Aug 2016 12:04:25 -0400
Subject: [Freeipa-users] ipa-server-install ERROR: IPA CA certificate
 not found in ...
In-Reply-To: <605a11e4-e50c-c414-1d19-c65ce882dba8@oracle.com>
References: <605a11e4-e50c-c414-1d19-c65ce882dba8@oracle.com>
Message-ID: <57B33989.2070400@redhat.com>

Zarko Dudic wrote:
>
> Hi all,
>
> I have the problem to install FreeIPA 4.2.0-15.0.1.el7_2.17.x86_64 with
> External CA as the Root CA. Here are details.
>
> 1) Run "ipa-server-install --external-ca", and send .csr to be signed by
> External CA, but VeriSign rejects signing this since info like
> Organization, OU, L, ST, C are missing.

I seriously doubt Verisign will issue this certificate regardless of 
format. Don't confuse a CA signing certificate with a server certificate.

But who knows. Try the --subject-base option to ipa-server-install but 
note that the CN is currently unconfigurable, it will always be 
cn=Certificate Authority.

> 2) Okay, so I try this workaround, create cert request manually with
> command:
>
>       # certutil -R -d /tmp -a -g 2048 -s
> 'CN=<fqdn>,OU=<some-ou>,O=<company>,L=<town>,ST=California,C=US'

This will never work. Besides the fact that you didn't request a 
certificate with the right CA extensions, the private key that generated 
the CSR is now in a place that dogtag will never find it. This is 
unrelated to the error below but it would blow up eventually.

> 3) I verify request via
> https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
> (looks good)
>
> 4) Now VeriSign accepts .csr and I receive the certificate (.cer file)
> via email.
>
> 5) I also download two additional certs for trust chain, one is
> VeriSign's public primary root CA and the second one is Company's
> itermediate CA, both (.pem files)
>
> 6) Now the problem begins, run the comamnd:
>
>     # ipa-server-install --external-cert-file=/tmp/freeipa.cer
> --external-cert-file=/tmp/Company_CA_G2.pem
> --external-cert-file=/tmp/VeriSign_Root_CA.pem -vv

If memory serves IPA knows what the subject of it's CA should look like 
(remember subject-base?) and it isn't finding it and blowing up.

rob

>
>
> One of screen messages are:
>
> ipa         : DEBUG    stderr=
> ipa         : DEBUG    Starting external process
> ipa         : DEBUG    args='/usr/bin/certutil' '-d' '/tmp/tmplsusxY'
> '-M' '-n' 'CN=VeriSign Class 3 Public Primary Certification Authority -
> G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign
> Trust Network,O="VeriSign, Inc.",C=US' '-t' 'C,,'
> ipa         : DEBUG    Process finished, return code=0
> ipa         : DEBUG    stdout=
> ipa         : DEBUG    stderr=
> ipa.ipapython.install.cli.install_tool(Server): DEBUG      File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
>      return_value = self.run()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py",
> line 311, in run
>      cfgr.run()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 279, in run
>      self.validate()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 288, in validate
>      for nothing in self._validator():
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 343, in __runner
>      self._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 365, in _handle_exception
>      util.raise_exc_info(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 333, in __runner
>      step()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 87, in run_generator_with_yield_from
>      raise_exc_info(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 65, in run_generator_with_yield_from
>      value = gen.send(prev_value)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 517, in _configure
>      validator.next()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 343, in __runner
>      self._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 421, in _handle_exception
>      self.__parent._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 365, in _handle_exception
>      util.raise_exc_info(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 418, in _handle_exception
>      super(ComponentBase, self)._handle_exception(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 365, in _handle_exception
>      util.raise_exc_info(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
> line 333, in __runner
>      step()
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 87, in run_generator_with_yield_from
>      raise_exc_info(exc_info)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
> line 65, in run_generator_with_yield_from
>      value = gen.send(prev_value)
>    File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
> line 63, in _install
>      for nothing in self._installer(self.parent):
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
> line 1612, in main
>      install_check(self)
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
> line 263, in decorated
>      func(installer)
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
> line 601, in install_check
>      ca.install_check(False, None, options)
>    File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
> 69, in install_check
>      options.external_cert_files, options.subject)
>    File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 1016, in load_external_cert
>      "IPA CA certificate not found in %s" % (", ".join(files)))
>
> ipa.ipapython.install.cli.install_tool(Server): DEBUG    The
> ipa-server-install command failed, exception: ScriptError: IPA CA
> certificate not found in /tmp/freeipa.cer, /tmp/Company_CA_G2.pem,
> /tmp/VeriSign_Root_CA.pem
> ipa.ipapython.install.cli.install_tool(Server): ERROR    IPA CA
> certificate not found in /tmp/freeipa.cer, /tmp/Company_CA_G2.pem,
> /tmp/VeriSign_Root_CA.pem
>
>
> Please let me know if any more info is needed, appreciate any help.
>



From zarko.dudic at oracle.com  Tue Aug 16 18:00:19 2016
From: zarko.dudic at oracle.com (Zarko Dudic)
Date: Tue, 16 Aug 2016 11:00:19 -0700
Subject: [Freeipa-users] ipa-server-install ERROR: IPA CA certificate
 not found in ...
In-Reply-To: <57B33989.2070400@redhat.com>
References: <605a11e4-e50c-c414-1d19-c65ce882dba8@oracle.com>
	<57B33989.2070400@redhat.com>
Message-ID: <3860280a-7bda-b38e-6c28-ba6b646c78b8@oracle.com>

Thanks Rob. This command creates the CSR.

# ipa-server-install  --subject 
'OU=CorpArch,O=Corporation,L=Town,ST=California,C=US' --external-ca

And verification with command :

# openssl req -in /root/ipa.csr -noout -text

... shows "Subject: C=US, ST=California, L=Town, O=Corporation, 
OU=CorpArch, CN=Certificate Authority"

Since the CN is unconfigurable, how it's expected to be signed by 3rd 
party external CA, they usually want to see FQDN.

Can you please provide more details (or ref URL) about "right CA 
extensions". Thanks in advance.


On 8/16/2016 9:04 AM, Rob Crittenden wrote:
> Zarko Dudic wrote:
>>
>> Hi all,
>>
>> I have the problem to install FreeIPA 4.2.0-15.0.1.el7_2.17.x86_64 with
>> External CA as the Root CA. Here are details.
>>
>> 1) Run "ipa-server-install --external-ca", and send .csr to be signed by
>> External CA, but VeriSign rejects signing this since info like
>> Organization, OU, L, ST, C are missing.
>
> I seriously doubt Verisign will issue this certificate regardless of 
> format. Don't confuse a CA signing certificate with a server certificate.
>
> But who knows. Try the --subject-base option to ipa-server-install but 
> note that the CN is currently unconfigurable, it will always be 
> cn=Certificate Authority.
>
>> 2) Okay, so I try this workaround, create cert request manually with
>> command:
>>
>>       # certutil -R -d /tmp -a -g 2048 -s
>> 'CN=<fqdn>,OU=<some-ou>,O=<company>,L=<town>,ST=California,C=US'
>
> This will never work. Besides the fact that you didn't request a 
> certificate with the right CA extensions, the private key that 
> generated the CSR is now in a place that dogtag will never find it. 
> This is unrelated to the error below but it would blow up eventually.
>
>> 3) I verify request via
>> https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
>> (looks good)
>>
>> 4) Now VeriSign accepts .csr and I receive the certificate (.cer file)
>> via email.
>>
>> 5) I also download two additional certs for trust chain, one is
>> VeriSign's public primary root CA and the second one is Company's
>> itermediate CA, both (.pem files)
>>
>> 6) Now the problem begins, run the comamnd:
>>
>>     # ipa-server-install --external-cert-file=/tmp/freeipa.cer
>> --external-cert-file=/tmp/Company_CA_G2.pem
>> --external-cert-file=/tmp/VeriSign_Root_CA.pem -vv
>
> If memory serves IPA knows what the subject of it's CA should look 
> like (remember subject-base?) and it isn't finding it and blowing up.
>
> rob
>

-- 
Thanks,
Zarko



From abokovoy at redhat.com  Tue Aug 16 18:09:13 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 16 Aug 2016 21:09:13 +0300
Subject: [Freeipa-users] ipa-server-install ERROR: IPA CA certificate
 not found in ...
In-Reply-To: <3860280a-7bda-b38e-6c28-ba6b646c78b8@oracle.com>
References: <605a11e4-e50c-c414-1d19-c65ce882dba8@oracle.com>
	<57B33989.2070400@redhat.com>
	<3860280a-7bda-b38e-6c28-ba6b646c78b8@oracle.com>
Message-ID: <20160816180913.wpqpvmwznwrfdfya@redhat.com>

On Tue, 16 Aug 2016, Zarko Dudic wrote:
>Thanks Rob. This command creates the CSR.
>
># ipa-server-install  --subject 
>'OU=CorpArch,O=Corporation,L=Town,ST=California,C=US' --external-ca
>
>And verification with command :
>
># openssl req -in /root/ipa.csr -noout -text
>
>... shows "Subject: C=US, ST=California, L=Town, O=Corporation, 
>OU=CorpArch, CN=Certificate Authority"
>
>Since the CN is unconfigurable, how it's expected to be signed by 3rd 
>party external CA, they usually want to see FQDN.
This is not a certificate signing request for a host-based certificate.
This is a certificate signing request for a CA root certificate. It is
unlikely that you will get it signed by a public CA because that
signature basically makes your IPA CA a sub-CA.

This is quite different from signing a server certificate.

--external-ca option is provided to allow your IPA CA to be a sub-ca for
a corporate CA. I don't know any publicly available CA that could
actually sign it for you.

-- 
/ Alexander Bokovoy



From dkowis+freeipa at shlrm.org  Wed Aug 17 00:13:13 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Tue, 16 Aug 2016 19:13:13 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
	<57B266CA.5000906@redhat.com>
	<5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>
Message-ID: <34943a38-4392-3d96-d376-0da89e3f639e@shlrm.org>

On 08/15/2016 09:27 PM, David Kowis wrote:
> On 08/15/2016 08:05 PM, Rob Crittenden wrote:
>> David Kowis wrote:
>>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>>
>>>> In any case, you can check server logs or use tcpdump/wireshark and
>>>> see if the
>>>> error somes from LDAP server or if it is client side error.
>>>>
>>>> That would tell us where to focus.
>>>>
>>>
>>> Welp, I've got a pile of logs for you:
>>> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>>>
>>> The last few lines are probably the relevant ones.
>>>
>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
>>> version=3 mech=GSSAPI
>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
>>> nentries=0 etime=0
>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>>>
>>>
>>> Something tries to bind with no dn, and then fails.... I think?
>>
>> No this is typical logging for GSSAPI (minus the error).
>>
>> The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
>> SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.
>>

Still trying to figure stuff out:

root at freeipavm:/var/log/dirsrv/slapd-DARK-KOW-IS# ldapsearch -h
localhost -p 389 -x -b "" -s base -LLL SupportedSASLMechanisms
dn:
SupportedSASLMechanisms: EXTERNAL


Should I have more than just EXTERNAL when this happens? How do I debug
more about what SASL authentication stuff should be there? I'm having a
great deal of difficulty finding documentation for the 389 directory
server's SASL configuration. *If* that's even the place I should be
looking. How can I narrow this down more?

--
David Kowis


>> rob
> 
> 
> searched for gssapi:
> 
> libsasl2-modules-gssapi-mit/xenial,now 2.1.26.dfsg1-14build1 i386
> [installed,automatic]
>   Cyrus SASL - pluggable authentication modules (GSSAPI)
> 
> 
> Pretty sure that's the equivalent package on ubuntu
> 
> # dpkg -L libsasl2-modules-gssapi-mit
> /.
> /usr
> /usr/lib
> /usr/lib/i386-linux-gnu
> /usr/lib/i386-linux-gnu/sasl2
> /usr/lib/i386-linux-gnu/sasl2/libscram.so.2.0.25
> /usr/lib/i386-linux-gnu/sasl2/libgs2.so.2.0.25
> /usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2.0.25
> /usr/share
> /usr/share/lintian
> /usr/share/lintian/overrides
> /usr/share/lintian/overrides/libsasl2-modules-gssapi-mit
> /usr/share/doc
> /usr/share/doc/libsasl2-modules-gssapi-mit
> /usr/share/doc/libsasl2-modules-gssapi-mit/copyright
> /usr/lib/i386-linux-gnu/sasl2/libgs2.so.2
> /usr/lib/i386-linux-gnu/sasl2/libscram.so
> /usr/lib/i386-linux-gnu/sasl2/libgs2.so
> /usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2
> /usr/lib/i386-linux-gnu/sasl2/libscram.so.2
> /usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so
> /usr/share/doc/libsasl2-modules-gssapi-mit/changelog.Debian.gz
> /usr/share/doc/libsasl2-modules-gssapi-mit/NEWS.Debian.gz
> 
> python-gssapi is also installed.
> 
> 
> --
> David Kowis
> 
> 
> PS: Sorry Rob for sending it directly, I derped in the mail client
> 
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160816/9b4a761d/attachment.sig>

From abokovoy at redhat.com  Wed Aug 17 03:51:05 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Wed, 17 Aug 2016 06:51:05 +0300
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <34943a38-4392-3d96-d376-0da89e3f639e@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
	<57B266CA.5000906@redhat.com>
	<5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>
	<34943a38-4392-3d96-d376-0da89e3f639e@shlrm.org>
Message-ID: <20160817035105.bkropnfwyzid6bli@redhat.com>

On Tue, 16 Aug 2016, David Kowis wrote:
>On 08/15/2016 09:27 PM, David Kowis wrote:
>> On 08/15/2016 08:05 PM, Rob Crittenden wrote:
>>> David Kowis wrote:
>>>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>>>
>>>>> In any case, you can check server logs or use tcpdump/wireshark and
>>>>> see if the
>>>>> error somes from LDAP server or if it is client side error.
>>>>>
>>>>> That would tell us where to focus.
>>>>>
>>>>
>>>> Welp, I've got a pile of logs for you:
>>>> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>>>>
>>>> The last few lines are probably the relevant ones.
>>>>
>>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
>>>> version=3 mech=GSSAPI
>>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
>>>> nentries=0 etime=0
>>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
>>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>>>>
>>>>
>>>> Something tries to bind with no dn, and then fails.... I think?
>>>
>>> No this is typical logging for GSSAPI (minus the error).
>>>
>>> The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
>>> SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.
>>>
>
>Still trying to figure stuff out:
>
>root at freeipavm:/var/log/dirsrv/slapd-DARK-KOW-IS# ldapsearch -h
>localhost -p 389 -x -b "" -s base -LLL SupportedSASLMechanisms
>dn:
>SupportedSASLMechanisms: EXTERNAL
>
>
>Should I have more than just EXTERNAL when this happens? How do I debug
>more about what SASL authentication stuff should be there? I'm having a
>great deal of difficulty finding documentation for the 389 directory
>server's SASL configuration. *If* that's even the place I should be
>looking. How can I narrow this down more?
389-ds does dynamically include all supported SASL mechanisms returned
by CyrusSASL library. If you only get EXTERNAL, it means NO mechanisms
were returned by your system SASL library. The attribute
SupportedSASLMechanisms you see in the rootdse query above is read-only:
it only shows which SASL mechanisms 389-ds knows about but you cannot
influence them via this attribute. You need to look at your CyrusSASL
library system configuration.

What does 'pluginviewer' output show? Here is what Fedora 24 reports
when following packages are installed:
cyrus-sasl-2.1.26-26.2.fc24.x86_64
cyrus-sasl-md5-2.1.26-26.2.fc24.x86_64
cyrus-sasl-plain-2.1.26-26.2.fc24.x86_64
cyrus-sasl-gssapi-2.1.26-26.2.fc24.x86_64
cyrus-sasl-lib-2.1.26-26.2.fc24.x86_64

# pluginviewer 
Installed and properly configured auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , 	API version: 8
	supports store: yes

Installed and properly configured SASL (server side) mechanisms are:
  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 LOGIN PLAIN ANONYMOUS
Available SASL (server side) mechanisms matching your criteria are:
  GSS-SPNEGO GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN ANONYMOUS
List of server plugins follows
Plugin "gssapiv2" [loaded], 	API version: 4
	SASL mechanism: GSS-SPNEGO, best SSF: 56, supports setpass: no
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD|SUPPORTS_HTTP
Plugin "gssapiv2" [loaded], 	API version: 4
	SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD
Plugin "digestmd5" [loaded], 	API version: 4
	SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
	features: PROXY_AUTHENTICATION|SUPPORTS_HTTP
Plugin "crammd5" [loaded], 	API version: 4
	SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
	security flags: NO_ANONYMOUS|NO_PLAINTEXT
	features: SERVER_FIRST
Plugin "login" [loaded], 	API version: 4
	SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
	security flags: NO_ANONYMOUS|PASS_CREDENTIALS
	features:
Plugin "plain" [loaded], 	API version: 4
	SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
	security flags: NO_ANONYMOUS|PASS_CREDENTIALS
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "anonymous" [loaded], 	API version: 4
	SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
	security flags: NO_PLAINTEXT
	features: WANT_CLIENT_FIRST|DONTUSE_USERPASSWD
Installed and properly configured SASL (client side) mechanisms are:
  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 LOGIN PLAIN ANONYMOUS
Available SASL (client side) mechanisms matching your criteria are:
  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 LOGIN PLAIN ANONYMOUS
List of client plugins follows
Plugin "gssapiv2" [loaded], 	API version: 4
	SASL mechanism: GSS-SPNEGO, best SSF: 56
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "gssapiv2" [loaded], 	API version: 4
	SASL mechanism: GSSAPI, best SSF: 56
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "digestmd5" [loaded], 	API version: 4
	SASL mechanism: DIGEST-MD5, best SSF: 128
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
	features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "EXTERNAL" [loaded], 	API version: 4
	SASL mechanism: EXTERNAL, best SSF: 0
	security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "crammd5" [loaded], 	API version: 4
	SASL mechanism: CRAM-MD5, best SSF: 0
	security flags: NO_ANONYMOUS|NO_PLAINTEXT
	features: SERVER_FIRST
Plugin "login" [loaded], 	API version: 4
	SASL mechanism: LOGIN, best SSF: 0
	security flags: NO_ANONYMOUS|PASS_CREDENTIALS
	features: SERVER_FIRST
Plugin "plain" [loaded], 	API version: 4
	SASL mechanism: PLAIN, best SSF: 0
	security flags: NO_ANONYMOUS|PASS_CREDENTIALS
	features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "anonymous" [loaded], 	API version: 4
	SASL mechanism: ANONYMOUS, best SSF: 0
	security flags: NO_PLAINTEXT
	features: WANT_CLIENT_FIRST

-- 
/ Alexander Bokovoy



From techpkiuser at gmail.com  Wed Aug 17 05:22:53 2016
From: techpkiuser at gmail.com (Kaamel Periora)
Date: Wed, 17 Aug 2016 10:52:53 +0530
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <20160816115548.GU23927@dhcp-40-8.bne.redhat.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
	<20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>
	<20160816093408.GT23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCOGOjV0XG8CWpD0jQNgy9410Nwhooc41-g1EhH-yBsQXA@mail.gmail.com>
	<20160816115548.GU23927@dhcp-40-8.bne.redhat.com>
Message-ID: <CAA0gsCNxo_e1-iejbm+ypjEKEd5qK8M-8JRxBf=Y1_wHr17_aQ@mail.gmail.com>

Thanks.

One last question :)

Will that be feasible to have all the systems (CA, RA, OCSP) on top of
fedora and upgrade the OS as well as CS with the latest ones time to time.
This should not affect the exiting data or configuration. With Fedora this
seems to be a must.

On Tue, Aug 16, 2016 at 5:25 PM, Fraser Tweedale <ftweedal at redhat.com>
wrote:

> On Tue, Aug 16, 2016 at 04:29:02PM +0530, Kaamel Periora wrote:
> > Thanks Fraser.
> >
> > So basically i can rule out FreeIPA and go ahead with DogTag.
> >
> > According to our security requirements, it is not wise to let the genral
> > public access to the OCSP service running on the CA. I suppose having an
> > OCSP over Fedora while the others run on CentOS would do.
> >
> Sure, you can deploy it that way.  I do not know of anyone who has
> done so but it should work.
>
> > how about RA, can i have it over CentOS?
> >
> We no longer have a separate RA subsystem.  RA capabilities are
> conceptually part of the CA subsystem now.
>
> > On Tue, Aug 16, 2016 at 3:04 PM, Fraser Tweedale <ftweedal at redhat.com>
> > wrote:
> >
> > > On Tue, Aug 16, 2016 at 02:54:41PM +0530, Kaamel Periora wrote:
> > > > Thanks Rob and Fraser, appreciate your time in replying.
> > > >
> > > > Currently we are not using FreeIPA but dogtag 9 as an standalone
> system
> > > > with RA and OCSP as well.
> > > >
> > > > We thought of migrating to the FreeIPA after looking at the the ease
> of
> > > > management and excellent support community behind.
> > > >
> > > > We require SSL/TLS server certificates and user certificates as well.
> > > >
> > > > Currently our major issue is the continuous changes (not stable) in
> the
> > > > underlying OS which is Fedora. If we proceed with Dogtag over CentOS
> or
> > > > RedHat, will that suffice the stability requirements while
> delivering the
> > > > same level of integration with Fedora?
> > > >
> > > > your opinion is much appreciated.
> > > >
> > > > Kaamel
> > > >
> > > FreeIPA and Dogtag are both available in RHEL and CentOS, so you can
> > > have FreeIPA's ease of management on a less rapidly-evolving
> > > platform.
> > >
> > > Caveat: the standalone OCSP subsystem is not supported on RHEL, but
> > > the CA subsystem has an inbuilt OCSP responder which may suffice.
> > >
> > > Thanks,
> > > Fraser
> > >
> > > > On Fri, Aug 12, 2016 at 6:10 AM, Fraser Tweedale <
> ftweedal at redhat.com>
> > > > wrote:
> > > >
> > > > > On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> > > > > > Kamal Perera wrote:
> > > > > > > Dear all,
> > > > > > >
> > > > > > > Seeking your kind advices.
> > > > > > >
> > > > > > > If the requirement is for having a scalable corporate CA only,
> is
> > > it
> > > > > > > possible to get this requirement fulfilled with DogTag only, or
> > > install
> > > > > > > FreeIPA and use the CA functionality only.
> > > > > >
> > > > > > IPA limits dogtag to only those features it is interested in.
> This
> > > has
> > > > > been
> > > > > > expanding recently but you still lose some functionality.
> > > > > >
> > > > > > IMHO if all you want is a CA then managing IPA is overkill.
> > > > > >
> > > > > > > What are the functional differences and support limitations?
> > > > > >
> > > > > > Functionally it depends on what version of IPA you're talking
> about.
> > > > > Older
> > > > > > versions only exposed server certificates. Newer versions support
> > > user
> > > > > > certifications, custom profiles and more. It is still just a
> subset
> > > of
> > > > > what
> > > > > > dogtag supports.
> > > > > >
> > > > > > Support from whom? The dogtag community is happy to help (they've
> > > always
> > > > > > helped us).
> > > > > >
> > > > > There are lots of questions that can help you decide which path to
> > > > > take: what kinds of certs do you want to issue; to what entities;
> > > > > who will issue them; are you already using FreeIPA in your
> > > > > organisation?
> > > > >
> > > > > In regards to functional differences, Dogtag CA and KRA are
> > > > > supported with FreeIPA; token processing and standalone OCSP are
> > > > > not.  I disagree somewhat with Rob in that unless you need those
> > > > > other Dogtag subsystems, I see little disadvantage in using
> FreeIPA.
> > > > > It definitely makes deploying the CA easier and managing renewals
> > > > > easier.
> > > > >
> > > > > The more you tell us of your requirements, the more we can help :)
> > > > >
> > > > > Thanks,
> > > > > Fraser
> > > > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/0f402ef9/attachment.htm>

From ftweedal at redhat.com  Wed Aug 17 06:18:52 2016
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Wed, 17 Aug 2016 16:18:52 +1000
Subject: [Freeipa-users] FreeIPA vs DogTag CA
In-Reply-To: <CAA0gsCNxo_e1-iejbm+ypjEKEd5qK8M-8JRxBf=Y1_wHr17_aQ@mail.gmail.com>
References: <CAA0gsCM9_Jzj7a+NSOB1ohZE7uGS9CT=gChzjRun_Cso+gFMGA@mail.gmail.com>
	<57AC9FB1.1090605@redhat.com>
	<20160812004015.GG23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCN9zkm5WQy9Eu7MmT7rTz1TXLX+eeQ-RSte0iDhez22YQ@mail.gmail.com>
	<20160816093408.GT23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCOGOjV0XG8CWpD0jQNgy9410Nwhooc41-g1EhH-yBsQXA@mail.gmail.com>
	<20160816115548.GU23927@dhcp-40-8.bne.redhat.com>
	<CAA0gsCNxo_e1-iejbm+ypjEKEd5qK8M-8JRxBf=Y1_wHr17_aQ@mail.gmail.com>
Message-ID: <20160817061852.GX23927@dhcp-40-8.bne.redhat.com>

On Wed, Aug 17, 2016 at 10:52:53AM +0530, Kaamel Periora wrote:
> Thanks.
> 
> One last question :)
> 
> Will that be feasible to have all the systems (CA, RA, OCSP) on top of
> fedora and upgrade the OS as well as CS with the latest ones time to time.
> This should not affect the exiting data or configuration. With Fedora this
> seems to be a must.
> 
It is feasible, and if you want to stay on supported releases you
will need to do it more frequently on Fedora than on RHEL or CentOS,
because Fedora evolves faster and orphans old releases more eagerly.
Your choice depends on your organisation's technical requirements
and risk appetite ;)

Thanks,
Fraser

> On Tue, Aug 16, 2016 at 5:25 PM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
> 
> > On Tue, Aug 16, 2016 at 04:29:02PM +0530, Kaamel Periora wrote:
> > > Thanks Fraser.
> > >
> > > So basically i can rule out FreeIPA and go ahead with DogTag.
> > >
> > > According to our security requirements, it is not wise to let the genral
> > > public access to the OCSP service running on the CA. I suppose having an
> > > OCSP over Fedora while the others run on CentOS would do.
> > >
> > Sure, you can deploy it that way.  I do not know of anyone who has
> > done so but it should work.
> >
> > > how about RA, can i have it over CentOS?
> > >
> > We no longer have a separate RA subsystem.  RA capabilities are
> > conceptually part of the CA subsystem now.
> >
> > > On Tue, Aug 16, 2016 at 3:04 PM, Fraser Tweedale <ftweedal at redhat.com>
> > > wrote:
> > >
> > > > On Tue, Aug 16, 2016 at 02:54:41PM +0530, Kaamel Periora wrote:
> > > > > Thanks Rob and Fraser, appreciate your time in replying.
> > > > >
> > > > > Currently we are not using FreeIPA but dogtag 9 as an standalone
> > system
> > > > > with RA and OCSP as well.
> > > > >
> > > > > We thought of migrating to the FreeIPA after looking at the the ease
> > of
> > > > > management and excellent support community behind.
> > > > >
> > > > > We require SSL/TLS server certificates and user certificates as well.
> > > > >
> > > > > Currently our major issue is the continuous changes (not stable) in
> > the
> > > > > underlying OS which is Fedora. If we proceed with Dogtag over CentOS
> > or
> > > > > RedHat, will that suffice the stability requirements while
> > delivering the
> > > > > same level of integration with Fedora?
> > > > >
> > > > > your opinion is much appreciated.
> > > > >
> > > > > Kaamel
> > > > >
> > > > FreeIPA and Dogtag are both available in RHEL and CentOS, so you can
> > > > have FreeIPA's ease of management on a less rapidly-evolving
> > > > platform.
> > > >
> > > > Caveat: the standalone OCSP subsystem is not supported on RHEL, but
> > > > the CA subsystem has an inbuilt OCSP responder which may suffice.
> > > >
> > > > Thanks,
> > > > Fraser
> > > >
> > > > > On Fri, Aug 12, 2016 at 6:10 AM, Fraser Tweedale <
> > ftweedal at redhat.com>
> > > > > wrote:
> > > > >
> > > > > > On Thu, Aug 11, 2016 at 11:54:25AM -0400, Rob Crittenden wrote:
> > > > > > > Kamal Perera wrote:
> > > > > > > > Dear all,
> > > > > > > >
> > > > > > > > Seeking your kind advices.
> > > > > > > >
> > > > > > > > If the requirement is for having a scalable corporate CA only,
> > is
> > > > it
> > > > > > > > possible to get this requirement fulfilled with DogTag only, or
> > > > install
> > > > > > > > FreeIPA and use the CA functionality only.
> > > > > > >
> > > > > > > IPA limits dogtag to only those features it is interested in.
> > This
> > > > has
> > > > > > been
> > > > > > > expanding recently but you still lose some functionality.
> > > > > > >
> > > > > > > IMHO if all you want is a CA then managing IPA is overkill.
> > > > > > >
> > > > > > > > What are the functional differences and support limitations?
> > > > > > >
> > > > > > > Functionally it depends on what version of IPA you're talking
> > about.
> > > > > > Older
> > > > > > > versions only exposed server certificates. Newer versions support
> > > > user
> > > > > > > certifications, custom profiles and more. It is still just a
> > subset
> > > > of
> > > > > > what
> > > > > > > dogtag supports.
> > > > > > >
> > > > > > > Support from whom? The dogtag community is happy to help (they've
> > > > always
> > > > > > > helped us).
> > > > > > >
> > > > > > There are lots of questions that can help you decide which path to
> > > > > > take: what kinds of certs do you want to issue; to what entities;
> > > > > > who will issue them; are you already using FreeIPA in your
> > > > > > organisation?
> > > > > >
> > > > > > In regards to functional differences, Dogtag CA and KRA are
> > > > > > supported with FreeIPA; token processing and standalone OCSP are
> > > > > > not.  I disagree somewhat with Rob in that unless you need those
> > > > > > other Dogtag subsystems, I see little disadvantage in using
> > FreeIPA.
> > > > > > It definitely makes deploying the CA easier and managing renewals
> > > > > > easier.
> > > > > >
> > > > > > The more you tell us of your requirements, the more we can help :)
> > > > > >
> > > > > > Thanks,
> > > > > > Fraser
> > > > > >
> > > >
> >



From arthur at deus.pro  Wed Aug 17 07:52:16 2016
From: arthur at deus.pro (Arthur Fayzullin)
Date: Wed, 17 Aug 2016 12:52:16 +0500
Subject: [Freeipa-users] named-pkcs11 doesn't start after bind update
In-Reply-To: <CAFGv-=dsu_nrNSCLjXFq4R7fsji5GmBCvmCwTAO7hfQnGDz7+w@mail.gmail.com>
References: <CAFGv-=eCbAS58q-__0H5XzYXWiOPtGVeTjSYcfN2Gd7xptEp0w@mail.gmail.com>
	<CAFGv-=fVnoOFr6anenvewEfSK5mxZYEPxB15Y2uT=E-4CVhGWQ@mail.gmail.com>
	<b116986d-060b-76a4-7d31-09f3b56875da@redhat.com>
	<fe7a40e1-8622-7794-99c4-600f35865403@redhat.com>
	<CAFGv-=dsu_nrNSCLjXFq4R7fsji5GmBCvmCwTAO7hfQnGDz7+w@mail.gmail.com>
Message-ID: <fb469afb-c1f0-aaf2-18c2-982084f45cf9@deus.pro>

any news? I've tried to make selinux permissive and write new policy,
that didn't help.

require {
        type ipa_var_lib_t;
        type named_t;
        class dir read;
        class file { write open lock read getattr };
}

#============= named_t ==============
allow named_t ipa_var_lib_t:dir read;
allow named_t ipa_var_lib_t:file { write open lock read getattr };


22.07.2016 13:04, Roberto Cornacchia ?????:
> Ben and Petr,
>
> Thanks for your inputs, I'll keep an eye on those bug reports.
>
> Roberto
>
> On 22 July 2016 at 09:51, Petr Spacek <pspacek at redhat.com
> <mailto:pspacek at redhat.com>> wrote:
>
>     On 22.7.2016 04:43, Ben Lipton wrote:
>     > I'm not familiar enough with Fedora release engineering to know
>     how this gets
>     > fixed permanently, but I'll share some investigation I've done.
>     >
>     > This appears to be due to a change in the
>     selinux-policy-targeted package that
>     > happened recently. As of the latest version, named-pkcs11 tries
>     to run as type
>     > named_t instead of unconfined_service_t, but it isn't allowed to
>     read the
>     > files from IPA [1]. When I downgraded to the selinux-policy and
>     > selinux-policy-targeted packages from [2] I was able to start
>     named-pkcs11, so
>     > that might be a workaround you can use for now. Ultimately, the
>     patch that
>     > fixes [3] might need to be backported to F23.
>
>     This is being tracked as
>     https://bugzilla.redhat.com/show_bug.cgi?id=1357665
>
>     Stay tuned.
>
>     Petr^2 Spacek
>
>     >
>     > Ben
>     >
>     > [1]
>     > ----
>     > time->Fri Jul 22 04:17:44 2016
>     > type=AVC msg=audit(1469153864.756:705): avc:  denied  { read }
>     for pid=11616
>     > comm="named-pkcs11" name="tokens" dev="dm-0" ino=26318195
>     > scontext=system_u:system_r:named_t:s0
>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=dir
>     permissive=1
>     > ----
>     > time->Fri Jul 22 04:17:44 2016
>     > type=AVC msg=audit(1469153864.756:706): avc:  denied  { getattr
>     } for
>     > pid=11616 comm="named-pkcs11"
>     >
>     path="/var/lib/ipa/dnssec/tokens/12cfb199-b2fe-d328-0b3a-e644756b73d6/token.object"
>     > dev="dm-0" ino=609982 scontext=system_u:system_r:named_t:s0
>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>     permissive=1
>     > ----
>     > time->Fri Jul 22 04:17:44 2016
>     > type=AVC msg=audit(1469153864.756:707): avc:  denied  { read
>     write } for
>     > pid=11616 comm="named-pkcs11" name="generation" dev="dm-0"
>     ino=731584
>     > scontext=system_u:system_r:named_t:s0
>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>     permissive=1
>     > ----
>     > time->Fri Jul 22 04:17:44 2016
>     > type=AVC msg=audit(1469153864.757:708): avc:  denied  { open }
>     for pid=11616
>     > comm="named-pkcs11"
>     >
>     path="/var/lib/ipa/dnssec/tokens/12cfb199-b2fe-d328-0b3a-e644756b73d6/generation"
>     > dev="dm-0" ino=731584 scontext=system_u:system_r:named_t:s0
>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>     permissive=1
>     > ----
>     > time->Fri Jul 22 04:17:44 2016
>     > type=AVC msg=audit(1469153864.757:709): avc:  denied  { lock }
>     for pid=11616
>     > comm="named-pkcs11"
>     >
>     path="/var/lib/ipa/dnssec/tokens/12cfb199-b2fe-d328-0b3a-e644756b73d6/generation"
>     > dev="dm-0" ino=731584 scontext=system_u:system_r:named_t:s0
>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>     permissive=1
>     >
>     > [2] http://koji.fedoraproject.org/koji/buildinfo?buildID=758088
>     > [3] https://bugzilla.redhat.com/show_bug.cgi?id=1333106
>     >
>     > On 07/21/2016 05:51 PM, Roberto Cornacchia wrote:
>     >> UPDATE:
>     >>
>     >> Tried again the whole procedure with ipa-dns-install, and it
>     DOES work with
>     >> SElinux disable, and still fails with SElinux enabled.
>     >>
>     >> So the error "Failed to enumerate object store in
>     /var/lib/softhsm/tokens/"
>     >> makes sense.
>     >>
>     >> Can someone help me fix it?
>     >>
>     >> $ ll -Z /var/lib/ipa/dnssec/
>     >> total 12
>     >> -rwxrwx---. 1 ods named unconfined_u:object_r:ipa_var_lib_t:s0 
>      30 Jul 21
>     >> 22:50 softhsm_pin*
>     >> drwxrws---. 3 ods named unconfined_u:object_r:ipa_var_lib_t:s0
>     4096 Jul 21
>     >> 22:50 tokens/
>     >>
>     >>
>     >>
>     >> On 21 July 2016 at 23:11, Roberto Cornacchia
>     <roberto.cornacchia at gmail.com <mailto:roberto.cornacchia at gmail.com>
>     >> <mailto:roberto.cornacchia at gmail.com
>     <mailto:roberto.cornacchia at gmail.com>>> wrote:
>     >>
>     >>     - FC23
>     >>     - IPA 4.2.4
>     >>
>     >>     After a dnf update, bind was updated (no ipa updates),
>     >>     and named-pkcs11 doesn't start anymore.
>     >>
>     >>
>     >>     $ /usr/sbin/named-pkcs11 -d 9 -g
>     >>     21-Jul-2016 23:08:50.332 starting BIND
>     >>     9.10.3-P4-RedHat-9.10.3-13.P4.fc23 <id:ebd72b3> -d 9 -g
>     >>     21-Jul-2016 23:08:50.332 built with
>     >>     '--build=x86_64-redhat-linux-gnu'
>     '--host=x86_64-redhat-linux-gnu'
>     >>     '--program-prefix=' '--disable-dependency-tracking'
>     >>     '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>     >>     '--sbindir=/usr/sbin' '--sysconfdir=/etc'
>     '--datadir=/usr/share'
>     >>     '--includedir=/usr/include' '--libdir=/usr/lib64'
>     >>     '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>     >>     '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>     >>     '--with-python=/usr/bin/python3' '--with-libtool'
>     >>     '--localstatedir=/var' '--enable-threads' '--enable-ipv6'
>     >>     '--enable-filter-aaaa' '--with-pic' '--disable-static'
>     >>     '--disable-openssl-version-check'
>     >>     '--includedir=/usr/include/bind9' '--with-tuning=large'
>     >>     '--with-geoip' '--enable-native-pkcs11'
>     >>     '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so'
>     >>     '--with-dlopen=yes' '--with-dlz-ldap=yes'
>     >>     '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>     >>     '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes'
>     >>     '--with-gssapi=yes' '--disable-isc-spnego'
>     '--enable-fixed-rrset'
>     >>     '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>     >>     '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu'
>     >>     'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe
>     -Wall
>     >>     -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>     >>     -fstack-protector-strong --param=ssp-buffer-size=4
>     >>     -grecord-gcc-switches
>     >>     -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64
>     >>     -mtune=generic' 'LDFLAGS=-Wl,-z,relro
>     >>     -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CPPFLAGS=
>     >>     -DDIG_SIGCHASE'
>     >>     21-Jul-2016 23:08:50.332
>     >>     ----------------------------------------------------
>     >>     21-Jul-2016 23:08:50.332 BIND 9 is maintained by Internet
>     Systems
>     >>     Consortium,
>     >>     21-Jul-2016 23:08:50.332 Inc. (ISC), a non-profit 501(c)(3)
>     >>     public-benefit
>     >>     21-Jul-2016 23:08:50.332 corporation.  Support and training for
>     >>     BIND 9 are
>     >>     21-Jul-2016 23:08:50.332 available at
>     https://www.isc.org/support
>     >>     21-Jul-2016 23:08:50.332
>     >>     ----------------------------------------------------
>     >>     21-Jul-2016 23:08:50.332 adjusted limit on open files from
>     4096 to
>     >>     1048576
>     >>     21-Jul-2016 23:08:50.332 found 2 CPUs, using 2 worker threads
>     >>     21-Jul-2016 23:08:50.332 using 2 UDP listeners per interface
>     >>     21-Jul-2016 23:08:50.332 using up to 21000 sockets
>     >>     21-Jul-2016 23:08:50.332 Registering DLZ_dlopen driver
>     >>     21-Jul-2016 23:08:50.332 Registering SDLZ driver 'dlopen'
>     >>     21-Jul-2016 23:08:50.332 Registering DLZ driver 'dlopen'
>     >>     21-Jul-2016 23:08:50.335 initializing DST: PKCS#11
>     initialization
>     >>     failed
>     >>     21-Jul-2016 23:08:50.335 exiting (due to fatal error)
>     >>
>     >>     journalctl shows:
>     >>
>     >>     named-pkcs11[9085]: ObjectStore.cpp(59): Failed to enumerate
>     >>     object store in /var/lib/softhsm/tokens/
>     >>     named-pkcs11[9085]: SoftHSM.cpp(476): Could not load the
>     object store
>     >>
>     >>
>     >>
>     >>     $ ll -Z /var/lib/ipa/dnssec/
>     >>     total 12
>     >>     -rwxrwx---. 1 ods named
>     unconfined_u:object_r:ipa_var_lib_t:s0      30
>     >> Jul 21 22:50 softhsm_pin*
>     >>     drwxrws---. 3 ods named unconfined_u:object_r:ipa_var_lib_t:s0
>     >>     4096 Jul 21 22:50 tokens/
>     >>
>     >>
>     >>     - I have seen https://fedorahosted.org/freeipa/ticket/5520 , it
>     >>     doesn't help.
>     >>     - With setenforce 0, same error.
>     >>     - I have run ipa-dns-install, it recreates named.conf, tokens
>     >>     etc. named-pkcs11 still doesn't start.
>     >>
>     >>
>     >>     Please, any idea?
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go to http://freeipa.org for more info on the project
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/1b30c7e2/attachment.htm>

From g.schmitz at gtrs.de  Wed Aug 17 10:34:03 2016
From: g.schmitz at gtrs.de (Guido Schmitz)
Date: Wed, 17 Aug 2016 12:34:03 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
	<757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
Message-ID: <d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>

> 
> Now it is getting interesting :-)
> 
> First of all, what version of FreeIPA packages and on what distro are you
> using? There are significant differences between package versions.

I am running Fedora 23 (inside an LXC on a Proxmox host) with FreeIPA
4.3.1 from COPR.

> 
> The export is handled by ipa-ods-exporter service on IPA DNSSEC key master
> server. Look at its logs and see if it reports any errors.
> 
> I'm not sure how OpenDNSSEC handles key import. IPA is waiting on OpenDNSSEC
> signer's socket for events which indicate key state change. If this does not
> happen the key is not exported.
> 
> You can trigger this manually by calling command
> "ods-signer ipa-full-update"
> or
> "ods-signer update <zone name>"

First, when I triggered the sync, I got the following error message:

ipa-ods-exporter exception: Traceback (most recent call last):
  File "/usr/libexec/ipa/ipa-ods-exporter", line 721, in <module>
    sync_zone(log, ldap, dns_dn, zone_name)
  File "/usr/libexec/ipa/ipa-ods-exporter", line 539, in sync_zone
    ods_keys = get_ods_keys(zone_name)
  File "/usr/libexec/ipa/ipa-ods-exporter", line 278, in get_ods_keys
    key_data.update(ods2bind_timestamps(row['state'], key_type, ods_times))
  File "/usr/libexec/ipa/ipa-ods-exporter", line 163, in ods2bind_timestamps
    bind_times['idnsSecKeyCreated'] = ods_times['idnsSecKeyCreated']
KeyError: 'idnsSecKeyCreated'


This was caused by the field "generate" of table "keypairs" in
OpenDNSSEC's DB located at /var/opendnssec/kasp.db was empty (probably
because the key was not generated by OpenDNSSEC).

After I fixed this by entering some date into the field, the manually
triggered sync went through and the key appeared in the LDAP subtree
cn=keys,idnsname=myzone.com,cn=dns. The key, however, was still not used
by BIND.

It turned out, that I also had to set a publish time in field publish of
table dnsseckeys of /var/opendnssec/kasp.db. After this, BIND seems to
use this key now :-)



Still, there is one problem:
My old KSK uses algorithm 7 (RSASHA1NSEC3SHA1) and IPA (by default) uses
algorithm 8 (RSASHA256). The old key is correctly marked as algorithm 7
in LDAP (under attribute idnsSecAlgorithm in the entry
cn=KSK-timestamp-id,cn=keys,idnsname=myzone.com,cn=dns), but BIND seems
to ignore this attribute and assumes that it is always algorithm 8.






For documentation purposes, these are the steps I perfomed:

* Get the KSK keyfile from old setup (Kmyzone.com.+007+12345.private)

* Convert it to PEM format:
softhsm2-keyconv  --in Kmyzone.com.+007+12345.private --out ksk.pem

* Import the KSK key to SoftHSM (using the patched softhsm2-util)
sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf
/usr/src/SoftHSMv2/src/bin/util/softhsm2-util  --import ksk.pem --slot
381930204 --pin $(cat /var/lib/ipa/dnssec/softhsm_pin) --label a00001
--id a00001

(The patched softhsm2-util used a different slot number on my system. It
usually is 0, but on my setup, the patched softhsm2-util named the slot
381930204. Note that I choose a00001 as key id here. I will refer to
this id later)

* Add the key to OpenDNSSEC
sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key
import --cka_id a00001 --repository SoftHSM --zone myzone.com --bits
2048 --algorithm 7 --keystate active --keytype KSK --time 20140731131634

(Note that you need to adopt some values here, depending on your key.
These are bits, algorithm and time.)

* Switch off ods-enforcerd, so we can safely modify OpenDNSSEC's DB:
service ods-enforcerd stop

* Modify OpenDNSSEC's DB to set "generate" in table "keypairs" and
"publish" in table "dnsseckeys":

sqlite3 /var/opendnssec/kasp.db
 # lookup internal key id (below I will assume that it is 1)
 select * from keypairs where HSMkey_id='a00001';

 update keypairs set generate='2014-07-31 13:16:34' where id=1;

 update dnsseckeys set publish='2014-07-31 13:16:34' where keypair_id=1;

* Turn ods-enforcerd on again
service ods-enforcerd start

* Trigger full update
ods-signer ipa-full-update



-Guido



From pspacek at redhat.com  Wed Aug 17 11:23:26 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 17 Aug 2016 13:23:26 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
	<757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
	<d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>
Message-ID: <f3abd430-4e5b-9a31-18af-33a7fdfb6a80@redhat.com>

On 17.8.2016 12:34, Guido Schmitz wrote:
>>
>> Now it is getting interesting :-)
>>
>> First of all, what version of FreeIPA packages and on what distro are you
>> using? There are significant differences between package versions.
> 
> I am running Fedora 23 (inside an LXC on a Proxmox host) with FreeIPA
> 4.3.1 from COPR.
> 
>>
>> The export is handled by ipa-ods-exporter service on IPA DNSSEC key master
>> server. Look at its logs and see if it reports any errors.
>>
>> I'm not sure how OpenDNSSEC handles key import. IPA is waiting on OpenDNSSEC
>> signer's socket for events which indicate key state change. If this does not
>> happen the key is not exported.
>>
>> You can trigger this manually by calling command
>> "ods-signer ipa-full-update"
>> or
>> "ods-signer update <zone name>"
> 
> First, when I triggered the sync, I got the following error message:
> 
> ipa-ods-exporter exception: Traceback (most recent call last):
>   File "/usr/libexec/ipa/ipa-ods-exporter", line 721, in <module>
>     sync_zone(log, ldap, dns_dn, zone_name)
>   File "/usr/libexec/ipa/ipa-ods-exporter", line 539, in sync_zone
>     ods_keys = get_ods_keys(zone_name)
>   File "/usr/libexec/ipa/ipa-ods-exporter", line 278, in get_ods_keys
>     key_data.update(ods2bind_timestamps(row['state'], key_type, ods_times))
>   File "/usr/libexec/ipa/ipa-ods-exporter", line 163, in ods2bind_timestamps
>     bind_times['idnsSecKeyCreated'] = ods_times['idnsSecKeyCreated']
> KeyError: 'idnsSecKeyCreated'
> 
> 
> This was caused by the field "generate" of table "keypairs" in
> OpenDNSSEC's DB located at /var/opendnssec/kasp.db was empty (probably
> because the key was not generated by OpenDNSSEC).
> 
> After I fixed this by entering some date into the field, the manually
> triggered sync went through and the key appeared in the LDAP subtree
> cn=keys,idnsname=myzone.com,cn=dns. The key, however, was still not used
> by BIND.
> 
> It turned out, that I also had to set a publish time in field publish of
> table dnsseckeys of /var/opendnssec/kasp.db. After this, BIND seems to
> use this key now :-)
> 
> 
> 
> Still, there is one problem:
> My old KSK uses algorithm 7 (RSASHA1NSEC3SHA1) and IPA (by default) uses
> algorithm 8 (RSASHA256). The old key is correctly marked as algorithm 7
> in LDAP (under attribute idnsSecAlgorithm in the entry
> cn=KSK-timestamp-id,cn=keys,idnsname=myzone.com,cn=dns), but BIND seems
> to ignore this attribute and assumes that it is always algorithm 8.

Hmm, algorithm mismatch will cause DNSSEC validation to break horribly. The
generated records will not match what is indicated in DS record of the parent
zone...

Please look into
/var/named/dyndb-ldap/ipa/master/myzone.com/keys
and inspect BIND key files (*.private). Cross-check values in files with
values shown by OpenDNSSEC. All the values should match.

If they do not match, we have a bug somewhere in the synchronization
mechanism, which is possible.


Thank you very much for your effort. I've wrapped this thread into a ticket:
https://fedorahosted.org/freeipa/ticket/6223
so we do not forget to implement necessary tweaks to make migrations to
FreeIPA easier.

I really appreciate your work on this!

Petr^2 Spacek

> For documentation purposes, these are the steps I perfomed:
> 
> * Get the KSK keyfile from old setup (Kmyzone.com.+007+12345.private)
> 
> * Convert it to PEM format:
> softhsm2-keyconv  --in Kmyzone.com.+007+12345.private --out ksk.pem
> 
> * Import the KSK key to SoftHSM (using the patched softhsm2-util)
> sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf
> /usr/src/SoftHSMv2/src/bin/util/softhsm2-util  --import ksk.pem --slot
> 381930204 --pin $(cat /var/lib/ipa/dnssec/softhsm_pin) --label a00001
> --id a00001
> 
> (The patched softhsm2-util used a different slot number on my system. It
> usually is 0, but on my setup, the patched softhsm2-util named the slot
> 381930204. Note that I choose a00001 as key id here. I will refer to
> this id later)
> 
> * Add the key to OpenDNSSEC
> sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key
> import --cka_id a00001 --repository SoftHSM --zone myzone.com --bits
> 2048 --algorithm 7 --keystate active --keytype KSK --time 20140731131634
> 
> (Note that you need to adopt some values here, depending on your key.
> These are bits, algorithm and time.)
> 
> * Switch off ods-enforcerd, so we can safely modify OpenDNSSEC's DB:
> service ods-enforcerd stop
> 
> * Modify OpenDNSSEC's DB to set "generate" in table "keypairs" and
> "publish" in table "dnsseckeys":
> 
> sqlite3 /var/opendnssec/kasp.db
>  # lookup internal key id (below I will assume that it is 1)
>  select * from keypairs where HSMkey_id='a00001';
> 
>  update keypairs set generate='2014-07-31 13:16:34' where id=1;
> 
>  update dnsseckeys set publish='2014-07-31 13:16:34' where keypair_id=1;
> 
> * Turn ods-enforcerd on again
> service ods-enforcerd start
> 
> * Trigger full update
> ods-signer ipa-full-update
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek
-- 
Petr^2 Spacek



From pspacek at redhat.com  Wed Aug 17 12:17:22 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 17 Aug 2016 14:17:22 +0200
Subject: [Freeipa-users] Announcing bind-dyndb-ldap version 10.1
Message-ID: <ca73458f-38c9-f90f-01f2-da5c3855af20@redhat.com>

The FreeIPA team is proud to announce bind-dyndb-ldap version 10.1.

It can be downloaded from https://fedorahosted.org/released/bind-dyndb-ldap/

The new version has also been built for Fedora 24+:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ea30aafae1


Latest news:

10.1
====
[1] Prevent crash while reloading previously invalid but now valid DNS zone.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/166

[2] Fix zone removal to respect forward configuration inheritance.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/167

10.0
====
[1] Default TTL can be configured at zone level in dNSdefaultTTL attribute.
    Please note that changes may not be applied until server reload.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/70

[2] Certain subset of configuration options can be specified
    in idnsServerConfigObject in LDAP. Each bind-dyndb-ldap instance will
    only use values from object with idnsServerId attribute matching server_id
    configured in named.conf. This can be used for per-server configuration
    in shared LDAP tree.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/162

[2] fake_mname option can be specified in idnsServerConfigObject in LDAP.
    Please note that changes may not be applied until server reload.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/162

[3] Per-server global forwarders can be configured in idnsServerConfigObject.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/162

[4] Dynamic record generation using idnsTemplateObject and
    idnsSubstitutionVariable;ipalocation attribute from idnsServerConfigObject
    is supported. Please see README.
    Please note that changes may not be applied until server reload.
    https://fedorahosted.org/bind-dyndb-ldap/ticket/126

[5] Forwarding configuration is properly ignored for disabled master zones.

[6] Interaction between DNS root zone and global forwarding is now
    deterministic and root zone has higher priority over global forwarding.

[7] Various problems in internal event processing were fixed.

[8] Potential crash in early start-up phase was fixed.

[9] Compatibility with BIND >= 9.10.4b1 was improved


== Upgrading ==
A server can be upgraded by installing updated RPM. BIND has to be restarted
manually after the RPM installation.

Downgrading back to any 9.x version is supported as long as new features are
not used.

FreeIPA users have to upgrade to version 10.0 or newer before enabling 'DNS
locations' feature in FreeIPA.


== Advance notification: Limited compatibility with BIND 9 ==
Please note that bind-dyndb-ldap 10.x is the last branch compatible with
BIND 9.10 or older.

bind-dyndb-ldap version 11.0 will be compatible only with BIND 9.11 and newer.
At the same time, version 11.0 will introduce incompatible changes to
configuration format.


== Feedback ==
Please provide comments, report bugs, and send any other feedback via the
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users

-- 
Petr^2 Spacek



From g.schmitz at gtrs.de  Wed Aug 17 12:38:40 2016
From: g.schmitz at gtrs.de (Guido Schmitz)
Date: Wed, 17 Aug 2016 14:38:40 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <f3abd430-4e5b-9a31-18af-33a7fdfb6a80@redhat.com>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
	<757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
	<d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>
	<f3abd430-4e5b-9a31-18af-33a7fdfb6a80@redhat.com>
Message-ID: <d0791d15-f89e-80fe-3c7a-c1930c0a629a@gtrs.de>

>> Still, there is one problem:
>> My old KSK uses algorithm 7 (RSASHA1NSEC3SHA1) and IPA (by default) uses
>> algorithm 8 (RSASHA256). The old key is correctly marked as algorithm 7
>> in LDAP (under attribute idnsSecAlgorithm in the entry
>> cn=KSK-timestamp-id,cn=keys,idnsname=myzone.com,cn=dns), but BIND seems
>> to ignore this attribute and assumes that it is always algorithm 8.
> 
> Hmm, algorithm mismatch will cause DNSSEC validation to break horribly. The
> generated records will not match what is indicated in DS record of the parent
> zone...
> 
> Please look into
> /var/named/dyndb-ldap/ipa/master/myzone.com/keys
> and inspect BIND key files (*.private). Cross-check values in files with
> values shown by OpenDNSSEC. All the values should match.
> 
> If they do not match, we have a bug somewhere in the synchronization
> mechanism, which is possible.

The imported KSK does not exist in this directory (neither on the master
server nor on the replica). The keys created by IPA are present in this
directory.

Now, I also checked, if the imported KSK is used to sign the ZSK, but
there are no matching RRSIG records. (When I wrote earlier that BIND
uses the imported KSK, I only checked whether a DNSKEY record for this
KSK is present. The DNSKEY record is present, but with the wrong algorithm.)






From pspacek at redhat.com  Wed Aug 17 12:54:44 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 17 Aug 2016 14:54:44 +0200
Subject: [Freeipa-users] named-pkcs11 doesn't start after bind update
In-Reply-To: <fb469afb-c1f0-aaf2-18c2-982084f45cf9@deus.pro>
References: <CAFGv-=eCbAS58q-__0H5XzYXWiOPtGVeTjSYcfN2Gd7xptEp0w@mail.gmail.com>
	<CAFGv-=fVnoOFr6anenvewEfSK5mxZYEPxB15Y2uT=E-4CVhGWQ@mail.gmail.com>
	<b116986d-060b-76a4-7d31-09f3b56875da@redhat.com>
	<fe7a40e1-8622-7794-99c4-600f35865403@redhat.com>
	<CAFGv-=dsu_nrNSCLjXFq4R7fsji5GmBCvmCwTAO7hfQnGDz7+w@mail.gmail.com>
	<fb469afb-c1f0-aaf2-18c2-982084f45cf9@deus.pro>
Message-ID: <d9a98ba0-7bf4-fb1a-6380-c44d79ec7bee@redhat.com>

On 17.8.2016 09:52, Arthur Fayzullin wrote:
> any news?

Not really, we are waiting for SELinux policy maintainers to pick this up.

For the time being, you can try this:
1. Switch to permissive mode
$ setenforce 0

2. Watch audit log for new AVCs:
$ tail -f /var/log/audit.log | grep AVC > /tmp/avcs.log

3. Restart the named-pkcs11 service
$ systemctl restart named-pkcs11

4. Generate missing rules:
$ audit2allow /tmp/avcs.log

5. Review the rules and load the if necessary

Please post the resulting  /tmp/avcs.log and rules to the bug
https://bugzilla.redhat.com/show_bug.cgi?id=1357665
to speed things up.

Thank you!
Petr^2 Spacek

> I've tried to make selinux permissive and write new policy,
> that didn't help.
> 
> require {
>         type ipa_var_lib_t;
>         type named_t;
>         class dir read;
>         class file { write open lock read getattr };
> }
> 
> #============= named_t ==============
> allow named_t ipa_var_lib_t:dir read;
> allow named_t ipa_var_lib_t:file { write open lock read getattr };
> 
> 
> 22.07.2016 13:04, Roberto Cornacchia ?????:
>> Ben and Petr,
>>
>> Thanks for your inputs, I'll keep an eye on those bug reports.
>>
>> Roberto
>>
>> On 22 July 2016 at 09:51, Petr Spacek <pspacek at redhat.com
>> <mailto:pspacek at redhat.com>> wrote:
>>
>>     On 22.7.2016 04:43, Ben Lipton wrote:
>>     > I'm not familiar enough with Fedora release engineering to know
>>     how this gets
>>     > fixed permanently, but I'll share some investigation I've done.
>>     >
>>     > This appears to be due to a change in the
>>     selinux-policy-targeted package that
>>     > happened recently. As of the latest version, named-pkcs11 tries
>>     to run as type
>>     > named_t instead of unconfined_service_t, but it isn't allowed to
>>     read the
>>     > files from IPA [1]. When I downgraded to the selinux-policy and
>>     > selinux-policy-targeted packages from [2] I was able to start
>>     named-pkcs11, so
>>     > that might be a workaround you can use for now. Ultimately, the
>>     patch that
>>     > fixes [3] might need to be backported to F23.
>>
>>     This is being tracked as
>>     https://bugzilla.redhat.com/show_bug.cgi?id=1357665
>>
>>     Stay tuned.
>>
>>     Petr^2 Spacek
>>
>>     >
>>     > Ben
>>     >
>>     > [1]
>>     > ----
>>     > time->Fri Jul 22 04:17:44 2016
>>     > type=AVC msg=audit(1469153864.756:705): avc:  denied  { read }
>>     for pid=11616
>>     > comm="named-pkcs11" name="tokens" dev="dm-0" ino=26318195
>>     > scontext=system_u:system_r:named_t:s0
>>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=dir
>>     permissive=1
>>     > ----
>>     > time->Fri Jul 22 04:17:44 2016
>>     > type=AVC msg=audit(1469153864.756:706): avc:  denied  { getattr
>>     } for
>>     > pid=11616 comm="named-pkcs11"
>>     >
>>     path="/var/lib/ipa/dnssec/tokens/12cfb199-b2fe-d328-0b3a-e644756b73d6/token.object"
>>     > dev="dm-0" ino=609982 scontext=system_u:system_r:named_t:s0
>>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>>     permissive=1
>>     > ----
>>     > time->Fri Jul 22 04:17:44 2016
>>     > type=AVC msg=audit(1469153864.756:707): avc:  denied  { read
>>     write } for
>>     > pid=11616 comm="named-pkcs11" name="generation" dev="dm-0"
>>     ino=731584
>>     > scontext=system_u:system_r:named_t:s0
>>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>>     permissive=1
>>     > ----
>>     > time->Fri Jul 22 04:17:44 2016
>>     > type=AVC msg=audit(1469153864.757:708): avc:  denied  { open }
>>     for pid=11616
>>     > comm="named-pkcs11"
>>     >
>>     path="/var/lib/ipa/dnssec/tokens/12cfb199-b2fe-d328-0b3a-e644756b73d6/generation"
>>     > dev="dm-0" ino=731584 scontext=system_u:system_r:named_t:s0
>>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>>     permissive=1
>>     > ----
>>     > time->Fri Jul 22 04:17:44 2016
>>     > type=AVC msg=audit(1469153864.757:709): avc:  denied  { lock }
>>     for pid=11616
>>     > comm="named-pkcs11"
>>     >
>>     path="/var/lib/ipa/dnssec/tokens/12cfb199-b2fe-d328-0b3a-e644756b73d6/generation"
>>     > dev="dm-0" ino=731584 scontext=system_u:system_r:named_t:s0
>>     > tcontext=unconfined_u:object_r:ipa_var_lib_t:s0 tclass=file
>>     permissive=1
>>     >
>>     > [2] http://koji.fedoraproject.org/koji/buildinfo?buildID=758088
>>     > [3] https://bugzilla.redhat.com/show_bug.cgi?id=1333106
>>     >
>>     > On 07/21/2016 05:51 PM, Roberto Cornacchia wrote:
>>     >> UPDATE:
>>     >>
>>     >> Tried again the whole procedure with ipa-dns-install, and it
>>     DOES work with
>>     >> SElinux disable, and still fails with SElinux enabled.
>>     >>
>>     >> So the error "Failed to enumerate object store in
>>     /var/lib/softhsm/tokens/"
>>     >> makes sense.
>>     >>
>>     >> Can someone help me fix it?
>>     >>
>>     >> $ ll -Z /var/lib/ipa/dnssec/
>>     >> total 12
>>     >> -rwxrwx---. 1 ods named unconfined_u:object_r:ipa_var_lib_t:s0 
>>      30 Jul 21
>>     >> 22:50 softhsm_pin*
>>     >> drwxrws---. 3 ods named unconfined_u:object_r:ipa_var_lib_t:s0
>>     4096 Jul 21
>>     >> 22:50 tokens/
>>     >>
>>     >>
>>     >>
>>     >> On 21 July 2016 at 23:11, Roberto Cornacchia
>>     <roberto.cornacchia at gmail.com <mailto:roberto.cornacchia at gmail.com>
>>     >> <mailto:roberto.cornacchia at gmail.com
>>     <mailto:roberto.cornacchia at gmail.com>>> wrote:
>>     >>
>>     >>     - FC23
>>     >>     - IPA 4.2.4
>>     >>
>>     >>     After a dnf update, bind was updated (no ipa updates),
>>     >>     and named-pkcs11 doesn't start anymore.
>>     >>
>>     >>
>>     >>     $ /usr/sbin/named-pkcs11 -d 9 -g
>>     >>     21-Jul-2016 23:08:50.332 starting BIND
>>     >>     9.10.3-P4-RedHat-9.10.3-13.P4.fc23 <id:ebd72b3> -d 9 -g
>>     >>     21-Jul-2016 23:08:50.332 built with
>>     >>     '--build=x86_64-redhat-linux-gnu'
>>     '--host=x86_64-redhat-linux-gnu'
>>     >>     '--program-prefix=' '--disable-dependency-tracking'
>>     >>     '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>>     >>     '--sbindir=/usr/sbin' '--sysconfdir=/etc'
>>     '--datadir=/usr/share'
>>     >>     '--includedir=/usr/include' '--libdir=/usr/lib64'
>>     >>     '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>>     >>     '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>>     >>     '--with-python=/usr/bin/python3' '--with-libtool'
>>     >>     '--localstatedir=/var' '--enable-threads' '--enable-ipv6'
>>     >>     '--enable-filter-aaaa' '--with-pic' '--disable-static'
>>     >>     '--disable-openssl-version-check'
>>     >>     '--includedir=/usr/include/bind9' '--with-tuning=large'
>>     >>     '--with-geoip' '--enable-native-pkcs11'
>>     >>     '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so'
>>     >>     '--with-dlopen=yes' '--with-dlz-ldap=yes'
>>     >>     '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>>     >>     '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes'
>>     >>     '--with-gssapi=yes' '--disable-isc-spnego'
>>     '--enable-fixed-rrset'
>>     >>     '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>>     >>     '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu'
>>     >>     'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe
>>     -Wall
>>     >>     -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>>     >>     -fstack-protector-strong --param=ssp-buffer-size=4
>>     >>     -grecord-gcc-switches
>>     >>     -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64
>>     >>     -mtune=generic' 'LDFLAGS=-Wl,-z,relro
>>     >>     -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CPPFLAGS=
>>     >>     -DDIG_SIGCHASE'
>>     >>     21-Jul-2016 23:08:50.332
>>     >>     ----------------------------------------------------
>>     >>     21-Jul-2016 23:08:50.332 BIND 9 is maintained by Internet
>>     Systems
>>     >>     Consortium,
>>     >>     21-Jul-2016 23:08:50.332 Inc. (ISC), a non-profit 501(c)(3)
>>     >>     public-benefit
>>     >>     21-Jul-2016 23:08:50.332 corporation.  Support and training for
>>     >>     BIND 9 are
>>     >>     21-Jul-2016 23:08:50.332 available at
>>     https://www.isc.org/support
>>     >>     21-Jul-2016 23:08:50.332
>>     >>     ----------------------------------------------------
>>     >>     21-Jul-2016 23:08:50.332 adjusted limit on open files from
>>     4096 to
>>     >>     1048576
>>     >>     21-Jul-2016 23:08:50.332 found 2 CPUs, using 2 worker threads
>>     >>     21-Jul-2016 23:08:50.332 using 2 UDP listeners per interface
>>     >>     21-Jul-2016 23:08:50.332 using up to 21000 sockets
>>     >>     21-Jul-2016 23:08:50.332 Registering DLZ_dlopen driver
>>     >>     21-Jul-2016 23:08:50.332 Registering SDLZ driver 'dlopen'
>>     >>     21-Jul-2016 23:08:50.332 Registering DLZ driver 'dlopen'
>>     >>     21-Jul-2016 23:08:50.335 initializing DST: PKCS#11
>>     initialization
>>     >>     failed
>>     >>     21-Jul-2016 23:08:50.335 exiting (due to fatal error)
>>     >>
>>     >>     journalctl shows:
>>     >>
>>     >>     named-pkcs11[9085]: ObjectStore.cpp(59): Failed to enumerate
>>     >>     object store in /var/lib/softhsm/tokens/
>>     >>     named-pkcs11[9085]: SoftHSM.cpp(476): Could not load the
>>     object store
>>     >>
>>     >>
>>     >>
>>     >>     $ ll -Z /var/lib/ipa/dnssec/
>>     >>     total 12
>>     >>     -rwxrwx---. 1 ods named
>>     unconfined_u:object_r:ipa_var_lib_t:s0      30
>>     >> Jul 21 22:50 softhsm_pin*
>>     >>     drwxrws---. 3 ods named unconfined_u:object_r:ipa_var_lib_t:s0
>>     >>     4096 Jul 21 22:50 tokens/
>>     >>
>>     >>
>>     >>     - I have seen https://fedorahosted.org/freeipa/ticket/5520 , it
>>     >>     doesn't help.
>>     >>     - With setenforce 0, same error.
>>     >>     - I have run ipa-dns-install, it recreates named.conf, tokens
>>     >>     etc. named-pkcs11 still doesn't start.
>>     >>
>>     >>
>>     >>     Please, any idea?



From pspacek at redhat.com  Wed Aug 17 13:08:42 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 17 Aug 2016 15:08:42 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <d0791d15-f89e-80fe-3c7a-c1930c0a629a@gtrs.de>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
	<757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
	<d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>
	<f3abd430-4e5b-9a31-18af-33a7fdfb6a80@redhat.com>
	<d0791d15-f89e-80fe-3c7a-c1930c0a629a@gtrs.de>
Message-ID: <85d7fb04-cf9e-a54a-971f-950d8a020323@redhat.com>

On 17.8.2016 14:38, Guido Schmitz wrote:
>>> Still, there is one problem:
>>> My old KSK uses algorithm 7 (RSASHA1NSEC3SHA1) and IPA (by default) uses
>>> algorithm 8 (RSASHA256). The old key is correctly marked as algorithm 7
>>> in LDAP (under attribute idnsSecAlgorithm in the entry
>>> cn=KSK-timestamp-id,cn=keys,idnsname=myzone.com,cn=dns), but BIND seems
>>> to ignore this attribute and assumes that it is always algorithm 8.
>>
>> Hmm, algorithm mismatch will cause DNSSEC validation to break horribly. The
>> generated records will not match what is indicated in DS record of the parent
>> zone...
>>
>> Please look into
>> /var/named/dyndb-ldap/ipa/master/myzone.com/keys
>> and inspect BIND key files (*.private). Cross-check values in files with
>> values shown by OpenDNSSEC. All the values should match.
>>
>> If they do not match, we have a bug somewhere in the synchronization
>> mechanism, which is possible.
> 
> The imported KSK does not exist in this directory (neither on the master
> server nor on the replica). The keys created by IPA are present in this
> directory.
> 
> Now, I also checked, if the imported KSK is used to sign the ZSK, but
> there are no matching RRSIG records. (When I wrote earlier that BIND
> uses the imported KSK, I only checked whether a DNSKEY record for this
> KSK is present. The DNSKEY record is present, but with the wrong algorithm.)

Okay, so we need to go back to see where the problem is.

Part A - key material:
0. I assume that you double-checked key attributes in OpenDNSSEC.

1. ipa-ods-exporter service on IPA DNSSEC key master server should not report
any errors when exporting keys (triggered by ods-signer ipa-full-update)

2. Output of these two commands should match:
all IPA DNS servers$ \
python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py

any IPA DNS server$ \
python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/ldapkeydb.py

This verifies that key material was replicated correctly.


Part B - key metadata:
These are read by ipa-dnskeysyncd daemon from LDAP and stored in BIND key files.

Please check logs of ipa-dnskeysyncd service and watch out for errors.
debug=True in /etc/default.conf will tell you more if needed.

-- 
Petr^2 Spacek



From dkowis+freeipa at shlrm.org  Wed Aug 17 13:36:52 2016
From: dkowis+freeipa at shlrm.org (David Kowis)
Date: Wed, 17 Aug 2016 08:36:52 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <20160817035105.bkropnfwyzid6bli@redhat.com>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
	<57B266CA.5000906@redhat.com>
	<5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>
	<34943a38-4392-3d96-d376-0da89e3f639e@shlrm.org>
	<20160817035105.bkropnfwyzid6bli@redhat.com>
Message-ID: <6eac6b44-bb9a-4853-2998-449a91c48404@shlrm.org>

On 08/16/2016 10:51 PM, Alexander Bokovoy wrote:
> On Tue, 16 Aug 2016, David Kowis wrote:
>> On 08/15/2016 09:27 PM, David Kowis wrote:
>>> On 08/15/2016 08:05 PM, Rob Crittenden wrote:
>>>> David Kowis wrote:
>>>>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>>>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>>>>
>>>>>> In any case, you can check server logs or use tcpdump/wireshark and
>>>>>> see if the
>>>>>> error somes from LDAP server or if it is client side error.
>>>>>>
>>>>>> That would tell us where to focus.
>>>>>>
>>>>>
>>>>> Welp, I've got a pile of logs for you:
>>>>> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>>>>>
>>>>> The last few lines are probably the relevant ones.
>>>>>
>>>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
>>>>> version=3 mech=GSSAPI
>>>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
>>>>> nentries=0 etime=0
>>>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
>>>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>>>>>
>>>>>
>>>>> Something tries to bind with no dn, and then fails.... I think?
>>>>
>>>> No this is typical logging for GSSAPI (minus the error).
>>>>
>>>> The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
>>>> SASL GSSAPI package installed? In Fedora the package is
>>>> cyrus-sasl-gssapi.
>>>>
>>
>> Still trying to figure stuff out:
>>
>> root at freeipavm:/var/log/dirsrv/slapd-DARK-KOW-IS# ldapsearch -h
>> localhost -p 389 -x -b "" -s base -LLL SupportedSASLMechanisms
>> dn:
>> SupportedSASLMechanisms: EXTERNAL
>>
>>
>> Should I have more than just EXTERNAL when this happens? How do I debug
>> more about what SASL authentication stuff should be there? I'm having a
>> great deal of difficulty finding documentation for the 389 directory
>> server's SASL configuration. *If* that's even the place I should be
>> looking. How can I narrow this down more?
> 389-ds does dynamically include all supported SASL mechanisms returned
> by CyrusSASL library. If you only get EXTERNAL, it means NO mechanisms
> were returned by your system SASL library. The attribute
> SupportedSASLMechanisms you see in the rootdse query above is read-only:
> it only shows which SASL mechanisms 389-ds knows about but you cannot
> influence them via this attribute. You need to look at your CyrusSASL
> library system configuration.
> 
> What does 'pluginviewer' output show?
<snip>

root at freeipavm:/var/log# dpkg -l | grep sasl
ii  libsasl2-2:i386                          2.1.26.dfsg1-14build1
    i386         Cyrus SASL - authentication abstraction library
ii  libsasl2-modules:i386                    2.1.26.dfsg1-14build1
    i386         Cyrus SASL - pluggable authentication modules
ii  libsasl2-modules-db:i386                 2.1.26.dfsg1-14build1
    i386         Cyrus SASL - pluggable authentication modules (DB)
ii  libsasl2-modules-gssapi-mit:i386         2.1.26.dfsg1-14build1
    i386         Cyrus SASL - pluggable authentication modules (GSSAPI)
ii  libsasl2-modules-ldap:i386               2.1.26.dfsg1-14build1
    i386         Cyrus SASL - pluggable authentication modules (LDAP)
ii  sasl2-bin                                2.1.26.dfsg1-14build1
    i386         Cyrus SASL - administration programs for SASL users
database


# saslpluginviewer
Installed and properly configured auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" ,       API version: 8
        supports store: yes

Installed and properly configured SASL (server side) mechanisms are:
  SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL
CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS
Available SASL (server side) mechanisms matching your criteria are:
  SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI GSS-SPNEGO DIGEST-MD5 CRAM-MD5
NTLM PLAIN LOGIN ANONYMOUS
List of server plugins follows
Plugin "scram" [loaded],        API version: 4
        SASL mechanism: SCRAM-SHA-1, best SSF: 0, supports setpass: yes
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|CHANNEL_BINDING
Plugin "gs2" [loaded],  API version: 4
        SASL mechanism: GS2-IAKERB, best SSF: 0, supports setpass: no
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|GSS_FRAMING|CHANNEL_BINDING
Plugin "gs2" [loaded],  API version: 4
        SASL mechanism: GS2-KRB5, best SSF: 0, supports setpass: no
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|GSS_FRAMING|CHANNEL_BINDING
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSS-SPNEGO, best SSF: 56, supports setpass: no
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features:
WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD|SUPPORTS_HTTP
Plugin "digestmd5" [loaded],    API version: 4
        SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|SUPPORTS_HTTP
Plugin "crammd5" [loaded],      API version: 4
        SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: SERVER_FIRST
Plugin "ntlm" [loaded],         API version: 4
        SASL mechanism: NTLM, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: WANT_CLIENT_FIRST|SUPPORTS_HTTP
Plugin "plain" [loaded],        API version: 4
        SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "login" [loaded],        API version: 4
        SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features:
Plugin "anonymous" [loaded],    API version: 4
        SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
        security flags: NO_PLAINTEXT
        features: WANT_CLIENT_FIRST|DONTUSE_USERPASSWD
Installed and properly configured SASL (client side) mechanisms are:
  SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL
CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS
Available SASL (client side) mechanisms matching your criteria are:
  SCRAM-SHA-1 GS2-IAKERB GS2-KRB5 GSSAPI GSS-SPNEGO DIGEST-MD5 EXTERNAL
CRAM-MD5 NTLM PLAIN LOGIN ANONYMOUS
List of client plugins follows
Plugin "scram" [loaded],        API version: 4
        SASL mechanism: SCRAM-SHA-1, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|CHANNEL_BINDING
Plugin "gs2" [loaded],  API version: 4
        SASL mechanism: GS2-IAKERB, best SSF: 0
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features:
WANT_CLIENT_FIRST|NEED_SERVER_FQDN|GSS_FRAMING|CHANNEL_BINDING
Plugin "gs2" [loaded],  API version: 4
        SASL mechanism: GS2-KRB5, best SSF: 0
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features:
WANT_CLIENT_FIRST|NEED_SERVER_FQDN|GSS_FRAMING|CHANNEL_BINDING
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSSAPI, best SSF: 56
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "gssapiv2" [loaded],     API version: 4
        SASL mechanism: GSS-SPNEGO, best SSF: 56
        security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
        features:
WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "digestmd5" [loaded],    API version: 4
        SASL mechanism: DIGEST-MD5, best SSF: 128
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
        features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
Plugin "EXTERNAL" [loaded],     API version: 4
        SASL mechanism: EXTERNAL, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "crammd5" [loaded],      API version: 4
        SASL mechanism: CRAM-MD5, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: SERVER_FIRST
Plugin "ntlm" [loaded],         API version: 4
        SASL mechanism: NTLM, best SSF: 0
        security flags: NO_ANONYMOUS|NO_PLAINTEXT
        features: WANT_CLIENT_FIRST|SUPPORTS_HTTP
Plugin "plain" [loaded],        API version: 4
        SASL mechanism: PLAIN, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "login" [loaded],        API version: 4
        SASL mechanism: LOGIN, best SSF: 0
        security flags: NO_ANONYMOUS|PASS_CREDENTIALS
        features: SERVER_FIRST
Plugin "anonymous" [loaded],    API version: 4
        SASL mechanism: ANONYMOUS, best SSF: 0
        security flags: NO_PLAINTEXT
        features: WANT_CLIENT_FIRST

I believe this is at least everything that's in your list, and maybe a
couple more. Any guesses as to what is preventing it from ending up in
the 389 Directory Server?

--
David Kowis


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/725fe3ec/attachment.sig>

From jan.karasek at elostech.cz  Wed Aug 17 13:49:32 2016
From: jan.karasek at elostech.cz (Jan =?utf-8?Q?Kar=C3=A1sek?=)
Date: Wed, 17 Aug 2016 15:49:32 +0200 (CEST)
Subject: [Freeipa-users] IPA-AD ldap acces - account ?
In-Reply-To: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
References: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
Message-ID: <511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>

Hi, 

please could somebody explain how and and with which account IPA is accessing DC in IPA - AD trust scenario. Is is possible to simulate with ldapsearch some query to AD with the same permission as IPA server? 

We have some issues with reading ldap object from AD and I would like to simulate that from command line. 
Thanks, 
Jan 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/e8681b9d/attachment.htm>

From jhrozek at redhat.com  Wed Aug 17 14:03:50 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Wed, 17 Aug 2016 16:03:50 +0200
Subject: [Freeipa-users] IPA-AD ldap acces - account ?
In-Reply-To: <511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
References: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
	<511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
Message-ID: <20160817140350.GL26184@hendrix>

On Wed, Aug 17, 2016 at 03:49:32PM +0200, Jan Kar?sek wrote:
> Hi, 
> 
> please could somebody explain how and and with which account IPA is accessing DC in IPA - AD trust scenario. Is is possible to simulate with ldapsearch some query to AD with the same permission as IPA server? 
> 
> We have some issues with reading ldap object from AD and I would like to simulate that from command line. 
> Thanks, 
> Jan 

Identity lookups are performed by sssd running on the server. The
authentication depends on the trust type. With two-way trusts, you can just
use the system keytab. With one-way trusts, the keytab you'll want to use
to authenticate is stored at /var/lib/sss/keytabs/ and is named after the
forest. There should be a single principal there. You can authenticate with
that principal and run the same search manually. You should add -Y GSSAPI to
the ldapsearch line to make sure ldapsearch binds with GSSAPI. For example,
in my setup I use:

# ls /var/lib/sss/keytabs/
win.trust.test.keytab
# ls /var/lib/sss/keytabs/win.trust.test.keytab 
/var/lib/sss/keytabs/win.trust.test.keytab
# klist -k /var/lib/sss/keytabs/win.trust.test.keytab
Keytab name: FILE:/var/lib/sss/keytabs/win.trust.test.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 IPA$@WIN.TRUST.TEST
   1 IPA$@WIN.TRUST.TEST
   1 IPA$@WIN.TRUST.TEST
# kinit -kt /var/lib/sss/keytabs/win.trust.test.keytab 'IPA$@WIN.TRUST.TEST'
# klist 
Ticket cache: KEYRING:persistent:0:0
Default principal: IPA$@WIN.TRUST.TEST

Valid starting       Expires              Service principal
08/12/2016 09:25:07  08/12/2016 19:25:07  krbtgt/WIN.TRUST.TEST at WIN.TRUST.TEST
        renew until 08/13/2016 09:25:07
# ldapsearch -Y GSSAPI -H ldap://dc.win.trust.test -b CN=Administrator,CN=Users,DC=win,DC=trust,DC=test -s base tokengroups
SASL/GSSAPI authentication started
SASL username: IPA$@WIN.TRUST.TEST
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <CN=Administrator,CN=Users,DC=win,DC=trust,DC=test> with scope baseObject
# filter: (objectclass=*)
# requesting: tokengroups 
#

# Administrator, Users, win.trust.test
dn: CN=Administrator,CN=Users,DC=win,DC=trust,DC=test
tokenGroups:: AQIAAAAAAAUgAAAAIQIAAA==
tokenGroups:: AQIAAAAAAAUgAAAAIAIAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHTgQAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHPAIAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHBgIAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHBwIAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHCAIAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHMAwAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHAQIAAA==
tokenGroups:: AQUAAAAAAAUVAAAA7MyrD9WWJf4D7yaHAAIAAA==

# search result
search: 4
result: 0 Success

# numResponses: 2
# numEntries: 1



From abokovoy at redhat.com  Wed Aug 17 14:12:28 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Wed, 17 Aug 2016 17:12:28 +0300
Subject: [Freeipa-users] IPA-AD ldap acces - account ?
In-Reply-To: <511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
References: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
	<511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
Message-ID: <20160817141228.tuz47u4srt43fizv@redhat.com>

On Wed, 17 Aug 2016, Jan Kar?sek wrote:
>Hi,
>
>please could somebody explain how and and with which account IPA is
>accessing DC in IPA - AD trust scenario. Is is possible to simulate
>with ldapsearch some query to AD with the same permission as IPA
>server?
Depends on what trust we have. For two-way trust SSSD on IPA masters
uses host/master.ipa.domain at IPA.DOMAIN principal because we map it to a
SID with a special well-known RID 'Domain Computers' (-515) and attach
an MS-PAC record to the TGT issued for this service principal.

For one-way trust SSSD on IPA masters uses so-called TDO account. These
are special accounts in AD domains which look like a machine account
(FOO$) but instead use NetBIOS name of the trusted forest and have
specific attributes associated with it.

>We have some issues with reading ldap object from AD and I would like
>to simulate that from command line.

Simplest way is to do something like this on IPA master for one-way
trust:

 # klist -kt /var/lib/sss/keytabs/<trust>.keytab

 notice the principal name there, let's say it is NAME$@TRUST

 # kinit -kt /var/lib/sss/keytabs/<trust>.keytab 'NAME$@TRUST'
 # ldapsearch -H ad.dc -Y GSSAPI ....

For two-way trust it is enough to kinit as IPA master host principal:

 # kinit -k
 # ldapsearch -H ad.dc -Y GSSAPI ...


-- 
/ Alexander Bokovoy



From pvoborni at redhat.com  Wed Aug 17 14:31:27 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Wed, 17 Aug 2016 16:31:27 +0200
Subject: [Freeipa-users] Ansible Playbook
In-Reply-To: <SNT152-W583C1981CC6CBEB1E3EE8FF5130@phx.gbl>
References: <SNT152-W583C1981CC6CBEB1E3EE8FF5130@phx.gbl>
Message-ID: <8d8636ce-f861-128f-86cf-883e3cdb4a75@redhat.com>

On 08/16/2016 03:43 PM, Deepak Dimri wrote:
> Hi All,
> 
> I am looking to write ansible playbook to automatically register my EC2 
> instances as freeIPA clients to my IPA Server and then add the client(s) to a 
> particular hostgroup based on EC2 tag value. For example EC2 tag key value= prod 
> will add the client to prod hostgroup. I am wondering if there is any freeIPA 
> client module available for this purpose already that i can leverage?
> 
> Many Thanks,
> Deepak
> 

Some Ansible recipes were developed by Christian for testing/demoing of
FreeIPA or Dogtag PKI:

https://github.com/tiran/pki-vagans

Might be helpful.

-- 
Petr Vobornik



From john.bowman at zayo.com  Wed Aug 17 15:41:38 2016
From: john.bowman at zayo.com (John Bowman)
Date: Wed, 17 Aug 2016 10:41:38 -0500
Subject: [Freeipa-users] Clone URI does not match available subsystems ?
Message-ID: <CAFJSkDQO4sHGjZkf84z-P-yQVQyTihuKqFZy5WLKUXKgbY+RnA@mail.gmail.com>

Howdy!

Trying to figure out how to get past the error:  Clone URI does not match
available subsystems when running ipa-ca-install on new ipa server.

A little background.  We have 3 FreeIPA 3.0.0 servers running on RHEL 6.7.
We just recently (within the last month) added a new FreeIPA 4.2 server
replica running on RHEL 7.2 at a new location which will hopefully be the
start of replacing all the 3.0.0 instances.

Unfortunately during the 4.2 install the --setup-ca was failing so we
decided to install without it to make sure everything else worked.  And it
did everything seems to be replicating properly and all is good.

Now its time to add the ca replication to the new server but its failing
with that error.

Command output:
# ipa-ca-install --skip-conncheck /var/lib/ipa/replica-info-new-
server.example.com.gpg
Directory Manager (existing master) password:

Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30
seconds
  [1/22]: creating certificate server user
  [2/22]: configuring certificate server instance
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure
CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmp7cBK9P''
returned non-zero exit status 1
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL See the installation
logs and the following files/directories for more information:
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki-ca-install.log
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL
/var/log/pki/pki-tomcat
  [error] RuntimeError: CA configuration failed.

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

CA configuration failed.


ipareplica-ca-install.log output:
2016-08-17T15:25:52Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.
20160817092533.log
Loading deployment configuration from /tmp/tmp7cBK9P.
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-
tomcat/ca/deployment.cfg.

Installation failed.


2016-08-17T15:25:52Z DEBUG
stderr=/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
InsecureRequestWarning: Unverified HTT
PS request is being made. Adding certificate verification is strongly
advised. See: https://urllib3.readthedocs.org/en/latest/security.h
tml
  InsecureRequestWarning)
pkispawn    : WARNING  ....... unable to validate security domain
user/password through REST interface. Interface not available
pkispawn    : ERROR    ....... Exception from Java Configuration Servlet:
400 Client Error: Bad Request
pkispawn    : ERROR    ....... ParseError: not well-formed (invalid token):
line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName"
:"com.netscape.certsrv.base.BadRequestException","Code":400,"Message":"Clone
URI does not match available subsystems: https://master.idm.example.com:443
<https://master.idm.example.com/>"}

2016-08-17T15:25:52Z CRITICAL Failed to configure CA instance: Command
''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmp7cBK9P'' returned n
on-zero exit status 1
2016-08-17T15:25:52Z CRITICAL See the installation logs and the following
files/directories for more information:
2016-08-17T15:25:52Z CRITICAL   /var/log/pki-ca-install.log
2016-08-17T15:25:52Z CRITICAL   /var/log/pki/pki-tomcat
2016-08-17T15:25:52Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 418, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 408, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 622, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 201, in spawn_instance
    self.handle_setup_error(e)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 465, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)
RuntimeError: CA configuration failed.

2016-08-17T15:25:52Z DEBUG   [error] RuntimeError: CA configuration failed.
2016-08-17T15:25:52Z DEBUG   File "/usr/lib/python2.7/site-
packages/ipaserver/install/installutils.py", line 732, in run_script
    return_value = main_function()

  File "/sbin/ipa-ca-install", line 202, in main
    install_replica(safe_options, options, filename)

  File "/sbin/ipa-ca-install", line 150, in install_replica
    ca.install(True, config, options)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
114, in install
    install_step_0(standalone, replica_config, options)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line
138, in install_step_0
    ra_p12=getattr(options, 'ra_p12', None))

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 1545, in install_replica_ca
    subject_base=config.subject_base)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 488, in configure_instance
    self.start_creation(runtime=210)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 418, in start_creation
    run_step(full_msg, method)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 408, in run_step
    method()

  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line 622, in __spawn_instance
    DogtagInstance.spawn_instance(self, cfg_file)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 201, in spawn_instance
    self.handle_setup_error(e)

  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 465, in handle_setup_error
    raise RuntimeError("%s configuration failed." % self.subsystem)

2016-08-17T15:25:52Z DEBUG The ipa-ca-install command failed, exception:
RuntimeError: CA configuration failed.


****

I've tried running the pkispawn command manually by using the
deployment.cfg file but it gives the same error:

# pkidestroy -s CA -i pki-tomcat
Log file: /var/log/pki/pki-ca-destroy.20160817093402.log
Loading deployment configuration from /var/lib/pki/pki-tomcat/ca/
registry/ca/deployment.cfg.
Uninstalling CA from /var/lib/pki/pki-tomcat.
pkidestroy  : WARNING  ....... this 'CA' entry will NOT be deleted from
security domain 'unknown'!
pkidestroy  : ERROR    ....... No security domain defined.
If this is an unconfigured instance, then that is OK.
Otherwise, manually delete the entry from the security domain master.

Uninstallation complete.

# /usr/sbin/pkispawn -s CA -f /tmp/replica_file
Log file: /var/log/pki/pki-ca-spawn.20160817093444.log
Loading deployment configuration from /tmp/replica_file.
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
pkispawn    : WARNING  ....... unable to validate security domain
user/password through REST interface. Interface not available
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-
tomcat/ca/deployment.cfg.
pkispawn    : ERROR    ....... Exception from Java Configuration Servlet:
400 Client Error: Bad Request
pkispawn    : ERROR    ....... ParseError: not well-formed (invalid token):
line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.
certsrv.base.BadRequestException","Code":400,"Message":"Clone URI does not
match available subsystems: https://master.idm.example.com:443
<https://master.idm.example.com/>"}

Installation failed.


Any ideas on how to proceed would be much appreciated!

Thanks!
-John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/67f7b5ec/attachment.htm>

From g.schmitz at gtrs.de  Wed Aug 17 17:58:50 2016
From: g.schmitz at gtrs.de (Guido Schmitz)
Date: Wed, 17 Aug 2016 19:58:50 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <85d7fb04-cf9e-a54a-971f-950d8a020323@redhat.com>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
	<757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
	<d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>
	<f3abd430-4e5b-9a31-18af-33a7fdfb6a80@redhat.com>
	<d0791d15-f89e-80fe-3c7a-c1930c0a629a@gtrs.de>
	<85d7fb04-cf9e-a54a-971f-950d8a020323@redhat.com>
Message-ID: <216a89ef-9493-7daa-1fd1-40f2fc610d7d@gtrs.de>

After some debugging, I found the error:

==== cut =====
ipa         : DEBUG    stderr=
ipa.ipapython.dnssec.bindmgr.BINDMgr: INFO     attrs: {'idnsseckeyref':
['pkcs11:object=a00001'], 'dn':
'cn=KSK-20140731111634Z-a00001,cn=keys,idnsname=myzone.com.,cn=dns,dc=int,dc=gtrs,dc=de',
'cn': ['KSK-20140731111634Z-a00001'], 'idnsseckeypublish':
['20140731111634Z'], 'objectclass': ['idnsSecKey'], 'idnsseckeysep':
['TRUE'], 'idnssecalgorithm': ['RSASHA1NSEC3SHA1'], 'idnsseckeyzone':
['TRUE'], 'idnsseckeycreated': ['20140731111634Z'],
'idnsseckeyactivate': ['20140731111634Z']}
ipa         : DEBUG    Starting external process
ipa         : DEBUG    args=/usr/sbin/dnssec-keyfromlabel-pkcs11 -K
/var/named/dyndb-ldap/ipa/master/myzone.com/tmp5dI2FC -a
RSASHA1NSEC3SHA1 -l
pkcs11:object=a00001;pin-source=/var/lib/ipa/dnssec/softhsm_pin -I none
-D none -P 20140731111634 -A 20140731111634 -f KSK myzone.com.
ipa         : DEBUG    Process finished, return code=1
ipa         : DEBUG    stdout=
ipa         : DEBUG    stderr=dnssec-keyfromlabel: fatal: unknown
algorithm RSASHA1NSEC3SHA1

Traceback (most recent call last):
  File "/usr/libexec/ipa/ipa-dnskeysyncd", line 112, in <module>
    while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
  File "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 409,
in syncrepl_poll
    self.syncrepl_refreshdone()
  File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py",
line 118, in syncrepl_refreshdone
    self.bindmgr.sync(self.dnssec_zones)
  File "/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py",
line 209, in sync
    self.sync_zone(zone)
  File "/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py",
line 182, in sync_zone
    self.install_key(zone, uuid, attrs, tempdir)
  File "/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py",
line 117, in install_key
    result = ipautil.run(cmd, capture_output=True)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
479, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))
subprocess.CalledProcessError: Command
'/usr/sbin/dnssec-keyfromlabel-pkcs11 -K
/var/named/dyndb-ldap/ipa/master/myzone.com/tmp5dI2FC -a
RSASHA1NSEC3SHA1 -l
pkcs11:object=a00001;pin-source=/var/lib/ipa/dnssec/softhsm_pin -I none
-D none -P 20140731111634 -A 20140731111634 -f KSK myzone.com.' returned
non-zero exit status 1
==== cut =====

dnssec-keyfromlabel-pkcs11 expects NSEC3RSASHA1 for algorithm 7, but it
gets RSASHA1NSEC3SHA1 instead (just the plain attribute value from LDAP).

I've changed a few lines in
/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py in method
install_key:

==== cut ====
108c108,112
<         cmd = [paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a',
attrs['idnsSecAlgorithm'][0], '-l', uri]
---
>         algo = attrs['idnsSecAlgorithm'][0]
>         if algo == 'RSASHA1NSEC3SHA1':
> 		algo = 'NSEC3RSASHA1'
>         cmd = [paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a', algo,
'-l', uri]
==== cut ====

Now, everything seems to work correctly: The DNSKEY records are
published with the correct algorithms and the ZSK is signed by both KSKs
(the imported one and the IPA generated one).

-Guido



On 17.08.2016 15:08, Petr Spacek wrote:
> On 17.8.2016 14:38, Guido Schmitz wrote:
>>>> Still, there is one problem:
>>>> My old KSK uses algorithm 7 (RSASHA1NSEC3SHA1) and IPA (by default) uses
>>>> algorithm 8 (RSASHA256). The old key is correctly marked as algorithm 7
>>>> in LDAP (under attribute idnsSecAlgorithm in the entry
>>>> cn=KSK-timestamp-id,cn=keys,idnsname=myzone.com,cn=dns), but BIND seems
>>>> to ignore this attribute and assumes that it is always algorithm 8.
>>>
>>> Hmm, algorithm mismatch will cause DNSSEC validation to break horribly. The
>>> generated records will not match what is indicated in DS record of the parent
>>> zone...
>>>
>>> Please look into
>>> /var/named/dyndb-ldap/ipa/master/myzone.com/keys
>>> and inspect BIND key files (*.private). Cross-check values in files with
>>> values shown by OpenDNSSEC. All the values should match.
>>>
>>> If they do not match, we have a bug somewhere in the synchronization
>>> mechanism, which is possible.
>>
>> The imported KSK does not exist in this directory (neither on the master
>> server nor on the replica). The keys created by IPA are present in this
>> directory.
>>
>> Now, I also checked, if the imported KSK is used to sign the ZSK, but
>> there are no matching RRSIG records. (When I wrote earlier that BIND
>> uses the imported KSK, I only checked whether a DNSKEY record for this
>> KSK is present. The DNSKEY record is present, but with the wrong algorithm.)
> 
> Okay, so we need to go back to see where the problem is.
> 
> Part A - key material:
> 0. I assume that you double-checked key attributes in OpenDNSSEC.
> 
> 1. ipa-ods-exporter service on IPA DNSSEC key master server should not report
> any errors when exporting keys (triggered by ods-signer ipa-full-update)
> 
> 2. Output of these two commands should match:
> all IPA DNS servers$ \
> python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/localhsm.py
> 
> any IPA DNS server$ \
> python2 /usr/lib/python2.*/site-packages/ipapython/dnssec/ldapkeydb.py
> 
> This verifies that key material was replicated correctly.
> 
> 
> Part B - key metadata:
> These are read by ipa-dnskeysyncd daemon from LDAP and stored in BIND key files.
> 
> Please check logs of ipa-dnskeysyncd service and watch out for errors.
> debug=True in /etc/default.conf will tell you more if needed.
> 



From desantis at mail.usf.edu  Wed Aug 17 18:54:49 2016
From: desantis at mail.usf.edu (John Desantis)
Date: Wed, 17 Aug 2016 14:54:49 -0400
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv error
	logs
Message-ID: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>

Hello all,

We've been re-using old host names and IP addresses for a new
deployment of nodes, and recently I've been seeing the messages pasted
below in the slapd-DC.DC.DC "error" log on our nodes.

[17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
opcsn=57b475cf000100040000
[17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
opcsn=57b47f00000300040000
[17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
opcsn=57b47f00000500040000
[17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
opcsn=57b47f30000300040000
[17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
opcsn=57b4a4bc000100040000
[17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
opcsn=57b4a53f000100040000
[17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
opcsn=57b4a553000100040000
[17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
opcsn=57b4a564000100040000

They seem to only occur when updating DNS entries, whether on the
console or via the GUI (tail -f'ing the log).

A search in this mailing-list returns nothing, but a message is found
on the 389-ds list [1];  it seems to suggest that the messages aren't
fatal and are purely informational, yet if they are occurring
constantly that there could be a problem with the replication
algorithm and/or deployment.

We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
changed on the deployment side of things, and I don't recall seeing
this message before.

I'm wondering if it's safe to disregard these messages due to the
re-use of the entries, or if something else should be looked into.

Thank you,
John DeSantis

[1] https://fedorahosted.org/389/ticket/47959



From linuxguru.co at gmail.com  Wed Aug 17 22:48:06 2016
From: linuxguru.co at gmail.com (Devin Acosta)
Date: Wed, 17 Aug 2016 15:48:06 -0700
Subject: [Freeipa-users] FreeIPA / CentOS 7.2 / Issues on Startup
Message-ID: <CAAqg8eM_85B_W7_zHS2ib3GGrC2yvdw+M72cGxmbwfPZH6Xthw@mail.gmail.com>

My first primary FreeIPA Master server has gone belly up. When I try to
start the server it shows this message in the "error' log. However the
other issue i have is when I try to start the server using "ipactl start"
it times out after 300 seconds, how do I get past this issue?

[17/Aug/2016:22:44:57 +0000] SSL Initialization - Configured SSL version
range: min: TLS1.0, max: TLS1.2
[17/Aug/2016:22:44:57 +0000] - 389-Directory/1.3.4.0 B2016.215.1556
starting up
[17/Aug/2016:22:44:57 +0000] - WARNING: changelog: entry cache size
2097152B is less than db size 28016640B; We recommend to increase the entry
cache size nsslapd-cachememsize.
[17/Aug/2016:22:44:57 +0000] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.


Any help is greatly needed!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/c0a932ce/attachment.htm>

From realstarhealer at hotmail.com  Wed Aug 17 15:10:47 2016
From: realstarhealer at hotmail.com (realstarhealer)
Date: Wed, 17 Aug 2016 15:10:47 +0000
Subject: [Freeipa-users] ipa-cert-agent,
	Object Signing Cert certificate renewal
Message-ID: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>

Hi,

I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and noticed some expired certificates recently. Most of them but 2 are auto-renewing by certmonger as I checked. All of them are self signed.

"CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by certmonger, ipa-ca-agent expired some days ago and has not been renewed. Second one expires soon. No consequences noticed so far.

Can you tell me what they both are for and - if needed - how I should renew that separately? Preferable with certmonger. An Output how the tracking config should look like would be nice.
Thanks a lot.  Vitali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160817/dbb28b23/attachment.htm>

From lkrispen at redhat.com  Thu Aug 18 08:14:28 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Thu, 18 Aug 2016 10:14:28 +0200
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
Message-ID: <57B56E64.4030104@redhat.com>


On 08/17/2016 08:54 PM, John Desantis wrote:
> Hello all,
>
> We've been re-using old host names and IP addresses for a new
> deployment of nodes, and recently I've been seeing the messages pasted
> below in the slapd-DC.DC.DC "error" log on our nodes.
>
> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
> opcsn=57b475cf000100040000
> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
> opcsn=57b47f00000300040000
> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
> opcsn=57b47f00000500040000
> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
> opcsn=57b47f30000300040000
> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
> opcsn=57b4a4bc000100040000
> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
> opcsn=57b4a53f000100040000
> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
> opcsn=57b4a553000100040000
> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
> opcsn=57b4a564000100040000
Each modification (add/del/mod) gets a csn assignged used in replication 
update resolution. And each assigned csn has to newer than an existing 
one. The messages you see is from code that double checks that the entry 
doesn't have already a lareg csn - and adjusts it.
The logs indicate that entries are more or less concurrently updated on 
replica 4 and 16, and the updates from16 are received while processing 
the updates on 4.
This is a normal scenario, but you could check if the simultaneous 
updates on 4 and 16 are intentional.
>
> They seem to only occur when updating DNS entries, whether on the
> console or via the GUI (tail -f'ing the log).
>
> A search in this mailing-list returns nothing, but a message is found
> on the 389-ds list [1];  it seems to suggest that the messages aren't
> fatal and are purely informational, yet if they are occurring
> constantly that there could be a problem with the replication
> algorithm and/or deployment.
>
> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
> changed on the deployment side of things, and I don't recall seeing
> this message before.
>
> I'm wondering if it's safe to disregard these messages due to the
> re-use of the entries, or if something else should be looked into.
>
> Thank you,
> John DeSantis
>
> [1] https://fedorahosted.org/389/ticket/47959
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From pspacek at redhat.com  Thu Aug 18 10:12:18 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Thu, 18 Aug 2016 12:12:18 +0200
Subject: [Freeipa-users] DNS migration to FreeIPA and import of existing
 DNSSEC keys
In-Reply-To: <216a89ef-9493-7daa-1fd1-40f2fc610d7d@gtrs.de>
References: <72e91068-30c0-038c-6d5c-835fc30aa1b1@gtrs.de>
	<72abd120-5581-618a-e099-0e09e4483161@redhat.com>
	<dc31b081-0d03-0c78-e27e-7b6f9be3e962@gtrs.de>
	<622c6646-70f5-bbfb-f0e0-db29b9121ff2@redhat.com>
	<bc7c133f-fb77-2ed0-0bc2-335ea691f11c@gtrs.de>
	<757b897b-ff4f-1470-64ea-a48ee06fa9fc@redhat.com>
	<d7e04ae8-71f8-2bf2-6afc-04a9bdae2e4a@gtrs.de>
	<f3abd430-4e5b-9a31-18af-33a7fdfb6a80@redhat.com>
	<d0791d15-f89e-80fe-3c7a-c1930c0a629a@gtrs.de>
	<85d7fb04-cf9e-a54a-971f-950d8a020323@redhat.com>
	<216a89ef-9493-7daa-1fd1-40f2fc610d7d@gtrs.de>
Message-ID: <e22b3e28-91b1-3e6f-bed6-e308e47779f9@redhat.com>

On 17.8.2016 19:58, Guido Schmitz wrote:
> After some debugging, I found the error:
> 
> ==== cut =====
> ipa         : DEBUG    stderr=
> ipa.ipapython.dnssec.bindmgr.BINDMgr: INFO     attrs: {'idnsseckeyref':
> ['pkcs11:object=a00001'], 'dn':
> 'cn=KSK-20140731111634Z-a00001,cn=keys,idnsname=myzone.com.,cn=dns,dc=int,dc=gtrs,dc=de',
> 'cn': ['KSK-20140731111634Z-a00001'], 'idnsseckeypublish':
> ['20140731111634Z'], 'objectclass': ['idnsSecKey'], 'idnsseckeysep':
> ['TRUE'], 'idnssecalgorithm': ['RSASHA1NSEC3SHA1'], 'idnsseckeyzone':
> ['TRUE'], 'idnsseckeycreated': ['20140731111634Z'],
> 'idnsseckeyactivate': ['20140731111634Z']}
> ipa         : DEBUG    Starting external process
> ipa         : DEBUG    args=/usr/sbin/dnssec-keyfromlabel-pkcs11 -K
> /var/named/dyndb-ldap/ipa/master/myzone.com/tmp5dI2FC -a
> RSASHA1NSEC3SHA1 -l
> pkcs11:object=a00001;pin-source=/var/lib/ipa/dnssec/softhsm_pin -I none
> -D none -P 20140731111634 -A 20140731111634 -f KSK myzone.com.
> ipa         : DEBUG    Process finished, return code=1
> ipa         : DEBUG    stdout=
> ipa         : DEBUG    stderr=dnssec-keyfromlabel: fatal: unknown
> algorithm RSASHA1NSEC3SHA1
> 
> Traceback (most recent call last):
>   File "/usr/libexec/ipa/ipa-dnskeysyncd", line 112, in <module>
>     while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
>   File "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 409,
> in syncrepl_poll
>     self.syncrepl_refreshdone()
>   File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py",
> line 118, in syncrepl_refreshdone
>     self.bindmgr.sync(self.dnssec_zones)
>   File "/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py",
> line 209, in sync
>     self.sync_zone(zone)
>   File "/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py",
> line 182, in sync_zone
>     self.install_key(zone, uuid, attrs, tempdir)
>   File "/usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py",
> line 117, in install_key
>     result = ipautil.run(cmd, capture_output=True)
>   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
> 479, in run
>     raise CalledProcessError(p.returncode, arg_string, str(output))
> subprocess.CalledProcessError: Command
> '/usr/sbin/dnssec-keyfromlabel-pkcs11 -K
> /var/named/dyndb-ldap/ipa/master/myzone.com/tmp5dI2FC -a
> RSASHA1NSEC3SHA1 -l
> pkcs11:object=a00001;pin-source=/var/lib/ipa/dnssec/softhsm_pin -I none
> -D none -P 20140731111634 -A 20140731111634 -f KSK myzone.com.' returned
> non-zero exit status 1
> ==== cut =====
> 
> dnssec-keyfromlabel-pkcs11 expects NSEC3RSASHA1 for algorithm 7, but it
> gets RSASHA1NSEC3SHA1 instead (just the plain attribute value from LDAP).
> 
> I've changed a few lines in
> /usr/lib/python2.7/site-packages/ipapython/dnssec/bindmgr.py in method
> install_key:
> 
> ==== cut ====
> 108c108,112
> <         cmd = [paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a',
> attrs['idnsSecAlgorithm'][0], '-l', uri]
> ---
>>         algo = attrs['idnsSecAlgorithm'][0]
>>         if algo == 'RSASHA1NSEC3SHA1':
>> 		algo = 'NSEC3RSASHA1'
>>         cmd = [paths.DNSSEC_KEYFROMLABEL, '-K', workdir, '-a', algo,
> '-l', uri]
> ==== cut ====
> 
> Now, everything seems to work correctly: The DNSKEY records are
> published with the correct algorithms and the ZSK is signed by both KSKs
> (the imported one and the IPA generated one).

I'm glad it finally works!

For this particular problem I've created ticket
https://fedorahosted.org/freeipa/ticket/6229
so we can fix it independently on key import feature.

Thank you *very* much for your effort, it is very valuable experience and it
will help to improve FreeIPA!

-- 
Petr^2 Spacek



From jan.karasek at elostech.cz  Thu Aug 18 11:53:38 2016
From: jan.karasek at elostech.cz (Jan =?utf-8?Q?Kar=C3=A1sek?=)
Date: Thu, 18 Aug 2016 13:53:38 +0200 (CEST)
Subject: [Freeipa-users] IPA-AD ldap acces - account ?
In-Reply-To: <20160817141228.tuz47u4srt43fizv@redhat.com>
References: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
	<511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
	<20160817141228.tuz47u4srt43fizv@redhat.com>
Message-ID: <252436502.29264.1471521218882.JavaMail.zimbra@elostech.cz>

Hi, 
thank you. We are experiencing problems with LDAP access from IPA servers in IPA-AD scenario with one-way trust (Win 2012). 

So for ldap access IPA uses the xyz$@domain special trust account. According my lab - this account is on the AD side considered as a member of Authenticated users group. By default Authenticated users are member of group Pre-Windows 2000 Compatible Access, and this group have read permission on object type User and therefore IPA is able to read POSIX attributes from these objects. (tested in my lab environment) 

In our case - due to security team - there is no possibility for Authenticated users to read user's objects - and then IPA is unable to read objects from AD ldap. So we have situation, where kerberos works OK but we are not able to get POSIX attributes from ldap. 

This situation could have been solved by adding read permission directly to the IPA access account(TDO), but unfortunately it looks like it is not possible. 

Questions : 

1. Do the IPA depends on ability of Authenticated users group to access user's objects attributes ? 
2. Is it possible to setup some other "standard" service account for IPA access to AD ldap ? 

Thank you, 
Jan 



From: "Alexander Bokovoy" <abokovoy at redhat.com> 
To: "Jan Kar?sek" <jan.karasek at elostech.cz> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, August 17, 2016 4:12:28 PM 
Subject: Re: [Freeipa-users] IPA-AD ldap acces - account ? 

On Wed, 17 Aug 2016, Jan Kar?sek wrote: 
>Hi, 
> 
>please could somebody explain how and and with which account IPA is 
>accessing DC in IPA - AD trust scenario. Is is possible to simulate 
>with ldapsearch some query to AD with the same permission as IPA 
>server? 
Depends on what trust we have. For two-way trust SSSD on IPA masters 
uses host/master.ipa.domain at IPA.DOMAIN principal because we map it to a 
SID with a special well-known RID 'Domain Computers' (-515) and attach 
an MS-PAC record to the TGT issued for this service principal. 

For one-way trust SSSD on IPA masters uses so-called TDO account. These 
are special accounts in AD domains which look like a machine account 
(FOO$) but instead use NetBIOS name of the trusted forest and have 
specific attributes associated with it. 

>We have some issues with reading ldap object from AD and I would like 
>to simulate that from command line. 

Simplest way is to do something like this on IPA master for one-way 
trust: 

# klist -kt /var/lib/sss/keytabs/<trust>.keytab 

notice the principal name there, let's say it is NAME$@TRUST 

# kinit -kt /var/lib/sss/keytabs/<trust>.keytab 'NAME$@TRUST' 
# ldapsearch -H ad.dc -Y GSSAPI .... 

For two-way trust it is enough to kinit as IPA master host principal: 

# kinit -k 
# ldapsearch -H ad.dc -Y GSSAPI ... 


-- 
/ Alexander Bokovoy 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160818/ba11f8e9/attachment.htm>

From desantis at mail.usf.edu  Thu Aug 18 13:15:40 2016
From: desantis at mail.usf.edu (John Desantis)
Date: Thu, 18 Aug 2016 09:15:40 -0400
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <57B56E64.4030104@redhat.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
Message-ID: <CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>

Ludwig,

Thank you for your response!

> This is a normal scenario, but you could check if the simultaneous updates
> on 4 and 16 are intentional.

In regards to the simultaneous updates, the only items I have noted so far are:

*  The time sync between the master (4) and replica (16) was off by
about 1-2 seconds, with the latter being ahead;
*  There are continual log entries referencing
"replication-multimaster-extop" and "Netscape Replication End Session"
in the dirsrv "access" logs, and during one of the manifestations of
"replica_generate_next_csn", I found this:

PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
# grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
ADD dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"

PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
# grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"

It looks like the entries for server-6-3-sp and 6-5-sp were referenced
twice.  Do you think that the time being off by 1-2 seconds between
the master and replica could be the issue?  The connection 602 is the
replication between the replica and master, and the connection 1395 is
the replication between the master and replica.

Since I know these operations were performed using the console via a
for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
--a-rec=10.250.12.$i' on one of our login nodes, do you think that
specifying an _srv_ record in the DOMAIN configuration with the
address of the master server, e.g.: ipa_server = _srv_,
MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?

I know that these questions are probably leaning more towards the
389ds team, so feel free to pass me over to them if need be.

Again, thank you very much for responding!

John DeSantis

2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>
> On 08/17/2016 08:54 PM, John Desantis wrote:
>>
>> Hello all,
>>
>> We've been re-using old host names and IP addresses for a new
>> deployment of nodes, and recently I've been seeing the messages pasted
>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>
>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>> opcsn=57b475cf000100040000
>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>> opcsn=57b47f00000300040000
>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>> opcsn=57b47f00000500040000
>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>> opcsn=57b47f30000300040000
>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>> opcsn=57b4a4bc000100040000
>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>> opcsn=57b4a53f000100040000
>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>> opcsn=57b4a553000100040000
>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>> opcsn=57b4a564000100040000
>
> Each modification (add/del/mod) gets a csn assignged used in replication
> update resolution. And each assigned csn has to newer than an existing one.
> The messages you see is from code that double checks that the entry doesn't
> have already a lareg csn - and adjusts it.
> The logs indicate that entries are more or less concurrently updated on
> replica 4 and 16, and the updates from16 are received while processing the
> updates on 4.
> This is a normal scenario, but you could check if the simultaneous updates
> on 4 and 16 are intentional.
>
>>
>> They seem to only occur when updating DNS entries, whether on the
>> console or via the GUI (tail -f'ing the log).
>>
>> A search in this mailing-list returns nothing, but a message is found
>> on the 389-ds list [1];  it seems to suggest that the messages aren't
>> fatal and are purely informational, yet if they are occurring
>> constantly that there could be a problem with the replication
>> algorithm and/or deployment.
>>
>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
>> changed on the deployment side of things, and I don't recall seeing
>> this message before.
>>
>> I'm wondering if it's safe to disregard these messages due to the
>> re-use of the entries, or if something else should be looked into.
>>
>> Thank you,
>> John DeSantis
>>
>> [1] https://fedorahosted.org/389/ticket/47959
>>
>
> --
> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
> Eric Shander
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From rcritten at redhat.com  Thu Aug 18 13:28:28 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 18 Aug 2016 09:28:28 -0400
Subject: [Freeipa-users] ipa-cert-agent,
 Object Signing Cert certificate renewal
In-Reply-To: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>
References: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>
Message-ID: <57B5B7FC.5090004@redhat.com>

realstarhealer wrote:
> Hi,
>
> I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and
> noticed some expired certificates recently. Most of them but 2 are
> auto-renewing by certmonger as I checked. All of them are self signed.
>
> "CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by
> certmonger, ipa-ca-agent expired some days ago and has not been renewed.
> Second one expires soon. No consequences noticed so far.
> Can you tell me what they both are for and - if needed - how I should
> renew that separately? Preferable with certmonger. An Output how the
> tracking config should look like would be nice.

The object signing cert can probably be ignored. This was used to sign a 
jar file used to automatically configure Firefox but that approach 
doesn't work any more.

The agent cert is used by IPA to communicate to dogtag so yeah, that's 
pretty important.

Since it is expired you'd need to go back in time to renew it. 
Restarting the certmonger process is the simplest method to force it to 
try to renew.

rob



From mkosek at redhat.com  Thu Aug 18 13:30:34 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Thu, 18 Aug 2016 15:30:34 +0200
Subject: [Freeipa-users] FreeIPA / CentOS 7.2 / Issues on Startup
In-Reply-To: <CAAqg8eM_85B_W7_zHS2ib3GGrC2yvdw+M72cGxmbwfPZH6Xthw@mail.gmail.com>
References: <CAAqg8eM_85B_W7_zHS2ib3GGrC2yvdw+M72cGxmbwfPZH6Xthw@mail.gmail.com>
Message-ID: <fe31dd2e-4e4e-07b9-1cb7-7e8c6dceaeae@redhat.com>

On 08/18/2016 12:48 AM, Devin Acosta wrote:
> 
> My first primary FreeIPA Master server has gone belly up. When I try to start 
> the server it shows this message in the "error' log. However the other issue i 
> have is when I try to start the server using "ipactl start" it times out after 
> 300 seconds, how do I get past this issue?
> 
> [17/Aug/2016:22:44:57 +0000] SSL Initialization - Configured SSL version range: 
> min: TLS1.0, max: TLS1.2
> [17/Aug/2016:22:44:57 +0000] - 389-Directory/1.3.4.0 <http://1.3.4.0> 
> B2016.215.1556 starting up
> [17/Aug/2016:22:44:57 +0000] - WARNING: changelog: entry cache size 2097152B is 
> less than db size 28016640B; We recommend to increase the entry cache size 
> nsslapd-cachememsize.
> [17/Aug/2016:22:44:57 +0000] - Detected Disorderly Shutdown last time Directory 
> Server was running, recovering database.
> 
> 
> Any help is greatly needed!!

My best guess is that your
/etc/dirsrv/slapd-YOUR-REALM/dse.ldif
got damaged when DS crashed/whatever and it now does not export the 636 port,
which is being checked by ipactl start.

You can try to start just the DS service with "service start dirsrv at YOUR-REALM"
and see if it opens port 636 with

netstat -putnl | grep 636
tcp6       0      0 :::636                  :::*                    LISTEN
48550/ns-slapd

If it is not open, you can try to stop DS and use other dse.ldif from the
directory above, that is not corrupt. There should be some backups.

Martin



From abokovoy at redhat.com  Thu Aug 18 14:03:14 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 18 Aug 2016 17:03:14 +0300
Subject: [Freeipa-users] IPA-AD ldap acces - account ?
In-Reply-To: <252436502.29264.1471521218882.JavaMail.zimbra@elostech.cz>
References: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
	<511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
	<20160817141228.tuz47u4srt43fizv@redhat.com>
	<252436502.29264.1471521218882.JavaMail.zimbra@elostech.cz>
Message-ID: <20160818140314.kwhjxdub2ikm3ykb@redhat.com>

On Thu, 18 Aug 2016, Jan Kar?sek wrote:
>Hi,
>thank you. We are experiencing problems with LDAP access from IPA
>servers in IPA-AD scenario with one-way trust (Win 2012).
>
>So for ldap access IPA uses the xyz$@domain special trust account.
>According my lab - this account is on the AD side considered as a
>member of Authenticated users group. By default Authenticated users are
>member of group Pre-Windows 2000 Compatible Access, and this group have
>read permission on object type User and therefore IPA is able to read
>POSIX attributes from these objects. (tested in my lab environment)
>
>In our case - due to security team - there is no possibility for
>Authenticated users to read user's objects - and then IPA is unable to
>read objects from AD ldap. So we have situation, where kerberos works
>OK but we are not able to get POSIX attributes from ldap.
Create a group that could be granted such access, add TDO object there.

>This situation could have been solved by adding read permission
>directly to the IPA access account(TDO), but unfortunately it looks
>like it is not possible.
Why is it not possible? The account is in AD, one can always grant
it more permissions there.

>
>Questions :
>
>1. Do the IPA depends on ability of Authenticated users group to access
>user's objects attributes ?
At the very least, yes. Otherwise you need to grant more permissions to
the TDO account in AD, even though you cannot directly get access to the
account from non-advanced UI view. However, even Samba 'net' utility
works fine:

1. Create a group in the forest root domain:
# net rpc group add trust-rpc-readonly -S w12.ad.test -UAdministrator%PASSWORD

2. Add our TDO object to the group:
# net rpc group addmem trust-rpc-readonly 'IPAAD$' -S w12.ad.test -UAdministrator%PASSWORD

3. Check that TDO oubject is part of the group
# net rpc group members trust-read-only -S w12.ad.test -UAdministrator%PASSWORD
AD\IPAAD$

Now you can go to UI and assign specific privileges to the group.

>2. Is it possible to setup some other "standard" service account for
>IPA access to AD ldap ?
No.

>
>Thank you,
>Jan
>
>
>
>From: "Alexander Bokovoy" <abokovoy at redhat.com>
>To: "Jan Kar?sek" <jan.karasek at elostech.cz>
>Cc: freeipa-users at redhat.com
>Sent: Wednesday, August 17, 2016 4:12:28 PM
>Subject: Re: [Freeipa-users] IPA-AD ldap acces - account ?
>
>On Wed, 17 Aug 2016, Jan Kar?sek wrote:
>>Hi,
>>
>>please could somebody explain how and and with which account IPA is
>>accessing DC in IPA - AD trust scenario. Is is possible to simulate
>>with ldapsearch some query to AD with the same permission as IPA
>>server?
>Depends on what trust we have. For two-way trust SSSD on IPA masters
>uses host/master.ipa.domain at IPA.DOMAIN principal because we map it to a
>SID with a special well-known RID 'Domain Computers' (-515) and attach
>an MS-PAC record to the TGT issued for this service principal.
>
>For one-way trust SSSD on IPA masters uses so-called TDO account. These
>are special accounts in AD domains which look like a machine account
>(FOO$) but instead use NetBIOS name of the trusted forest and have
>specific attributes associated with it.
>
>>We have some issues with reading ldap object from AD and I would like
>>to simulate that from command line.
>
>Simplest way is to do something like this on IPA master for one-way
>trust:
>
># klist -kt /var/lib/sss/keytabs/<trust>.keytab
>
>notice the principal name there, let's say it is NAME$@TRUST
>
># kinit -kt /var/lib/sss/keytabs/<trust>.keytab 'NAME$@TRUST'
># ldapsearch -H ad.dc -Y GSSAPI ....
>
>For two-way trust it is enough to kinit as IPA master host principal:
>
># kinit -k
># ldapsearch -H ad.dc -Y GSSAPI ...
>
>
>-- 
>/ Alexander Bokovoy

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy



From lkrispen at redhat.com  Thu Aug 18 14:09:40 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Thu, 18 Aug 2016 16:09:40 +0200
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
	<CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
Message-ID: <57B5C1A4.4070707@redhat.com>


On 08/18/2016 03:15 PM, John Desantis wrote:
> Ludwig,
>
> Thank you for your response!
>
>> This is a normal scenario, but you could check if the simultaneous updates
>> on 4 and 16 are intentional.
> In regards to the simultaneous updates, the only items I have noted so far are:
>
> *  The time sync between the master (4) and replica (16) was off by
> about 1-2 seconds, with the latter being ahead;
yes, this happens, but the replication protocol tries to handle this, in 
a replication session the supplier and consumer
exchange their ruvs and if the time differs the csn state generator is 
updated with a local or remote offset so that the
generated time is always based on the most advanced clock - on all 
servers. And even if you adjust the system time, the csn
time will never go back.
> *  There are continual log entries referencing
> "replication-multimaster-extop" and "Netscape Replication End Session"
> in the dirsrv "access" logs, and during one of the manifestations of
> "replica_generate_next_csn", I found this:
>
> PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
> # grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
> ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
> ADD dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
> ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>
> PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
> ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
> ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>
> It looks like the entries for server-6-3-sp and 6-5-sp were referenced
> twice.  Do you think that the time being off by 1-2 seconds between
> the master and replica could be the issue?  The connection 602 is the
> replication between the replica and master, and the connection 1395 is
> the replication between the master and replica.
unfortunately this is not enough to determine what is going on. The 
intersting generated/used csn is only logged in the
corresponding RESULT message and these are only the replication 
connections, it would be necessary to see the
original ADD operation, was it added once or twice by a client ?
you could pick one entry eg server-6-3-sp and grep for all references in 
the access logs of both servers  (maybe there are mods as well) and then
get also get the RESULT line for the ops found
>
> Since I know these operations were performed using the console via a
> for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
> --a-rec=10.250.12.$i' on one of our login nodes, do you think that
> specifying an _srv_ record in the DOMAIN configuration with the
> address of the master server, e.g.: ipa_server = _srv_,
> MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?
>
> I know that these questions are probably leaning more towards the
> 389ds team, so feel free to pass me over to them if need be.
I think I can address the ds related questions, but I don't know about 
console and dns to assess if the behaviour is normal
>
> Again, thank you very much for responding!
>
> John DeSantis
>
> 2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>> On 08/17/2016 08:54 PM, John Desantis wrote:
>>> Hello all,
>>>
>>> We've been re-using old host names and IP addresses for a new
>>> deployment of nodes, and recently I've been seeing the messages pasted
>>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>>
>>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>>> opcsn=57b475cf000100040000
>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>>> opcsn=57b47f00000300040000
>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>>> opcsn=57b47f00000500040000
>>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>>> opcsn=57b47f30000300040000
>>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>>> opcsn=57b4a4bc000100040000
>>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>>> opcsn=57b4a53f000100040000
>>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>>> opcsn=57b4a553000100040000
>>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>>> opcsn=57b4a564000100040000
>> Each modification (add/del/mod) gets a csn assignged used in replication
>> update resolution. And each assigned csn has to newer than an existing one.
>> The messages you see is from code that double checks that the entry doesn't
>> have already a lareg csn - and adjusts it.
>> The logs indicate that entries are more or less concurrently updated on
>> replica 4 and 16, and the updates from16 are received while processing the
>> updates on 4.
>> This is a normal scenario, but you could check if the simultaneous updates
>> on 4 and 16 are intentional.
>>
>>> They seem to only occur when updating DNS entries, whether on the
>>> console or via the GUI (tail -f'ing the log).
>>>
>>> A search in this mailing-list returns nothing, but a message is found
>>> on the 389-ds list [1];  it seems to suggest that the messages aren't
>>> fatal and are purely informational, yet if they are occurring
>>> constantly that there could be a problem with the replication
>>> algorithm and/or deployment.
>>>
>>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
>>> changed on the deployment side of things, and I don't recall seeing
>>> this message before.
>>>
>>> I'm wondering if it's safe to disregard these messages due to the
>>> re-use of the entries, or if something else should be looked into.
>>>
>>> Thank you,
>>> John DeSantis
>>>
>>> [1] https://fedorahosted.org/389/ticket/47959
>>>
>> --
>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>> Eric Shander
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From deepak_dimri at hotmail.com  Thu Aug 18 14:16:49 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Thu, 18 Aug 2016 10:16:49 -0400
Subject: [Freeipa-users] Admin password no more working
Message-ID: <SNT152-W2176D29B58C0AD49606C83F5150@phx.gbl>

Hi All,
While trying to automate IPA client registration programatically, i seems have made my admin password out of sync between KDC and 








/etc/krb5.keytab. Now when i try login into ipa GUI via admin i am getting "The password or username is incorrect" - though i am trying with the correct password that i have been using. Is there anyway i can login to GUI in this situation? Is there anyway i can get my admin password reseted or something? i can run my ansible playbooks w/out any issues on the linux host but cannot login to GUI any more...
Thanks for your great help!
Regards,Deepak 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160818/71d16c0d/attachment.htm>

From jan.karasek at elostech.cz  Thu Aug 18 14:39:37 2016
From: jan.karasek at elostech.cz (Jan =?utf-8?Q?Kar=C3=A1sek?=)
Date: Thu, 18 Aug 2016 16:39:37 +0200 (CEST)
Subject: [Freeipa-users] IPA-AD ldap acces - account ?
In-Reply-To: <20160818140314.kwhjxdub2ikm3ykb@redhat.com>
References: <mailman.24396.1471438485.3910.freeipa-users@redhat.com>
	<511491783.3044047.1471441772741.JavaMail.zimbra@elostech.cz>
	<20160817141228.tuz47u4srt43fizv@redhat.com>
	<252436502.29264.1471521218882.JavaMail.zimbra@elostech.cz>
	<20160818140314.kwhjxdub2ikm3ykb@redhat.com>
Message-ID: <1008816553.35619.1471531177399.JavaMail.zimbra@elostech.cz>

Great ! Thank you very much. It works ! 

Regards, 
Jan 


From: "Alexander Bokovoy" <abokovoy at redhat.com> 
To: "Jan Kar?sek" <jan.karasek at elostech.cz> 
Cc: freeipa-users at redhat.com 
Sent: Thursday, August 18, 2016 4:03:14 PM 
Subject: Re: [Freeipa-users] IPA-AD ldap acces - account ? 

On Thu, 18 Aug 2016, Jan Kar?sek wrote: 
>Hi, 
>thank you. We are experiencing problems with LDAP access from IPA 
>servers in IPA-AD scenario with one-way trust (Win 2012). 
> 
>So for ldap access IPA uses the xyz$@domain special trust account. 
>According my lab - this account is on the AD side considered as a 
>member of Authenticated users group. By default Authenticated users are 
>member of group Pre-Windows 2000 Compatible Access, and this group have 
>read permission on object type User and therefore IPA is able to read 
>POSIX attributes from these objects. (tested in my lab environment) 
> 
>In our case - due to security team - there is no possibility for 
>Authenticated users to read user's objects - and then IPA is unable to 
>read objects from AD ldap. So we have situation, where kerberos works 
>OK but we are not able to get POSIX attributes from ldap. 
Create a group that could be granted such access, add TDO object there. 

>This situation could have been solved by adding read permission 
>directly to the IPA access account(TDO), but unfortunately it looks 
>like it is not possible. 
Why is it not possible? The account is in AD, one can always grant 
it more permissions there. 

> 
>Questions : 
> 
>1. Do the IPA depends on ability of Authenticated users group to access 
>user's objects attributes ? 
At the very least, yes. Otherwise you need to grant more permissions to 
the TDO account in AD, even though you cannot directly get access to the 
account from non-advanced UI view. However, even Samba 'net' utility 
works fine: 

1. Create a group in the forest root domain: 
# net rpc group add trust-rpc-readonly -S w12.ad.test -UAdministrator%PASSWORD 

2. Add our TDO object to the group: 
# net rpc group addmem trust-rpc-readonly 'IPAAD$' -S w12.ad.test -UAdministrator%PASSWORD 

3. Check that TDO oubject is part of the group 
# net rpc group members trust-read-only -S w12.ad.test -UAdministrator%PASSWORD 
AD\IPAAD$ 

Now you can go to UI and assign specific privileges to the group. 

>2. Is it possible to setup some other "standard" service account for 
>IPA access to AD ldap ? 
No. 

> 
>Thank you, 
>Jan 
> 
> 
> 
>From: "Alexander Bokovoy" <abokovoy at redhat.com> 
>To: "Jan Kar?sek" <jan.karasek at elostech.cz> 
>Cc: freeipa-users at redhat.com 
>Sent: Wednesday, August 17, 2016 4:12:28 PM 
>Subject: Re: [Freeipa-users] IPA-AD ldap acces - account ? 
> 
>On Wed, 17 Aug 2016, Jan Kar?sek wrote: 
>>Hi, 
>> 
>>please could somebody explain how and and with which account IPA is 
>>accessing DC in IPA - AD trust scenario. Is is possible to simulate 
>>with ldapsearch some query to AD with the same permission as IPA 
>>server? 
>Depends on what trust we have. For two-way trust SSSD on IPA masters 
>uses host/master.ipa.domain at IPA.DOMAIN principal because we map it to a 
>SID with a special well-known RID 'Domain Computers' (-515) and attach 
>an MS-PAC record to the TGT issued for this service principal. 
> 
>For one-way trust SSSD on IPA masters uses so-called TDO account. These 
>are special accounts in AD domains which look like a machine account 
>(FOO$) but instead use NetBIOS name of the trusted forest and have 
>specific attributes associated with it. 
> 
>>We have some issues with reading ldap object from AD and I would like 
>>to simulate that from command line. 
> 
>Simplest way is to do something like this on IPA master for one-way 
>trust: 
> 
># klist -kt /var/lib/sss/keytabs/<trust>.keytab 
> 
>notice the principal name there, let's say it is NAME$@TRUST 
> 
># kinit -kt /var/lib/sss/keytabs/<trust>.keytab 'NAME$@TRUST' 
># ldapsearch -H ad.dc -Y GSSAPI .... 
> 
>For two-way trust it is enough to kinit as IPA master host principal: 
> 
># kinit -k 
># ldapsearch -H ad.dc -Y GSSAPI ... 
> 
> 
>-- 
>/ Alexander Bokovoy 

>-- 
>Manage your subscription for the Freeipa-users mailing list: 
>https://www.redhat.com/mailman/listinfo/freeipa-users 
>Go to http://freeipa.org for more info on the project 


-- 
/ Alexander Bokovoy 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160818/75d4bc33/attachment.htm>

From rakesh.rajasekharan at gmail.com  Thu Aug 18 15:23:37 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Thu, 18 Aug 2016 20:53:37 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
Message-ID: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>

Hi

I am migrating to freeipa from openldap and have around 4000 clients

I had openned a another thread on that, but chose to start a new one here
as its a separate issue

I was able to change the nssslapd-maxdescriptors adding an ldif file

cat nsslapd-modify.ldif
dn: cn=config
changetype: modify
replace: nsslapd-maxdescriptors
nsslapd-maxdescriptors: 17000

and running the ldapmodify command

I have now started moving clients running an openldap to Freeipa and have
today moved close to 2000 clients

However, I have noticed that IPA hangs intermittently.

running a kinit admin returns the below error
kinit: Generic error (see e-text) while getting initial credentials

from the /var/log/messages, I see this entry

 prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
Possible SYN flooding on port 88. Sending cookies.  Check SNMP counters.
Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
user root.
Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
user root.
Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
user root.
Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
user root.
Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command Invoked
with creates=None executable=None shell=True args= removes=None warn=True
chdir=None
Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (KDC returned error
string: PROCESS_TGS)

Could it be possible that its due to the initial load of adding the clients
or is there something else that I need to take care of.

Thanks,

Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160818/eef1f799/attachment.htm>

From desantis at mail.usf.edu  Thu Aug 18 15:28:34 2016
From: desantis at mail.usf.edu (John Desantis)
Date: Thu, 18 Aug 2016 11:28:34 -0400
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <57B5C1A4.4070707@redhat.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
	<CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
	<57B5C1A4.4070707@redhat.com>
Message-ID: <CA+Bg6wcVbTdFfkVq53+Myde249Nmk_mEQfOXRFCMtC_VLqQCzQ@mail.gmail.com>

Ludwig,

> unfortunately this is not enough to determine what is going on. The
> intersting generated/used csn is only logged in the
> corresponding RESULT message and these are only the replication connections,
> it would be necessary to see the
> original ADD operation, was it added once or twice by a client ?
> you could pick one entry eg server-6-3-sp and grep for all references in the
> access logs of both servers  (maybe there are mods as well) and then
> get also get the RESULT line for the ops found

Here are the updated log snippets looking for ADD and RESULT:

PROD:11:20:13-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
# grep -E '17/Aug/2016:13:50:4.*conn=602.*(RESULT|ADD)' access.2016081*
access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4139
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4140
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4141
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4142
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000300040000
access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4144
RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bb000400040000
access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4145
RESULT err=0 tag=103 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4146
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4147
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
ADD dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000800040000
access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4149
RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bc000100040000
access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4150
RESULT err=0 tag=103 nentries=0 etime=0
access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4c1000500040000
access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4152
RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c1000600040000

PROD:11:19:54-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
# grep -E '17/Aug/2016:13:50:4.*conn=1395.*(RESULT|ADD)' access.2016081*
access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4148
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4149
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4150
RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4b9000500160000
access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
RESULT err=0 tag=105 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:44 -0400] conn=1395 op=4152
RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4bc000000160000
access.20160817-111940:[17/Aug/2016:13:50:46 -0400] conn=1395 op=4153
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4154
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4155
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4156
RESULT err=0 tag=120 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:48 -0400] conn=1395 op=4157
RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4c1000100160000
access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
RESULT err=0 tag=105 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4159
RESULT err=0 tag=103 nentries=0 etime=0
access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4160
RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c3000000160000

I'm positive that I was the only one performing DNS updates during
this time, and I was only using 1 console.

Thanks,
John DeSantis


2016-08-18 10:09 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>
> On 08/18/2016 03:15 PM, John Desantis wrote:
>>
>> Ludwig,
>>
>> Thank you for your response!
>>
>>> This is a normal scenario, but you could check if the simultaneous
>>> updates
>>> on 4 and 16 are intentional.
>>
>> In regards to the simultaneous updates, the only items I have noted so far
>> are:
>>
>> *  The time sync between the master (4) and replica (16) was off by
>> about 1-2 seconds, with the latter being ahead;
>
> yes, this happens, but the replication protocol tries to handle this, in a
> replication session the supplier and consumer
> exchange their ruvs and if the time differs the csn state generator is
> updated with a local or remote offset so that the
> generated time is always based on the most advanced clock - on all servers.
> And even if you adjust the system time, the csn
> time will never go back.
>>
>> *  There are continual log entries referencing
>> "replication-multimaster-extop" and "Netscape Replication End Session"
>> in the dirsrv "access" logs, and during one of the manifestations of
>> "replica_generate_next_csn", I found this:
>>
>> PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>> ADD
>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>> ADD
>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>> ADD
>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>
>> PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>> ADD
>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>> ADD
>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>
>> It looks like the entries for server-6-3-sp and 6-5-sp were referenced
>> twice.  Do you think that the time being off by 1-2 seconds between
>> the master and replica could be the issue?  The connection 602 is the
>> replication between the replica and master, and the connection 1395 is
>> the replication between the master and replica.
>
> unfortunately this is not enough to determine what is going on. The
> intersting generated/used csn is only logged in the
> corresponding RESULT message and these are only the replication connections,
> it would be necessary to see the
> original ADD operation, was it added once or twice by a client ?
> you could pick one entry eg server-6-3-sp and grep for all references in the
> access logs of both servers  (maybe there are mods as well) and then
> get also get the RESULT line for the ops found
>>
>>
>> Since I know these operations were performed using the console via a
>> for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
>> --a-rec=10.250.12.$i' on one of our login nodes, do you think that
>> specifying an _srv_ record in the DOMAIN configuration with the
>> address of the master server, e.g.: ipa_server = _srv_,
>> MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?
>>
>> I know that these questions are probably leaning more towards the
>> 389ds team, so feel free to pass me over to them if need be.
>
> I think I can address the ds related questions, but I don't know about
> console and dns to assess if the behaviour is normal
>
>>
>> Again, thank you very much for responding!
>>
>> John DeSantis
>>
>> 2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>
>>> On 08/17/2016 08:54 PM, John Desantis wrote:
>>>>
>>>> Hello all,
>>>>
>>>> We've been re-using old host names and IP addresses for a new
>>>> deployment of nodes, and recently I've been seeing the messages pasted
>>>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>>>
>>>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>>>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>>>> opcsn=57b475cf000100040000
>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>>>> opcsn=57b47f00000300040000
>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>>>> opcsn=57b47f00000500040000
>>>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>>>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>>>> opcsn=57b47f30000300040000
>>>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>>>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>>>> opcsn=57b4a4bc000100040000
>>>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>>>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>>>> opcsn=57b4a53f000100040000
>>>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>>>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>>>> opcsn=57b4a553000100040000
>>>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>>>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>>>> opcsn=57b4a564000100040000
>>>
>>> Each modification (add/del/mod) gets a csn assignged used in replication
>>> update resolution. And each assigned csn has to newer than an existing
>>> one.
>>> The messages you see is from code that double checks that the entry
>>> doesn't
>>> have already a lareg csn - and adjusts it.
>>> The logs indicate that entries are more or less concurrently updated on
>>> replica 4 and 16, and the updates from16 are received while processing
>>> the
>>> updates on 4.
>>> This is a normal scenario, but you could check if the simultaneous
>>> updates
>>> on 4 and 16 are intentional.
>>>
>>>> They seem to only occur when updating DNS entries, whether on the
>>>> console or via the GUI (tail -f'ing the log).
>>>>
>>>> A search in this mailing-list returns nothing, but a message is found
>>>> on the 389-ds list [1];  it seems to suggest that the messages aren't
>>>> fatal and are purely informational, yet if they are occurring
>>>> constantly that there could be a problem with the replication
>>>> algorithm and/or deployment.
>>>>
>>>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
>>>> changed on the deployment side of things, and I don't recall seeing
>>>> this message before.
>>>>
>>>> I'm wondering if it's safe to disregard these messages due to the
>>>> re-use of the entries, or if something else should be looked into.
>>>>
>>>> Thank you,
>>>> John DeSantis
>>>>
>>>> [1] https://fedorahosted.org/389/ticket/47959
>>>>
>>> --
>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>>> Eric Shander
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>
>
> --
> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
> Eric Shander
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From splash at gmail.com  Thu Aug 18 21:36:54 2016
From: splash at gmail.com (Diogenes S. Jesus)
Date: Thu, 18 Aug 2016 23:36:54 +0200
Subject: [Freeipa-users] FreeIPA and slave MIT slave KDCs
In-Reply-To: <726f2245-c88e-4840-0754-38dcffc2f674@redhat.com>
References: <CAD8MJvBDYKCgQ2X6-Bj1m+12cb4ocNPQ0keuGmXU7_9DksDL4w@mail.gmail.com>
	<726f2245-c88e-4840-0754-38dcffc2f674@redhat.com>
Message-ID: <CAD8MJvCQH6FghzPhnRhH4pUgupXSpvHYdy8hvmidqDJbnKA58g@mail.gmail.com>

Thanks Petr.

It seems like the only way to do it right now is to dump the keytab and
copy it to slave KDCs, as I couldn't find a way to have MIT Kerberos to use
the master key stored in the LDAP directly.

MIT Kerberos doesn't really support a master key stored elsewhere other
than using "key_stash_file" AFAIK, so I'm wondering how FreeIPA has
actually implemented it (I couldn't find any reference for it in the
kerberos conf files).

My use case involves having a "FreeIPA slave"  - a streamlined version
which will only provide authentication (via Kerberos). Sure, I can make a
standard replica and firewall what I don't wanna use, but when stretching
your authentication infrastructure you don't necessary need to expose all
other services FreeIPA provides, since that increases your attack surface.

Best regards

On Fri, Jul 22, 2016 at 10:14 AM, Petr Spacek <pspacek at redhat.com> wrote:

> On 21.7.2016 22:05, Diogenes S. Jesus wrote:
> > Hi everyone.
> >
> > I'm currently planning on deploying FreeIPA as the Master KDC (among
> other
> > things to leverage from the API and some other built-in features - like
> > replicas).
> > However I find (correct if I'm wrong) FreeIPA not very modular -
> therefore
> > I would like to know what's the strategy when deploying slave KDCs.
> >
> > I've seen this thread
> > <https://www.redhat.com/archives/freeipa-users/2013-
> September/msg00319.html>
> > but I
> > don't really want to have a replica - the idea was to deploy a separate
> box
> > only running KDC - since the authentication is delegated to RADIUS for
> > Authentication, I don't need to expose LDAP Master to KDC slaves - If
> yes,
> > I would provide a read-only LDAP replica..
> >
> >
> > For starters, where is the FreeIPA KDC stash file stored?
>
> AFAIK there is no prior art in setting up MIT KDC slaves. First of all,
> FreeIPA does not use stash file and stores master key in LDAP instead.
>
> You can retrieve equivalent of stash file using following command:
>
> $ ipa-getkeytab --retrieve --principal K/M@<REALM> -k /tmp/stash.keytab
> --binddn='cn=Directory manager' --bindpw='<Directory manager password>'
>
> *Make sure* that --retrieve option is present otherwise it will destroy
> your
> Kerberos database.
>
> The rest is up to your experimentation. I wish you good luck and please
> report
> your findings back to the mailing list!
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



-- 

--------

Diogenes S. de Jesus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160818/ec2775f2/attachment.htm>

From pspacek at redhat.com  Fri Aug 19 06:13:47 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 19 Aug 2016 08:13:47 +0200
Subject: [Freeipa-users] FreeIPA and slave MIT slave KDCs
In-Reply-To: <CAD8MJvCQH6FghzPhnRhH4pUgupXSpvHYdy8hvmidqDJbnKA58g@mail.gmail.com>
References: <CAD8MJvBDYKCgQ2X6-Bj1m+12cb4ocNPQ0keuGmXU7_9DksDL4w@mail.gmail.com>
	<726f2245-c88e-4840-0754-38dcffc2f674@redhat.com>
	<CAD8MJvCQH6FghzPhnRhH4pUgupXSpvHYdy8hvmidqDJbnKA58g@mail.gmail.com>
Message-ID: <560f3b69-e4cc-d936-ee47-9a5bae453613@redhat.com>

On 18.8.2016 23:36, Diogenes S. Jesus wrote:
> Thanks Petr.
> 
> It seems like the only way to do it right now is to dump the keytab and
> copy it to slave KDCs, as I couldn't find a way to have MIT Kerberos to use
> the master key stored in the LDAP directly.

That is expected. If you want, just dump the key to file and distribute it
(using a secure mechanism). At the moment, FreeIPA does not rotate the master
key so it should just work.


> MIT Kerberos doesn't really support a master key stored elsewhere other
> than using "key_stash_file" AFAIK, so I'm wondering how FreeIPA has
> actually implemented it (I couldn't find any reference for it in the
> kerberos conf files).

FreeIPA has own KDC database driver:
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-kdb?id=6b7d6417d403c983691c790c1e60cfe32bf1c420

This is why you cannot find this in standard MIT KDC.


> My use case involves having a "FreeIPA slave"  - a streamlined version
> which will only provide authentication (via Kerberos). Sure, I can make a
> standard replica and firewall what I don't wanna use, but when stretching
> your authentication infrastructure you don't necessary need to expose all
> other services FreeIPA provides, since that increases your attack surface.

Well, it should work if you leave all ports open for communication among
replicas but block out all clients.

In this case do not forget to remove DNS SRV records for other services so
clients do not timeout while attempting to contact firewalled replicas.

(Please note that FreeIPA DNS automatically re-generates DNS SRV records when
you change something in replica topology or run an IPA installer - you will
need to make the changes again.)


If you want to try the pure KDC slave, please let us know how it worked. I'm
curious :-)

Petr^2 Spacek


> Best regards
> 
> On Fri, Jul 22, 2016 at 10:14 AM, Petr Spacek <pspacek at redhat.com> wrote:
> 
>> On 21.7.2016 22:05, Diogenes S. Jesus wrote:
>>> Hi everyone.
>>>
>>> I'm currently planning on deploying FreeIPA as the Master KDC (among
>> other
>>> things to leverage from the API and some other built-in features - like
>>> replicas).
>>> However I find (correct if I'm wrong) FreeIPA not very modular -
>> therefore
>>> I would like to know what's the strategy when deploying slave KDCs.
>>>
>>> I've seen this thread
>>> <https://www.redhat.com/archives/freeipa-users/2013-
>> September/msg00319.html>
>>> but I
>>> don't really want to have a replica - the idea was to deploy a separate
>> box
>>> only running KDC - since the authentication is delegated to RADIUS for
>>> Authentication, I don't need to expose LDAP Master to KDC slaves - If
>> yes,
>>> I would provide a read-only LDAP replica..
>>>
>>>
>>> For starters, where is the FreeIPA KDC stash file stored?
>>
>> AFAIK there is no prior art in setting up MIT KDC slaves. First of all,
>> FreeIPA does not use stash file and stores master key in LDAP instead.
>>
>> You can retrieve equivalent of stash file using following command:
>>
>> $ ipa-getkeytab --retrieve --principal K/M@<REALM> -k /tmp/stash.keytab
>> --binddn='cn=Directory manager' --bindpw='<Directory manager password>'
>>
>> *Make sure* that --retrieve option is present otherwise it will destroy
>> your
>> Kerberos database.
>>
>> The rest is up to your experimentation. I wish you good luck and please
>> report
>> your findings back to the mailing list!



From mkosek at redhat.com  Fri Aug 19 07:05:13 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Fri, 19 Aug 2016 09:05:13 +0200
Subject: [Freeipa-users] Admin password no more working
In-Reply-To: <SNT152-W2176D29B58C0AD49606C83F5150@phx.gbl>
References: <SNT152-W2176D29B58C0AD49606C83F5150@phx.gbl>
Message-ID: <1789f745-099a-817d-bd23-b005489bc137@redhat.com>

On 08/18/2016 04:16 PM, Deepak Dimri wrote:
> Hi All,
> 
> While trying to automate IPA client registration programatically, i seems have 
> made my admin password out of sync between KDC and
> /etc/krb5.keytab.

This looks confusing, admin password and /etc/krb5.keytab do not look related.
The keytab is for host keytab.

> Now when i try login into ipa GUI via admin i am getting "The 
> password or username is incorrect" - though i am trying with the correct 
> password that i have been using. Is there anyway i can login to GUI in this 
> situation? Is there anyway i can get my admin password reseted or something? i 
> can run my ansible playbooks w/out any issues on the linux host but cannot login 
> to GUI any more...

Can you log in to GUI with other logins. If not, then check this page:
http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI

Martin



From pspacek at redhat.com  Fri Aug 19 07:28:09 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 19 Aug 2016 09:28:09 +0200
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
Message-ID: <68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>

On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> Hi
> 
> I am migrating to freeipa from openldap and have around 4000 clients
> 
> I had openned a another thread on that, but chose to start a new one here
> as its a separate issue
> 
> I was able to change the nssslapd-maxdescriptors adding an ldif file
> 
> cat nsslapd-modify.ldif
> dn: cn=config
> changetype: modify
> replace: nsslapd-maxdescriptors
> nsslapd-maxdescriptors: 17000
> 
> and running the ldapmodify command
> 
> I have now started moving clients running an openldap to Freeipa and have
> today moved close to 2000 clients
> 
> However, I have noticed that IPA hangs intermittently.
> 
> running a kinit admin returns the below error
> kinit: Generic error (see e-text) while getting initial credentials
> 
> from the /var/log/messages, I see this entry
> 
>  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
> Possible SYN flooding on port 88. Sending cookies.  Check SNMP counters.

I would be worried about this message. Maybe kernel/firewall is doing
something fishy behind your back and blocking some connections or so.

Petr^2 Spacek


> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
> user root.
> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
> user root.
> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
> user root.
> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
> user root.
> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command Invoked
> with creates=None executable=None shell=True args= removes=None warn=True
> chdir=None
> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified GSS
> failure.  Minor code may provide more information (KDC returned error
> string: PROCESS_TGS)
> 
> Could it be possible that its due to the initial load of adding the clients
> or is there something else that I need to take care of.
> 
> Thanks,
> 
> Rakesh



From t.ruiten at rdmedia.com  Fri Aug 19 09:36:25 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Fri, 19 Aug 2016 11:36:25 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
Message-ID: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>

Hello,

I need some help getting one of my replica's to work. Assistance would be
much appreciated.

After the iSCSI volumes of two replicas of were briefly unavailable, on one
of them DNS and LDAP stopped working and replication seems to have stopped.
The ipa service failed with a message that an upgrade was required, so I
ran ipa-server-upgrade, but it failed due to an empty dse.ldif.

Then I probably made a mistake by copying a dse.ldif from another replica
and trying to run the upgrade. It worked more or less, but DNS still didn't
work.

Next I replaced it with an older backup file (from Aug 4) ran the upgrade
command again and after some fiddling all services started normally, except
ipa-dnskeysyncd:

journalctl -u ipa-dnskeysyncd

Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
ipa-dnskeysyncd.service holdoff time over, scheduling restart.
Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
daemon.
Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
daemon...
Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
WARNING: session memcached servers not running
Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
  : INFO     LDAP bind...
Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
step 1
Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
step 1
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
  : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
more information (No key table entry found matching
ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: Traceback
(most recent call last):
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
"/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
sasl_interactive_bind_s
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
_apply_method_s
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
func(self,*args,**kwargs)
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
sasl_interactive_bind_s
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
"/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
_ldap_call
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result =
func(*args,**kwargs)
Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information (No key
table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc':
'Invalid credentials'}

praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from. DNS
and logins to the webinterface on this host are still not working.

What can I do to get this replica in working order again?

-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/1397d6d1/attachment.htm>

From t.ruiten at rdmedia.com  Fri Aug 19 09:43:15 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Fri, 19 Aug 2016 11:43:15 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
In-Reply-To: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
References: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
Message-ID: <CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>

I see I didn't use the right terminology: all four of my FreeIPA servers
are masters.

On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:

> Hello,
>
> I need some help getting one of my replica's to work. Assistance would be
> much appreciated.
>
> After the iSCSI volumes of two replicas of were briefly unavailable, on
> one of them DNS and LDAP stopped working and replication seems to have
> stopped. The ipa service failed with a message that an upgrade was
> required, so I ran ipa-server-upgrade, but it failed due to an empty
> dse.ldif.
>
> Then I probably made a mistake by copying a dse.ldif from another replica
> and trying to run the upgrade. It worked more or less, but DNS still didn't
> work.
>
> Next I replaced it with an older backup file (from Aug 4) ran the upgrade
> command again and after some fiddling all services started normally, except
> ipa-dnskeysyncd:
>
> journalctl -u ipa-dnskeysyncd
>
> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
> daemon.
> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
> daemon...
> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
> WARNING: session memcached servers not running
> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>     : INFO     LDAP bind...
> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
> step 1
> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
> step 1
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>     : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
> more information (No key table entry found matching
> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> Traceback (most recent call last):
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
> sasl_interactive_bind_s
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**
> kwargs)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
> _apply_method_s
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
> func(self,*args,**kwargs)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
> sasl_interactive_bind_s
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
> self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,
> RequestControlTuples(serverctrls),RequestControlTuples(
> clientctrls),sasl_flags)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
> _ldap_call
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result
> = func(*args,**kwargs)
> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure.  Minor code may provide more information (No key
> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc':
> 'Invalid credentials'}
>
> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
> DNS and logins to the webinterface on this host are still not working.
>
> What can I do to get this replica in working order again?
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/a3dbaadc/attachment.htm>

From t.ruiten at rdmedia.com  Fri Aug 19 10:14:21 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Fri, 19 Aug 2016 12:14:21 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
In-Reply-To: <CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>
References: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
	<CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>
Message-ID: <CAAegNz3tM-MWfzdBGCsqLBkAL8UqcXFxJ58YENHPfzzk-fA+Og@mail.gmail.com>

I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors, looks
definitely like an issue with dirsrv.

On 19 August 2016 at 11:43, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:

> I see I didn't use the right terminology: all four of my FreeIPA servers
> are masters.
>
> On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>
>> Hello,
>>
>> I need some help getting one of my replica's to work. Assistance would be
>> much appreciated.
>>
>> After the iSCSI volumes of two replicas of were briefly unavailable, on
>> one of them DNS and LDAP stopped working and replication seems to have
>> stopped. The ipa service failed with a message that an upgrade was
>> required, so I ran ipa-server-upgrade, but it failed due to an empty
>> dse.ldif.
>>
>> Then I probably made a mistake by copying a dse.ldif from another replica
>> and trying to run the upgrade. It worked more or less, but DNS still didn't
>> work.
>>
>> Next I replaced it with an older backup file (from Aug 4) ran the upgrade
>> command again and after some fiddling all services started normally, except
>> ipa-dnskeysyncd:
>>
>> journalctl -u ipa-dnskeysyncd
>>
>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
>> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
>> daemon.
>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
>> daemon...
>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
>> WARNING: session memcached servers not running
>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>       : INFO     LDAP bind...
>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>> step 1
>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>> step 1
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>       : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>> more information (No key table entry found matching
>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>> Traceback (most recent call last):
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
>> sasl_interactive_bind_s
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_
>> s,*args,**kwargs)
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
>> _apply_method_s
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
>> func(self,*args,**kwargs)
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
>> sasl_interactive_bind_s
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: return
>> self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req
>> uestControlTuples(serverctrls),RequestControlTuples(clientct
>> rls),sasl_flags)
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
>> _ldap_call
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: result
>> = func(*args,**kwargs)
>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
>> Unspecified GSS failure.  Minor code may provide more information (No key
>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)', 'desc':
>> 'Invalid credentials'}
>>
>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
>> DNS and logins to the webinterface on this host are still not working.
>>
>> What can I do to get this replica in working order again?
>>
>> --
>> Tiemen Ruiten
>> Systems Engineer
>> R&D Media
>>
>
>
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/3d65b78f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: errors.gz
Type: application/x-gzip
Size: 13765 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/3d65b78f/attachment.bin>

From christophe.trefois at uni.lu  Fri Aug 19 10:20:48 2016
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Fri, 19 Aug 2016 10:20:48 +0000
Subject: [Freeipa-users] Login problems
Message-ID: <F430AE43-20FA-4DBC-9C60-9D78193B144C@uni.lu>

Hi,

We have a 3 way replica against one master. So there is only agreements between 1 and 2 and 1 and 3.

Since recently sometimes the master does not allow me to login anymore, whereas I can login fine to 2 and 3. After a few minutes everything comes back to normal and it works. 

The master is on centos 7 v4.2 and is still connected to an old 3 replica running F21. We plan to disconnect this agreement in the coming weeks.

Does anybody have seen this before or have a clue what could be going on here?

Any help is welcome.

Thank you,
Christophe 

Sent from my iPhone
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2225 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/4800a309/attachment.p7s>

From jhrozek at redhat.com  Fri Aug 19 11:24:38 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 19 Aug 2016 13:24:38 +0200
Subject: [Freeipa-users] Login problems
In-Reply-To: <F430AE43-20FA-4DBC-9C60-9D78193B144C@uni.lu>
References: <F430AE43-20FA-4DBC-9C60-9D78193B144C@uni.lu>
Message-ID: <20160819112438.tkonpu7zz7jflvz5@hendrix>

On Fri, Aug 19, 2016 at 10:20:48AM +0000, Christophe TREFOIS wrote:
> Hi,
> 
> We have a 3 way replica against one master. So there is only agreements between 1 and 2 and 1 and 3.
> 
> Since recently sometimes the master does not allow me to login anymore, whereas I can login fine to 2 and 3. After a few minutes everything comes back to normal and it works. 
> 
> The master is on centos 7 v4.2 and is still connected to an old 3 replica running F21. We plan to disconnect this agreement in the coming weeks.
> 
> Does anybody have seen this before or have a clue what could be going on here?

Login where, the web UI or to the machine itself?



From christophe.trefois at uni.lu  Fri Aug 19 13:04:42 2016
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Fri, 19 Aug 2016 13:04:42 +0000
Subject: [Freeipa-users] Login problems
In-Reply-To: <20160819112438.tkonpu7zz7jflvz5@hendrix>
References: <F430AE43-20FA-4DBC-9C60-9D78193B144C@uni.lu>
	<20160819112438.tkonpu7zz7jflvz5@hendrix>
Message-ID: <78BCC7F9-8D39-496A-9E7C-B21C0BC74B7C@uni.lu>

Hi Jakub,

The web UI, and also services that are connected to FreeIPA via LDAP gave me an invalid credentials error.

I have this 2-3 times in the past days.

I can not see anything in error log or any other log for the times i tried to connect.
I have no idea what could go wrong?.

Thanks,
  

> On 19 Aug 2016, at 13:24, Jakub Hrozek <jhrozek at redhat.com> wrote:
> 
> On Fri, Aug 19, 2016 at 10:20:48AM +0000, Christophe TREFOIS wrote:
>> Hi,
>> 
>> We have a 3 way replica against one master. So there is only agreements between 1 and 2 and 1 and 3.
>> 
>> Since recently sometimes the master does not allow me to login anymore, whereas I can login fine to 2 and 3. After a few minutes everything comes back to normal and it works. 
>> 
>> The master is on centos 7 v4.2 and is still connected to an old 3 replica running F21. We plan to disconnect this agreement in the coming weeks.
>> 
>> Does anybody have seen this before or have a clue what could be going on here?
> 
> Login where, the web UI or to the machine itself?
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From lkrispen at redhat.com  Fri Aug 19 13:18:27 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Fri, 19 Aug 2016 15:18:27 +0200
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <CA+Bg6wcVbTdFfkVq53+Myde249Nmk_mEQfOXRFCMtC_VLqQCzQ@mail.gmail.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
	<CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
	<57B5C1A4.4070707@redhat.com>
	<CA+Bg6wcVbTdFfkVq53+Myde249Nmk_mEQfOXRFCMtC_VLqQCzQ@mail.gmail.com>
Message-ID: <57B70723.8020702@redhat.com>


On 08/18/2016 05:28 PM, John Desantis wrote:
> Ludwig,
>
>> unfortunately this is not enough to determine what is going on. The
>> intersting generated/used csn is only logged in the
>> corresponding RESULT message and these are only the replication connections,
>> it would be necessary to see the
>> original ADD operation, was it added once or twice by a client ?
>> you could pick one entry eg server-6-3-sp and grep for all references in the
>> access logs of both servers  (maybe there are mods as well) and then
>> get also get the RESULT line for the ops found
> Here are the updated log snippets looking for ADD and RESULT:
you still only grep the replication connection, but before being 
replicated the entry has to be added by some client connection, can you 
get all references to the entry ?
the log snippet you provide shows also csns with tag=103, which indicate 
a MOD, are these MODs for the added entries ? or other mods ?
>
> PROD:11:20:13-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
> # grep -E '17/Aug/2016:13:50:4.*conn=602.*(RESULT|ADD)' access.2016081*
> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4139
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4140
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4141
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4142
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
> ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000300040000
> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4144
> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bb000400040000
> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4145
> RESULT err=0 tag=103 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4146
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4147
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
> ADD dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000800040000
> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4149
> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bc000100040000
> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4150
> RESULT err=0 tag=103 nentries=0 etime=0
> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
> ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4c1000500040000
> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4152
> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c1000600040000
>
> PROD:11:19:54-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*(RESULT|ADD)' access.2016081*
> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4148
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4149
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4150
> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4b9000500160000
> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
> ADD dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
> RESULT err=0 tag=105 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:44 -0400] conn=1395 op=4152
> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4bc000000160000
> access.20160817-111940:[17/Aug/2016:13:50:46 -0400] conn=1395 op=4153
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4154
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4155
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4156
> RESULT err=0 tag=120 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:48 -0400] conn=1395 op=4157
> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4c1000100160000
> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
> ADD dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
> RESULT err=0 tag=105 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4159
> RESULT err=0 tag=103 nentries=0 etime=0
> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4160
> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c3000000160000
>
> I'm positive that I was the only one performing DNS updates during
> this time, and I was only using 1 console.
>
> Thanks,
> John DeSantis
>
>
> 2016-08-18 10:09 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>> On 08/18/2016 03:15 PM, John Desantis wrote:
>>> Ludwig,
>>>
>>> Thank you for your response!
>>>
>>>> This is a normal scenario, but you could check if the simultaneous
>>>> updates
>>>> on 4 and 16 are intentional.
>>> In regards to the simultaneous updates, the only items I have noted so far
>>> are:
>>>
>>> *  The time sync between the master (4) and replica (16) was off by
>>> about 1-2 seconds, with the latter being ahead;
>> yes, this happens, but the replication protocol tries to handle this, in a
>> replication session the supplier and consumer
>> exchange their ruvs and if the time differs the csn state generator is
>> updated with a local or remote offset so that the
>> generated time is always based on the most advanced clock - on all servers.
>> And even if you adjust the system time, the csn
>> time will never go back.
>>> *  There are continual log entries referencing
>>> "replication-multimaster-extop" and "Netscape Replication End Session"
>>> in the dirsrv "access" logs, and during one of the manifestations of
>>> "replica_generate_next_csn", I found this:
>>>
>>> PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>> ADD
>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>> ADD
>>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>> ADD
>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>
>>> PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>> ADD
>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>> ADD
>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>
>>> It looks like the entries for server-6-3-sp and 6-5-sp were referenced
>>> twice.  Do you think that the time being off by 1-2 seconds between
>>> the master and replica could be the issue?  The connection 602 is the
>>> replication between the replica and master, and the connection 1395 is
>>> the replication between the master and replica.
>> unfortunately this is not enough to determine what is going on. The
>> intersting generated/used csn is only logged in the
>> corresponding RESULT message and these are only the replication connections,
>> it would be necessary to see the
>> original ADD operation, was it added once or twice by a client ?
>> you could pick one entry eg server-6-3-sp and grep for all references in the
>> access logs of both servers  (maybe there are mods as well) and then
>> get also get the RESULT line for the ops found
>>>
>>> Since I know these operations were performed using the console via a
>>> for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
>>> --a-rec=10.250.12.$i' on one of our login nodes, do you think that
>>> specifying an _srv_ record in the DOMAIN configuration with the
>>> address of the master server, e.g.: ipa_server = _srv_,
>>> MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?
>>>
>>> I know that these questions are probably leaning more towards the
>>> 389ds team, so feel free to pass me over to them if need be.
>> I think I can address the ds related questions, but I don't know about
>> console and dns to assess if the behaviour is normal
>>
>>> Again, thank you very much for responding!
>>>
>>> John DeSantis
>>>
>>> 2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>> On 08/17/2016 08:54 PM, John Desantis wrote:
>>>>> Hello all,
>>>>>
>>>>> We've been re-using old host names and IP addresses for a new
>>>>> deployment of nodes, and recently I've been seeing the messages pasted
>>>>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>>>>
>>>>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>>>>> opcsn=57b475cf000100040000
>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>>>>> opcsn=57b47f00000300040000
>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>>>>> opcsn=57b47f00000500040000
>>>>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>>>>> opcsn=57b47f30000300040000
>>>>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>>>>> opcsn=57b4a4bc000100040000
>>>>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>>>>> opcsn=57b4a53f000100040000
>>>>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>>>>> opcsn=57b4a553000100040000
>>>>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>>>>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>>>>> opcsn=57b4a564000100040000
>>>> Each modification (add/del/mod) gets a csn assignged used in replication
>>>> update resolution. And each assigned csn has to newer than an existing
>>>> one.
>>>> The messages you see is from code that double checks that the entry
>>>> doesn't
>>>> have already a lareg csn - and adjusts it.
>>>> The logs indicate that entries are more or less concurrently updated on
>>>> replica 4 and 16, and the updates from16 are received while processing
>>>> the
>>>> updates on 4.
>>>> This is a normal scenario, but you could check if the simultaneous
>>>> updates
>>>> on 4 and 16 are intentional.
>>>>
>>>>> They seem to only occur when updating DNS entries, whether on the
>>>>> console or via the GUI (tail -f'ing the log).
>>>>>
>>>>> A search in this mailing-list returns nothing, but a message is found
>>>>> on the 389-ds list [1];  it seems to suggest that the messages aren't
>>>>> fatal and are purely informational, yet if they are occurring
>>>>> constantly that there could be a problem with the replication
>>>>> algorithm and/or deployment.
>>>>>
>>>>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
>>>>> changed on the deployment side of things, and I don't recall seeing
>>>>> this message before.
>>>>>
>>>>> I'm wondering if it's safe to disregard these messages due to the
>>>>> re-use of the entries, or if something else should be looked into.
>>>>>
>>>>> Thank you,
>>>>> John DeSantis
>>>>>
>>>>> [1] https://fedorahosted.org/389/ticket/47959
>>>>>
>>>> --
>>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>>>> Eric Shander
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>
>> --
>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>> Eric Shander
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From t.ruiten at rdmedia.com  Fri Aug 19 13:26:26 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Fri, 19 Aug 2016 15:26:26 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
In-Reply-To: <CAAegNz3tM-MWfzdBGCsqLBkAL8UqcXFxJ58YENHPfzzk-fA+Og@mail.gmail.com>
References: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
	<CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>
	<CAAegNz3tM-MWfzdBGCsqLBkAL8UqcXFxJ58YENHPfzzk-fA+Og@mail.gmail.com>
Message-ID: <CAAegNz3qaLC+=cWbqcbAz0ATtTfBTwSwgRK8ybbeuo=6HeHWyw@mail.gmail.com>

Managed to fix it: had to stop dirsrv at IPA-RDMEDIA-COM and put the server's
hostname on the line with nsslapd-localhost

Then run ipa-replica-manage re-initialize --from
other-master.ipa.rdmedia.com

On 19 August 2016 at 12:14, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:

> I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors,
> looks definitely like an issue with dirsrv.
>
> On 19 August 2016 at 11:43, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>
>> I see I didn't use the right terminology: all four of my FreeIPA servers
>> are masters.
>>
>> On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>>
>>> Hello,
>>>
>>> I need some help getting one of my replica's to work. Assistance would
>>> be much appreciated.
>>>
>>> After the iSCSI volumes of two replicas of were briefly unavailable, on
>>> one of them DNS and LDAP stopped working and replication seems to have
>>> stopped. The ipa service failed with a message that an upgrade was
>>> required, so I ran ipa-server-upgrade, but it failed due to an empty
>>> dse.ldif.
>>>
>>> Then I probably made a mistake by copying a dse.ldif from another
>>> replica and trying to run the upgrade. It worked more or less, but DNS
>>> still didn't work.
>>>
>>> Next I replaced it with an older backup file (from Aug 4) ran the
>>> upgrade command again and after some fiddling all services started
>>> normally, except ipa-dnskeysyncd:
>>>
>>> journalctl -u ipa-dnskeysyncd
>>>
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
>>> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
>>> daemon.
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
>>> daemon...
>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
>>> WARNING: session memcached servers not running
>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>       : INFO     LDAP bind...
>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>> step 1
>>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>> step 1
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>       : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
>>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>>> more information (No key table entry found matching
>>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> Traceback (most recent call last):
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
>>> sasl_interactive_bind_s
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
>>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_
>>> s,*args,**kwargs)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
>>> _apply_method_s
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> return func(self,*args,**kwargs)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
>>> sasl_interactive_bind_s
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req
>>> uestControlTuples(serverctrls),RequestControlTuples(clientct
>>> rls),sasl_flags)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
>>> _ldap_call
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> result = func(*args,**kwargs)
>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
>>> Unspecified GSS failure.  Minor code may provide more information (No key
>>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)',
>>> 'desc': 'Invalid credentials'}
>>>
>>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
>>> DNS and logins to the webinterface on this host are still not working.
>>>
>>> What can I do to get this replica in working order again?
>>>
>>> --
>>> Tiemen Ruiten
>>> Systems Engineer
>>> R&D Media
>>>
>>
>>
>>
>> --
>> Tiemen Ruiten
>> Systems Engineer
>> R&D Media
>>
>
>
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/a8be4851/attachment.htm>

From rakesh.rajasekharan at gmail.com  Fri Aug 19 13:54:07 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Fri, 19 Aug 2016 19:24:07 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
Message-ID: <CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>

yes there seems to be something thats worrying.. I have faced this today as
well.
There are few hosts around 280 odd left and when i try adding them to IPA ,
the slowness begins..

all the ipa commands like ipa user-find.. etc becomes very slow in
responding.

the SYNC_RECV are not many though just around 80-90 and today that was
around 20 only


I have for now increased tcp_max_syn_backlog to 5000.
For now the slowness seems to have gone.. but I will do a try adding the
clients again tomorrow and see how it goes

Thanks
Rakesh

The issues

On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com> wrote:

> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> > Hi
> >
> > I am migrating to freeipa from openldap and have around 4000 clients
> >
> > I had openned a another thread on that, but chose to start a new one here
> > as its a separate issue
> >
> > I was able to change the nssslapd-maxdescriptors adding an ldif file
> >
> > cat nsslapd-modify.ldif
> > dn: cn=config
> > changetype: modify
> > replace: nsslapd-maxdescriptors
> > nsslapd-maxdescriptors: 17000
> >
> > and running the ldapmodify command
> >
> > I have now started moving clients running an openldap to Freeipa and have
> > today moved close to 2000 clients
> >
> > However, I have noticed that IPA hangs intermittently.
> >
> > running a kinit admin returns the below error
> > kinit: Generic error (see e-text) while getting initial credentials
> >
> > from the /var/log/messages, I see this entry
> >
> >  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
> > Possible SYN flooding on port 88. Sending cookies.  Check SNMP counters.
>
> I would be worried about this message. Maybe kernel/firewall is doing
> something fishy behind your back and blocking some connections or so.
>
> Petr^2 Spacek
>
>
> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
> > user root.
> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
> > user root.
> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
> > user root.
> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
> > user root.
> > Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
> Invoked
> > with creates=None executable=None shell=True args= removes=None warn=True
> > chdir=None
> > Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
> GSS
> > failure.  Minor code may provide more information (KDC returned error
> > string: PROCESS_TGS)
> >
> > Could it be possible that its due to the initial load of adding the
> clients
> > or is there something else that I need to take care of.
> >
> > Thanks,
> >
> > Rakesh
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/c92e2f7d/attachment.htm>

From pspacek at redhat.com  Fri Aug 19 13:59:19 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 19 Aug 2016 15:59:19 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
In-Reply-To: <CAAegNz3qaLC+=cWbqcbAz0ATtTfBTwSwgRK8ybbeuo=6HeHWyw@mail.gmail.com>
References: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
	<CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>
	<CAAegNz3tM-MWfzdBGCsqLBkAL8UqcXFxJ58YENHPfzzk-fA+Og@mail.gmail.com>
	<CAAegNz3qaLC+=cWbqcbAz0ATtTfBTwSwgRK8ybbeuo=6HeHWyw@mail.gmail.com>
Message-ID: <37014e9b-d17a-7061-a9d5-555704019fe4@redhat.com>

On 19.8.2016 15:26, Tiemen Ruiten wrote:
> Managed to fix it: had to stop dirsrv at IPA-RDMEDIA-COM and put the server's
> hostname on the line with nsslapd-localhost

Uh, this is quite brutal. There might be some other server-specific options.

If you can dig up older dse.ldif from the same server, I would rather restore
that version. You never know what will silently break.

Petr^2 Spacek

> 
> Then run ipa-replica-manage re-initialize --from
> other-master.ipa.rdmedia.com
> 
> On 19 August 2016 at 12:14, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
> 
>> I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors,
>> looks definitely like an issue with dirsrv.
>>
>> On 19 August 2016 at 11:43, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>>
>>> I see I didn't use the right terminology: all four of my FreeIPA servers
>>> are masters.
>>>
>>> On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I need some help getting one of my replica's to work. Assistance would
>>>> be much appreciated.
>>>>
>>>> After the iSCSI volumes of two replicas of were briefly unavailable, on
>>>> one of them DNS and LDAP stopped working and replication seems to have
>>>> stopped. The ipa service failed with a message that an upgrade was
>>>> required, so I ran ipa-server-upgrade, but it failed due to an empty
>>>> dse.ldif.
>>>>
>>>> Then I probably made a mistake by copying a dse.ldif from another
>>>> replica and trying to run the upgrade. It worked more or less, but DNS
>>>> still didn't work.
>>>>
>>>> Next I replaced it with an older backup file (from Aug 4) ran the
>>>> upgrade command again and after some fiddling all services started
>>>> normally, except ipa-dnskeysyncd:
>>>>
>>>> journalctl -u ipa-dnskeysyncd
>>>>
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
>>>> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA key
>>>> daemon.
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA key
>>>> daemon...
>>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa:
>>>> WARNING: session memcached servers not running
>>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>>       : INFO     LDAP bind...
>>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>>> step 1
>>>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI client
>>>> step 1
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
>>>>       : ERROR    Login to LDAP server failed: {'info': 'SASL(-1): generic
>>>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>>>> more information (No key table entry found matching
>>>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> Traceback (most recent call last):
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
>>>> sasl_interactive_bind_s
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: res =
>>>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_
>>>> s,*args,**kwargs)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
>>>> _apply_method_s
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> return func(self,*args,**kwargs)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
>>>> sasl_interactive_bind_s
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req
>>>> uestControlTuples(serverctrls),RequestControlTuples(clientct
>>>> rls),sasl_flags)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: File
>>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
>>>> _ldap_call
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> result = func(*args,**kwargs)
>>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
>>>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI Error:
>>>> Unspecified GSS failure.  Minor code may provide more information (No key
>>>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)',
>>>> 'desc': 'Invalid credentials'}
>>>>
>>>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif from.
>>>> DNS and logins to the webinterface on this host are still not working.
>>>>
>>>> What can I do to get this replica in working order again?



From t.ruiten at rdmedia.com  Fri Aug 19 14:13:27 2016
From: t.ruiten at rdmedia.com (Tiemen Ruiten)
Date: Fri, 19 Aug 2016 16:13:27 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
In-Reply-To: <37014e9b-d17a-7061-a9d5-555704019fe4@redhat.com>
References: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
	<CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>
	<CAAegNz3tM-MWfzdBGCsqLBkAL8UqcXFxJ58YENHPfzzk-fA+Og@mail.gmail.com>
	<CAAegNz3qaLC+=cWbqcbAz0ATtTfBTwSwgRK8ybbeuo=6HeHWyw@mail.gmail.com>
	<37014e9b-d17a-7061-a9d5-555704019fe4@redhat.com>
Message-ID: <CAAegNz0ubHo2KCBg_579zmWy=G1+vu3kazGhXQgBo-CjB7-42w@mail.gmail.com>

I did actually use a local dse.ldif in the end, but I forgot to stop dirsrv
while replacing it, so maybe the nsslapd-localhost line got updated by the
running dirsrv?

On 19 August 2016 at 15:59, Petr Spacek <pspacek at redhat.com> wrote:

> On 19.8.2016 15:26, Tiemen Ruiten wrote:
> > Managed to fix it: had to stop dirsrv at IPA-RDMEDIA-COM and put the
> server's
> > hostname on the line with nsslapd-localhost
>
> Uh, this is quite brutal. There might be some other server-specific
> options.
>
> If you can dig up older dse.ldif from the same server, I would rather
> restore
> that version. You never know what will silently break.
>
> Petr^2 Spacek
>
> >
> > Then run ipa-replica-manage re-initialize --from
> > other-master.ipa.rdmedia.com
> >
> > On 19 August 2016 at 12:14, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
> >
> >> I see lots of messages /var/log/dirsrv/slapd-IPA-RDMEDIA-COM/errors,
> >> looks definitely like an issue with dirsrv.
> >>
> >> On 19 August 2016 at 11:43, Tiemen Ruiten <t.ruiten at rdmedia.com> wrote:
> >>
> >>> I see I didn't use the right terminology: all four of my FreeIPA
> servers
> >>> are masters.
> >>>
> >>> On 19 August 2016 at 11:36, Tiemen Ruiten <t.ruiten at rdmedia.com>
> wrote:
> >>>
> >>>> Hello,
> >>>>
> >>>> I need some help getting one of my replica's to work. Assistance would
> >>>> be much appreciated.
> >>>>
> >>>> After the iSCSI volumes of two replicas of were briefly unavailable,
> on
> >>>> one of them DNS and LDAP stopped working and replication seems to have
> >>>> stopped. The ipa service failed with a message that an upgrade was
> >>>> required, so I ran ipa-server-upgrade, but it failed due to an empty
> >>>> dse.ldif.
> >>>>
> >>>> Then I probably made a mistake by copying a dse.ldif from another
> >>>> replica and trying to run the upgrade. It worked more or less, but DNS
> >>>> still didn't work.
> >>>>
> >>>> Next I replaced it with an older backup file (from Aug 4) ran the
> >>>> upgrade command again and after some fiddling all services started
> >>>> normally, except ipa-dnskeysyncd:
> >>>>
> >>>> journalctl -u ipa-dnskeysyncd
> >>>>
> >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]:
> >>>> ipa-dnskeysyncd.service holdoff time over, scheduling restart.
> >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Started IPA
> key
> >>>> daemon.
> >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com systemd[1]: Starting IPA
> key
> >>>> daemon...
> >>>> Aug 19 11:28:52 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> ipa:
> >>>> WARNING: session memcached servers not running
> >>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
> >>>>       : INFO     LDAP bind...
> >>>> Aug 19 11:28:53 promethium.ipa.rdmedia.com python2[3756]: GSSAPI
> client
> >>>> step 1
> >>>> Aug 19 11:28:54 promethium.ipa.rdmedia.com python2[3756]: GSSAPI
> client
> >>>> step 1
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]: ipa
> >>>>       : ERROR    Login to LDAP server failed: {'info': 'SASL(-1):
> generic
> >>>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may
> provide
> >>>> more information (No key table entry found matching
> >>>> ldap/praseodymium.ipa.rdmedia.com@)', 'desc': 'Invalid credentials'}
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> >>>> Traceback (most recent call last):
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> File
> >>>> "/usr/libexec/ipa/ipa-dnskeysyncd", line 92, in <module>
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> >>>> ldap_connection.sasl_interactive_bind_s("", ipaldap.SASL_GSSAPI)
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> File
> >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 850, in
> >>>> sasl_interactive_bind_s
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> res =
> >>>> self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_
> >>>> s,*args,**kwargs)
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> File
> >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 818, in
> >>>> _apply_method_s
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> >>>> return func(self,*args,**kwargs)
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> File
> >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 229, in
> >>>> sasl_interactive_bind_s
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> >>>> return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,Req
> >>>> uestControlTuples(serverctrls),RequestControlTuples(clientct
> >>>> rls),sasl_flags)
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> File
> >>>> "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, in
> >>>> _ldap_call
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> >>>> result = func(*args,**kwargs)
> >>>> Aug 19 11:28:55 promethium.ipa.rdmedia.com ipa-dnskeysyncd[3756]:
> >>>> INVALID_CREDENTIALS: {'info': 'SASL(-1): generic failure: GSSAPI
> Error:
> >>>> Unspecified GSS failure.  Minor code may provide more information (No
> key
> >>>> table entry found matching ldap/praseodymium.ipa.rdmedia.com@)',
> >>>> 'desc': 'Invalid credentials'}
> >>>>
> >>>> praseodymium.ipa.rdmedia.com is the replica I copied the dse.ldif
> from.
> >>>> DNS and logins to the webinterface on this host are still not working.
> >>>>
> >>>> What can I do to get this replica in working order again?
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/9da92d53/attachment.htm>

From pspacek at redhat.com  Fri Aug 19 14:23:50 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 19 Aug 2016 16:23:50 +0200
Subject: [Freeipa-users] dns/ldap failing after temporary storage problem
In-Reply-To: <CAAegNz0ubHo2KCBg_579zmWy=G1+vu3kazGhXQgBo-CjB7-42w@mail.gmail.com>
References: <CAAegNz1NykNSmS3oDo49EJrdEz=75iXcJS3wmWESrOqWLhc4sw@mail.gmail.com>
	<CAAegNz25NZo02v-uh4QNwoxTXsJeX_j7ZvjRNKLSBVDoqzmXRg@mail.gmail.com>
	<CAAegNz3tM-MWfzdBGCsqLBkAL8UqcXFxJ58YENHPfzzk-fA+Og@mail.gmail.com>
	<CAAegNz3qaLC+=cWbqcbAz0ATtTfBTwSwgRK8ybbeuo=6HeHWyw@mail.gmail.com>
	<37014e9b-d17a-7061-a9d5-555704019fe4@redhat.com>
	<CAAegNz0ubHo2KCBg_579zmWy=G1+vu3kazGhXQgBo-CjB7-42w@mail.gmail.com>
Message-ID: <11dc091f-2cb6-c853-47da-de7a1407a35a@redhat.com>

On 19.8.2016 16:13, Tiemen Ruiten wrote:
> I did actually use a local dse.ldif in the end, but I forgot to stop dirsrv
> while replacing it, so maybe the nsslapd-localhost line got updated by the
> running dirsrv?

Yes, that is possible. dirsrv can write to dse.ldif at run-time.

> 
> On 19 August 2016 at 15:59, Petr Spacek <pspacek at redhat.com> wrote:
> 
>> On 19.8.2016 15:26, Tiemen Ruiten wrote:
>>> Managed to fix it: had to stop dirsrv at IPA-RDMEDIA-COM and put the
>> server's
>>> hostname on the line with nsslapd-localhost
>>
>> Uh, this is quite brutal. There might be some other server-specific
>> options.
>>
>> If you can dig up older dse.ldif from the same server, I would rather
>> restore
>> that version. You never know what will silently break.
>>
>> Petr^2 Spacek
>>
>>>
>>> Then run ipa-replica-manage re-initialize --from
>>> other-master.ipa.rdmedia.com



From jhrozek at redhat.com  Fri Aug 19 14:37:35 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 19 Aug 2016 16:37:35 +0200
Subject: [Freeipa-users] Announcing SSSD 1.14.1
Message-ID: <20160819143735.pf4h226gl65ffr2r@hendrix>

		     === SSSD 1.14.1 ===

The SSSD team is proud to announce the release of version 1.14.1 of
the System Security Services Daemon.

As always, the source is available from https://fedorahosted.org/sssd

RPM packages will be made available for Fedora shortly.

== Feedback ==
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

== Highlights ==
 * The IPA provider now supports logins with enterprise principals (also
   known as additional UPN suffixes). This functionality also enabled Active
   Directory users from trusted AD domains who use an additional UPN suffix
   to log in. Please note that this feature requires a recent IPA server.
 * When a user name is overriden in an IPA domain, resolving a group these
   users are a member of now returns the overriden user names
 * Users can be looked up by and log in with their e-mail address as an
   identifier. In order to do so, an attribute that represents the user's
   e-mail address is fetched by default. This attribute can by customized
   by setting the ldap_user_email configuration option.
 * A new ad_enabled_domains option was added. This option lets the
   administrator select domains that SSSD should attempt to reach in the
   AD forest SSSD is joined to. This option is useful for deployments where
   not all domains are reachable on the network level, yet the administrator
   needs to access some trusted domains and therefore disabling the subdomains
   provider completely is not desirable.
 * The sssctl tool has two new commands active-server and servers that
   allow the administrator to observe the server that SSSD is bound to and
   the servers that SSSD autodiscovered
 * SSSD used to fail to start when an attribute name is present in both
   the default SSSD attribute map and the custom ldap_user_extra_attrs map
 * GPO policy procesing no longer fails if the gPCMachineExtensionNames
   attribute only contains whitespaces
 * Several commits fix regressions related to switching all user and group
   names to fully qualified format, such as running initgroups for a user
   who is only a member of a primary group
 * Several patches fix regressions caused by splitting the database into
   two ldb files, such as when user attributes change without increasing
   the modifyTimestamp attribute value
 * systemd unit files are now shipped for the sssd-secrets responder,
   allowing the responder to be socket-activated. To do so, administrators
   should enable the sssd-secrets.socket and sssd-secrets.service systemd
   units.
 * The sssd binary has a new switch --disable-netlink that lets sssd skip
   messages from the kernel's netlink interface.
 * A crash when entries with special characters such as '(' were requested
   was fixed
 * The ldap_rfc_2307_fallback_to_local_users option was broken in the
   previous version. This release fixes the functionality.

== Packaging Changes ==
 * The NFS ID-mapping plugin was moved to its own subpackage 

== Documentation Changes ==
 * A new option ad_enabled_domains was added
 * A new LDAP attribute mapping for e-mail addresses called ldap_user_email
   was added

== Tickets Fixed ==
https://fedorahosted.org/sssd/ticket/2789
    Warn if ad_server contains IP address
https://fedorahosted.org/sssd/ticket/2828
    Add an option to disable checking for trusted domains in the subdomains provider
https://fedorahosted.org/sssd/ticket/2856
    [RFE] Allow users to authenticate with alternative names
https://fedorahosted.org/sssd/ticket/2860
    Add support for disabling netlink use
https://fedorahosted.org/sssd/ticket/2948
    Handle overriden name of members in the memberUid attribute
https://fedorahosted.org/sssd/ticket/2958
    Support multiple principals for IPA users
https://fedorahosted.org/sssd/ticket/2978
    pid file name decalration is duplicated
https://fedorahosted.org/sssd/ticket/2987
    Improve information about krb5_keytab & ldap_krb5_keytab option in sssd man pages
https://fedorahosted.org/sssd/ticket/3009
    sssd fails to mark a connection as bad on searches that time out
https://fedorahosted.org/sssd/ticket/3018
    Detect of IPA server can handle enterprise principals
https://fedorahosted.org/sssd/ticket/3024
    sssd-common brings in nfs-utils
https://fedorahosted.org/sssd/ticket/3064
    incorrect dataExpireTimestamp setting in the timestamps cache
https://fedorahosted.org/sssd/ticket/3068
    fixes to the initial config schema implementation
https://fedorahosted.org/sssd/ticket/3069
    The sssctl tool should provide information about active and available servers
https://fedorahosted.org/sssd/ticket/3072
    task: Add a 1.14 upstream repo
https://fedorahosted.org/sssd/ticket/3077
    sssd does not work under non-root user
https://fedorahosted.org/sssd/ticket/3084
    DP: Don't pass empty string, but NULL to providers
https://fedorahosted.org/sssd/ticket/3086
    tools: sssctl config-check and sssctl cache ignore --help
https://fedorahosted.org/sssd/ticket/3087
    tools: make sssctl command names consistent
https://fedorahosted.org/sssd/ticket/3088
    Review and update SSSD's wiki pages for 1.14.1 release
https://fedorahosted.org/sssd/ticket/3089
    Error message "Failed to retrieve users" is sometimes misleading
https://fedorahosted.org/sssd/ticket/3090
    Don't print message about trust direction on clients
https://fedorahosted.org/sssd/ticket/3091
    remove DEBUG(SSSDBG_TRACE_INTERNAL, "Trace: ldap_result found nothing!\n");
https://fedorahosted.org/sssd/ticket/3093
    Missing nested groups in user groups
https://fedorahosted.org/sssd/ticket/3094
    SELINUX_getpeercon failed [-1][Unknown error -1].
https://fedorahosted.org/sssd/ticket/3096
    sssctl: Time stamps without time zone information
https://fedorahosted.org/sssd/ticket/3101
    sssd does not start if sub-domain user is used with simple access provider
https://fedorahosted.org/sssd/ticket/3109
    Wrong pam error code returned for password change in offline mode
https://fedorahosted.org/sssd/ticket/3110
    Access denied after activating user in 389ds
https://fedorahosted.org/sssd/ticket/3111
    sssd doesn't start on IPA client if IPA server VM is paused
https://fedorahosted.org/sssd/ticket/3120
    SSSD fails to start when ldap_user_extra_attrs contains mail
https://fedorahosted.org/sssd/ticket/3121
    [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11
https://fedorahosted.org/sssd/ticket/3122
    Do not check local users with disabled local_negative_timeout
https://fedorahosted.org/sssd/ticket/3130
    Better error message if sssctl is ran w/o activating the IFP responder
https://fedorahosted.org/sssd/ticket/3132
    check return value of sysdb_search_user_by_upn()

== Detailed Changelog ==
Dan Lavu (1):
    * MAN: Update description of sssctl 

Fabiano Fid?ncio (5):
    * sssctl: Use localtime for time stamps
    * RESPONDERS: Decrease debug level for failures in SELINUX_getpeercon()
    * RESPONDERS: Show a bit more info in case of SELINUX_getpeercon() failure
    * RESPONDERS: Pass errno to strerror() when SELINUX_getpeercon() fails
    * SDAP: Don't log an op failure when no users are found 

Jakub Hrozek (18):
    * Updating the version for the 1.14.1 release
    * FO: Set port to NOT_WORKING when trying a next server
    * LDAP: Fix storing initgroups for users with no supplementary groups
    * LDAP: Use FQDN when linking parent LDAP groups
    * SYSDB: Fix setting dataExpireTimestamp if sysdb is supposed to set the current time
    * PAM: Do not act on ldb_message in case of a failure
    * IPA: Check the return value of sss_parse_internal_fqname
    * SIMPLE: Do not parse names on startup
    * SIMPLE: Fail on any error parsing the access control list
    * SIMPLE: Make the DP handlers testable
    * TESTS: Use the DP handlers in simple provider tests, add more tests
    * CONFIG: full_name_format is an allowed option for all domains
    * CONFIG: re_expression is an allowed option for all domains
    * SPEC: Own the secrets DB path
    * UTIL: Use sss_atomic_read_s in generate_csprng_buffer
    * SECRETS: Use sss_atomic_read/write for better readability
    * BUILD: Ship systemd service file for sssd-secrets
    * Updating the translations for the 1.14.1 release 

Justin Stephenson (4):
    * Make resolv_is_address() function public and create some basic tests
    * Warn if IP address is used as option for ipa_server/ad_server
    * Monitor: Add support for disabling netlink
    * SSSCTL: More helpful error message when InfoPipe? is disabled 

Lukas Slebodnik (37):
    * sssctl: Fix error handling after memory allocation failure
    * sssctl: Fix format string for size_t
    * doxygen: Fix path to header file ipa_hbac.h
    * ipa_hbac: Fix documentation for hbac_enable_debug
    * sssctl: Fix warning maybe-uninitialized
    * nss-srv-tests: Fix prototype of wrapped ncache functions
    * TOOLS: Prevent dereference of null pointer
    * sysdb-tests: Fix cast from pointer to integer
    * SPEC: Move nfsidmap plugin to separate package
    * test_utils: Clean files after sss_write_krb5_conf_snippet
    * CI: Use /bin/sh as a CONFIG SHELL
    * SECRETS: Log message for failures with removing file
    * Amend debug messages after failure of unlink
    * SYSDB: Do not try to modify ts cache for unsupported DNs
    * SDAP: sanitize member name before using in filter
    * SDAP: sysdb_search_users does not set users_count for failures
    * SYSDB: Sanitize dn in sysdb_get_user_members_recursively
    * LDAP: Fix Dereference after NULL check
    * NSS: Do not check local users with disabled local_negative_timeout
    * config_schema: Add ldap_user_email to schema
    * intg: Make location of sssd nss module configurable
    * intg: Allow to test netgroups
    * NSS: Use correct name for invalidating memory cache
    * SYSDB: Avoid optimisation with modifyTimestamp for users
    * dyndns-tests: Fix false positive failures
    * LDAP: Log autofs rfc2307 config changes only with enabled responder
    * DP: Add log message for get account info
    * ds.py: Do not call teardown in destructor
    * test_local_domain: Restore correct env variable
    * intg: rename test with enumeration
    * test_enumeration: Remove test without enumeration
    * intg: create ldap test without enumeration
    * sssd_id.py: Primary group should be returned for initgroups
    * intg: Fix pep8 warnings
    * test_ldap: test nested membership with rfc2307bis
    * test_ldap: test resolving of names with special characters
    * intg: Test extra attributes duplicate 

Michal ?idek (13):
    * sssctl: config-check access check report
    * config: override_space is monitor's option
    * config: Fix user_attributes
    * config: Allow timeout for all sevices
    * config: Add config_file_version to schema
    * dyndns: Add checks for NULL
    * sdap: Fix ldap_rfc_2307_fallback_to_local_users
    * sss_ini: Change debug level of config error msgs
    * sssctl: Consistent commands naming
    * tools: Add missing gettext macro
    * sssctl: Generic help for cache-upgrade and config-check
    * gpo: gPCMachineExtensionNames with just whitespaces
    * sdap: Skip exact duplicates when extending maps 

Pavel B?ezina (17):
    * sssctl: move filter creation to separate function
    * sssctl: improve readability of a condition
    * DP: rename be_acct_req to dp_id_data
    * DP: Initialize D-Bus as soon as possible
    * utils: add remove_subtree
    * sssctl: use internal API to remove files
    * rdp: add ability to forward reply to the client request
    * sbus: add sbus_request_reply_error()
    * sbus: add utility function to simplify message and reply handling
    * sssctl: use talloc with sifp
    * failover: mark subdomain service with sd_ prefix
    * sssctl: print active server and server list
    * sifp: fix coverity warning
    * sbus: allow freeing msg through dbus api when using talloc
    * PROXY: Do not abuse data provider interface
    * DP: Remove old data provider interface
    * NSS: Remove unused functions 

Petr Cech (18):
    * SYSDB: Fixing DB update
    * PROVIDERS: Setting right {u,g}id if unprivileged
    * SYSDB: Removing of duplication of sysdb_ts_cache_attrs
    * test_utils: Fixing assignment discards 'const' qualifier
    * LDAP: Changing of confusing debug message
    * IPA: Changing of confusing debug message
    * Revert "LDAP: Lookup services by all protocols unless a protocol is specified"
    * PROVIDER: Conversion empty string from D-Bus to NULL
    * LDAP: Fixing wrong pam error code for passwd
    * UTILS: Fixing duplication of pid file declaration
    * AD_PROVIDER: Add ad_enabled_domains option
    * AD_PROVIDER: Initializing of ad_enabled_domains
    * AD_PROVIDER: ad_enabled_domains - only master
    * AD_PROVIDER: ad_enabled_domains - other then master
    * TESTS: Adding tests for ad_enabled_domains option
    * LDAP: Adding support for SIGTERM signal
    * LDAP: Adding SIGTERM signal before SIGKILL
    * LDAP: Adding SIGCHLD callback 

Sumit Bose (33):
    * views: allow override added for non-default views at runtime
    * IPA: read ipaNTAdditionalSuffixes for master and trusted domains
    * sysdb: add UPN suffix support for the master domain
    * sysdb: make subdomain calls aware of upn_suffixes
    * DP: add dp_get_module_data()
    * IPA: add ipa_init_get_krb5_auth_ctx()
    * IPA: enable enterprise principals if server supports them
    * IPA: fix [capaths] output
    * UTIL: make domain mapping content testable
    * tests: add tests for sss_get_domain_mappings_content()
    * AD: avoid memory leak in netlogon_get_domain_info() and make it public
    * AD: netlogon_get_domain_info() allow missing arguments and empty results
    * tests: add tests for netlogon_get_domain_info
    * AD: replace ad_get_client_site_parse_ndr() with netlogon_get_domain_info()
    * sysdb_master_domain_add_info: properly set do_update
    * IPA: make ipa_resolve_user_list_{send|recv} public and allow AD users
    * IPA: expand ghost members of AD groups in server-mode
    * sysdb: add sysdb_get_user_members_recursively()
    * views: properly override group member names
    * IPA: fix lookup by UPN for subdomains
    * LDAP: allow multiple user principals
    * LDAP: new attribute option ldap_user_email
    * sysdb: include email in UPN searches
    * LDAP: include email in UPN searches
    * NSS: add user email to fill_orig()
    * utils: add is_email_from_domain()
    * LDAP/IPA: add local email address to aliases
    * NSS: continue with UPN/email search if name was not found
    * PAM: continue with UPN/email search if name was not found
    * NSS: use different neg cache name for UPN searches
    * PAM: Fix domain for UPN based lookups
    * SDAP: add special handling for IPA Kerberos enterprise principal strings
    * SDAP: add enterprise principal strings for user searches 

Thorsten Scherf (1):
    * Fixed some typos in man pages 



From rakesh.rajasekharan at gmail.com  Fri Aug 19 17:32:06 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Fri, 19 Aug 2016 23:02:06 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
Message-ID: <CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>

I am running my set up on AWS cloud, and entropy is low at around 180 .

I plan to increase it bu installing haveged . But, would low entropy by any
chance cause this issue of intermittent hang .
Also, the hang is mostly observed when registering around 20 clients
together

On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
rakesh.rajasekharan at gmail.com> wrote:

> yes there seems to be something thats worrying.. I have faced this today
> as well.
> There are few hosts around 280 odd left and when i try adding them to IPA
> , the slowness begins..
>
> all the ipa commands like ipa user-find.. etc becomes very slow in
> responding.
>
> the SYNC_RECV are not many though just around 80-90 and today that was
> around 20 only
>
>
> I have for now increased tcp_max_syn_backlog to 5000.
> For now the slowness seems to have gone.. but I will do a try adding the
> clients again tomorrow and see how it goes
>
> Thanks
> Rakesh
>
> The issues
>
> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com> wrote:
>
>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>> > Hi
>> >
>> > I am migrating to freeipa from openldap and have around 4000 clients
>> >
>> > I had openned a another thread on that, but chose to start a new one
>> here
>> > as its a separate issue
>> >
>> > I was able to change the nssslapd-maxdescriptors adding an ldif file
>> >
>> > cat nsslapd-modify.ldif
>> > dn: cn=config
>> > changetype: modify
>> > replace: nsslapd-maxdescriptors
>> > nsslapd-maxdescriptors: 17000
>> >
>> > and running the ldapmodify command
>> >
>> > I have now started moving clients running an openldap to Freeipa and
>> have
>> > today moved close to 2000 clients
>> >
>> > However, I have noticed that IPA hangs intermittently.
>> >
>> > running a kinit admin returns the below error
>> > kinit: Generic error (see e-text) while getting initial credentials
>> >
>> > from the /var/log/messages, I see this entry
>> >
>> >  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
>> > Possible SYN flooding on port 88. Sending cookies.  Check SNMP counters.
>>
>> I would be worried about this message. Maybe kernel/firewall is doing
>> something fishy behind your back and blocking some connections or so.
>>
>> Petr^2 Spacek
>>
>>
>> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
>> > user root.
>> > Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
>> > user root.
>> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
>> > user root.
>> > Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
>> > user root.
>> > Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>> Invoked
>> > with creates=None executable=None shell=True args= removes=None
>> warn=True
>> > chdir=None
>> > Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
>> GSS
>> > failure.  Minor code may provide more information (KDC returned error
>> > string: PROCESS_TGS)
>> >
>> > Could it be possible that its due to the initial load of adding the
>> clients
>> > or is there something else that I need to take care of.
>> >
>> > Thanks,
>> >
>> > Rakesh
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/d9674138/attachment.htm>

From desantis at mail.usf.edu  Fri Aug 19 20:00:41 2016
From: desantis at mail.usf.edu (John Desantis)
Date: Fri, 19 Aug 2016 16:00:41 -0400
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <57B70723.8020702@redhat.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
	<CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
	<57B5C1A4.4070707@redhat.com>
	<CA+Bg6wcVbTdFfkVq53+Myde249Nmk_mEQfOXRFCMtC_VLqQCzQ@mail.gmail.com>
	<57B70723.8020702@redhat.com>
Message-ID: <CA+Bg6wcGaqvozkaasmtq5_22fFatS+4JtfqcvByzok5nnNSwLw@mail.gmail.com>

Ludwig,

> you still only grep the replication connection, but before being replicated
> the entry has to be added by some client connection, can you get all
> references to the entry ?
> the log snippet you provide shows also csns with tag=103, which indicate a
> MOD, are these MODs for the added entries ? or other mods ?

.....

I can't believe I did that!

Ok, so the logs have been rotated (I didn't think to adjust
logrotate..), so there aren't any logs to peruse for the case I've
presented so far.  However, I was able to reproduce the errors by
"bulk" deleting 39 DNS entries, and only the MASTER reported
"replica_generate_next_csn" entries.

Given the size of the logs, I think it would be pointless to do any
kind of sanitization.  I'll go ahead and gzip them for you and email
you off-list.

I've labeled them as MASTER and REPLICA.

John DeSantis


2016-08-19 9:18 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>
> On 08/18/2016 05:28 PM, John Desantis wrote:
>>
>> Ludwig,
>>
>>> unfortunately this is not enough to determine what is going on. The
>>> intersting generated/used csn is only logged in the
>>> corresponding RESULT message and these are only the replication
>>> connections,
>>> it would be necessary to see the
>>> original ADD operation, was it added once or twice by a client ?
>>> you could pick one entry eg server-6-3-sp and grep for all references in
>>> the
>>> access logs of both servers  (maybe there are mods as well) and then
>>> get also get the RESULT line for the ops found
>>
>> Here are the updated log snippets looking for ADD and RESULT:
>
> you still only grep the replication connection, but before being replicated
> the entry has to be added by some client connection, can you get all
> references to the entry ?
> the log snippet you provide shows also csns with tag=103, which indicate a
> MOD, are these MODs for the added entries ? or other mods ?
>
>>
>> PROD:11:20:13-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*(RESULT|ADD)' access.2016081*
>> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4139
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4140
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4141
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4142
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>> ADD
>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000300040000
>> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4144
>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bb000400040000
>> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4145
>> RESULT err=0 tag=103 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4146
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4147
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>> ADD
>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000800040000
>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4149
>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bc000100040000
>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4150
>> RESULT err=0 tag=103 nentries=0 etime=0
>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>> ADD
>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4c1000500040000
>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4152
>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c1000600040000
>>
>> PROD:11:19:54-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*(RESULT|ADD)' access.2016081*
>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4148
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4149
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4150
>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4b9000500160000
>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>> ADD
>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>> RESULT err=0 tag=105 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:44 -0400] conn=1395 op=4152
>> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4bc000000160000
>> access.20160817-111940:[17/Aug/2016:13:50:46 -0400] conn=1395 op=4153
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4154
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4155
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4156
>> RESULT err=0 tag=120 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:48 -0400] conn=1395 op=4157
>> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4c1000100160000
>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>> ADD
>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>> RESULT err=0 tag=105 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4159
>> RESULT err=0 tag=103 nentries=0 etime=0
>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4160
>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c3000000160000
>>
>> I'm positive that I was the only one performing DNS updates during
>> this time, and I was only using 1 console.
>>
>> Thanks,
>> John DeSantis
>>
>>
>> 2016-08-18 10:09 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>
>>> On 08/18/2016 03:15 PM, John Desantis wrote:
>>>>
>>>> Ludwig,
>>>>
>>>> Thank you for your response!
>>>>
>>>>> This is a normal scenario, but you could check if the simultaneous
>>>>> updates
>>>>> on 4 and 16 are intentional.
>>>>
>>>> In regards to the simultaneous updates, the only items I have noted so
>>>> far
>>>> are:
>>>>
>>>> *  The time sync between the master (4) and replica (16) was off by
>>>> about 1-2 seconds, with the latter being ahead;
>>>
>>> yes, this happens, but the replication protocol tries to handle this, in
>>> a
>>> replication session the supplier and consumer
>>> exchange their ruvs and if the time differs the csn state generator is
>>> updated with a local or remote offset so that the
>>> generated time is always based on the most advanced clock - on all
>>> servers.
>>> And even if you adjust the system time, the csn
>>> time will never go back.
>>>>
>>>> *  There are continual log entries referencing
>>>> "replication-multimaster-extop" and "Netscape Replication End Session"
>>>> in the dirsrv "access" logs, and during one of the manifestations of
>>>> "replica_generate_next_csn", I found this:
>>>>
>>>> PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>
>>>> PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
>>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>
>>>> It looks like the entries for server-6-3-sp and 6-5-sp were referenced
>>>> twice.  Do you think that the time being off by 1-2 seconds between
>>>> the master and replica could be the issue?  The connection 602 is the
>>>> replication between the replica and master, and the connection 1395 is
>>>> the replication between the master and replica.
>>>
>>> unfortunately this is not enough to determine what is going on. The
>>> intersting generated/used csn is only logged in the
>>> corresponding RESULT message and these are only the replication
>>> connections,
>>> it would be necessary to see the
>>> original ADD operation, was it added once or twice by a client ?
>>> you could pick one entry eg server-6-3-sp and grep for all references in
>>> the
>>> access logs of both servers  (maybe there are mods as well) and then
>>> get also get the RESULT line for the ops found
>>>>
>>>>
>>>> Since I know these operations were performed using the console via a
>>>> for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
>>>> --a-rec=10.250.12.$i' on one of our login nodes, do you think that
>>>> specifying an _srv_ record in the DOMAIN configuration with the
>>>> address of the master server, e.g.: ipa_server = _srv_,
>>>> MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?
>>>>
>>>> I know that these questions are probably leaning more towards the
>>>> 389ds team, so feel free to pass me over to them if need be.
>>>
>>> I think I can address the ds related questions, but I don't know about
>>> console and dns to assess if the behaviour is normal
>>>
>>>> Again, thank you very much for responding!
>>>>
>>>> John DeSantis
>>>>
>>>> 2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>>>
>>>>> On 08/17/2016 08:54 PM, John Desantis wrote:
>>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> We've been re-using old host names and IP addresses for a new
>>>>>> deployment of nodes, and recently I've been seeing the messages pasted
>>>>>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>>>>>
>>>>>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>>>>>> opcsn=57b475cf000100040000
>>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>>>>>> opcsn=57b47f00000300040000
>>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>>>>>> opcsn=57b47f00000500040000
>>>>>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>>>>>> opcsn=57b47f30000300040000
>>>>>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>>>>>> opcsn=57b4a4bc000100040000
>>>>>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>>>>>> opcsn=57b4a53f000100040000
>>>>>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>>>>>> opcsn=57b4a553000100040000
>>>>>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>>>>>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>>>>>> opcsn=57b4a564000100040000
>>>>>
>>>>> Each modification (add/del/mod) gets a csn assignged used in
>>>>> replication
>>>>> update resolution. And each assigned csn has to newer than an existing
>>>>> one.
>>>>> The messages you see is from code that double checks that the entry
>>>>> doesn't
>>>>> have already a lareg csn - and adjusts it.
>>>>> The logs indicate that entries are more or less concurrently updated on
>>>>> replica 4 and 16, and the updates from16 are received while processing
>>>>> the
>>>>> updates on 4.
>>>>> This is a normal scenario, but you could check if the simultaneous
>>>>> updates
>>>>> on 4 and 16 are intentional.
>>>>>
>>>>>> They seem to only occur when updating DNS entries, whether on the
>>>>>> console or via the GUI (tail -f'ing the log).
>>>>>>
>>>>>> A search in this mailing-list returns nothing, but a message is found
>>>>>> on the 389-ds list [1];  it seems to suggest that the messages aren't
>>>>>> fatal and are purely informational, yet if they are occurring
>>>>>> constantly that there could be a problem with the replication
>>>>>> algorithm and/or deployment.
>>>>>>
>>>>>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
>>>>>> changed on the deployment side of things, and I don't recall seeing
>>>>>> this message before.
>>>>>>
>>>>>> I'm wondering if it's safe to disregard these messages due to the
>>>>>> re-use of the entries, or if something else should be looked into.
>>>>>>
>>>>>> Thank you,
>>>>>> John DeSantis
>>>>>>
>>>>>> [1] https://fedorahosted.org/389/ticket/47959
>>>>>>
>>>>> --
>>>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>> O'Neill,
>>>>> Eric Shander
>>>>>
>>>>> --
>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>> --
>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>>> Eric Shander
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>
>
> --
> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
> Eric Shander
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From william.muriithi at gmail.com  Mon Aug 22 01:42:22 2016
From: william.muriithi at gmail.com (William Muriithi)
Date: Sun, 21 Aug 2016 21:42:22 -0400
Subject: [Freeipa-users] Very slow enrolment process
Message-ID: <CAE9rU+6dcFgxQXTRACOYJhDXPmAuYEx=8vt0JnMUp-uFNvFiQw@mail.gmail.com>

Hello,

I have systems that were previously using openLDAP and plan to migrate
them to freeIPA.  I have a problem I have been struggling with since
Thursday.  The client take 10 to 15 minutes to finish the enrolment
process.

I can't find anything in the logs, have disabled nscd, the DNS and
hostname is set up write and nothing on the message logs point me to
the problem.  Have put se-linux to permissive and done all the basic
checks I can think of.

Its always stalling at this point. What usually happen after the end
of the log below?

---

2016-08-22T01:12:07Z INFO Synchronizing time with KDC...

2016-08-22T01:12:07Z DEBUG Search DNS for SRV record of
_ntp._udp.eng.example.com.

2016-08-22T01:12:07Z DEBUG DNS record found:
DNSResult::name:_ntp._udp.eng.example.com.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:hydrogen.eng.example.com.}

2016-08-22T01:12:08Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
hydrogen.eng.example.com

2016-08-22T01:12:08Z DEBUG stdout=

2016-08-22T01:12:08Z DEBUG stderr=

2016-08-22T01:12:08Z DEBUG Writing Kerberos configuration to /tmp/tmpYLpzuV:

2016-08-22T01:12:08Z DEBUG #File modified by ipa-client-install


includedir /var/lib/sss/pubconf/krb5.include.d/


[libdefaults]

  default_realm = ENG.EXAMPLE.COM

  dns_lookup_realm = false

  dns_lookup_kdc = false

  rdns = false

  ticket_lifetime = 24h

  forwardable = yes

  udp_preference_limit = 0



[realms]

  ENG.EXAMPLE.COM = {

    kdc = hydrogen.eng.example.com:88

    master_kdc = hydrogen.eng.example.com:88

    admin_server = hydrogen.eng.example.com:749

    default_domain = eng.example.com

    pkinit_anchors = FILE:/etc/ipa/ca.crt


  }



[domain_realm]

  .eng.example.com = ENG.EXAMPLE.COM

  eng.example.com = ENG.EXAMPLE.COM

Regards,

William



From pspacek at redhat.com  Mon Aug 22 06:11:59 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 22 Aug 2016 08:11:59 +0200
Subject: [Freeipa-users] Very slow enrolment process
In-Reply-To: <CAE9rU+6dcFgxQXTRACOYJhDXPmAuYEx=8vt0JnMUp-uFNvFiQw@mail.gmail.com>
References: <CAE9rU+6dcFgxQXTRACOYJhDXPmAuYEx=8vt0JnMUp-uFNvFiQw@mail.gmail.com>
Message-ID: <2c306f4b-6c3d-f464-14d5-8c443439fd5d@redhat.com>

On 22.8.2016 03:42, William Muriithi wrote:
> Hello,
> 
> I have systems that were previously using openLDAP and plan to migrate
> them to freeIPA.  I have a problem I have been struggling with since
> Thursday.  The client take 10 to 15 minutes to finish the enrolment
> process.
> 
> I can't find anything in the logs, have disabled nscd, the DNS and
> hostname is set up write and nothing on the message logs point me to
> the problem.  Have put se-linux to permissive and done all the basic
> checks I can think of.
> 
> Its always stalling at this point. What usually happen after the end
> of the log below?
> 
> ---
> 
> 2016-08-22T01:12:07Z INFO Synchronizing time with KDC...
> 
> 2016-08-22T01:12:07Z DEBUG Search DNS for SRV record of
> _ntp._udp.eng.example.com.
> 
> 2016-08-22T01:12:07Z DEBUG DNS record found:
> DNSResult::name:_ntp._udp.eng.example.com.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:hydrogen.eng.example.com.}
> 
> 2016-08-22T01:12:08Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
> hydrogen.eng.example.com
> 
> 2016-08-22T01:12:08Z DEBUG stdout=
> 
> 2016-08-22T01:12:08Z DEBUG stderr=
> 
> 2016-08-22T01:12:08Z DEBUG Writing Kerberos configuration to /tmp/tmpYLpzuV:
> 
> 2016-08-22T01:12:08Z DEBUG #File modified by ipa-client-install
> 
> 
> includedir /var/lib/sss/pubconf/krb5.include.d/
> 
> 
> [libdefaults]
> 
>   default_realm = ENG.EXAMPLE.COM
> 
>   dns_lookup_realm = false
> 
>   dns_lookup_kdc = false
> 
>   rdns = false
> 
>   ticket_lifetime = 24h
> 
>   forwardable = yes
> 
>   udp_preference_limit = 0
> 
> 
> 
> [realms]
> 
>   ENG.EXAMPLE.COM = {
> 
>     kdc = hydrogen.eng.example.com:88
> 
>     master_kdc = hydrogen.eng.example.com:88
> 
>     admin_server = hydrogen.eng.example.com:749
> 
>     default_domain = eng.example.com
> 
>     pkinit_anchors = FILE:/etc/ipa/ca.crt
> 
> 
>   }
> 
> 
> 
> [domain_realm]
> 
>   .eng.example.com = ENG.EXAMPLE.COM
> 
>   eng.example.com = ENG.EXAMPLE.COM


This is interesting. This output is printed right before calling ipa-join
command so you should see follow-up line "Starting external process".

Is it somewhere in the file?

I cannot imagine where it could hang between write to the krb5.conf file and
starting ipa-join command...

-- 
Petr^2 Spacek



From dkowis+freeipa at shrlm.org  Sat Aug 20 01:38:42 2016
From: dkowis+freeipa at shrlm.org (David Kowis)
Date: Fri, 19 Aug 2016 20:38:42 -0500
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <20160817035105.bkropnfwyzid6bli@redhat.com>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
	<57B266CA.5000906@redhat.com>
	<5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>
	<34943a38-4392-3d96-d376-0da89e3f639e@shlrm.org>
	<20160817035105.bkropnfwyzid6bli@redhat.com>
Message-ID: <69625f61-4304-2a35-69bb-ea749e08dc31@shlrm.org>

On 08/16/2016 10:51 PM, Alexander Bokovoy wrote:
> On Tue, 16 Aug 2016, David Kowis wrote:
>> On 08/15/2016 09:27 PM, David Kowis wrote:
>>> On 08/15/2016 08:05 PM, Rob Crittenden wrote:
>>>> David Kowis wrote:
>>>>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>>>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>>>>
>>>>>> In any case, you can check server logs or use tcpdump/wireshark and
>>>>>> see if the
>>>>>> error somes from LDAP server or if it is client side error.
>>>>>>
>>>>>> That would tell us where to focus.

I think I know what's going on, but not why it's going on:

https://bugs.launchpad.net/ubuntu/+source/389-ds-base/+bug/1088822
This bug lead me to wonder where the directory server was finding it's
GSSAPI modules.

For some reason dirsrv is looking in /usr/lib/sasl2 for it's sasl
modules, when they're actually installed in /usr/lib/i386-linux-gnu/sasl2

A symlink:
ln -s /usr/lib/i386-linux-gnu/sasl2 /usr/lib/sasl2


and then suddenly:
ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: SCRAM-SHA-1
supportedSASLMechanisms: GS2-IAKERB
supportedSASLMechanisms: GS2-KRB5
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

Should I file a new bug with ubuntu? Did I find some weird i386 only bug
that should've been fixed?

Thanks,
David Kowis

PS: sorry if this is a repost, I sent it before, but it doesn't seem to
be showing up on the list...

>>>>>>
>>>>>
>>>>> Welp, I've got a pile of logs for you:
>>>>> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>>>>>
>>>>> The last few lines are probably the relevant ones.
>>>>>
>>>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
>>>>> version=3 mech=GSSAPI
>>>>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
>>>>> nentries=0 etime=0
>>>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
>>>>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>>>>>
>>>>>
>>>>> Something tries to bind with no dn, and then fails.... I think?
>>>>
>>>> No this is typical logging for GSSAPI (minus the error).
>>>>
>>>> The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
>>>> SASL GSSAPI package installed? In Fedora the package is
>>>> cyrus-sasl-gssapi.
>>>>
>>
>> Still trying to figure stuff out:
>>
>> root at freeipavm:/var/log/dirsrv/slapd-DARK-KOW-IS# ldapsearch -h
>> localhost -p 389 -x -b "" -s base -LLL SupportedSASLMechanisms
>> dn:
>> SupportedSASLMechanisms: EXTERNAL
>>
>>
>> Should I have more than just EXTERNAL when this happens? How do I debug
>> more about what SASL authentication stuff should be there? I'm having a
>> great deal of difficulty finding documentation for the 389 directory
>> server's SASL configuration. *If* that's even the place I should be
>> looking. How can I narrow this down more?
> 389-ds does dynamically include all supported SASL mechanisms returned
> by CyrusSASL library. If you only get EXTERNAL, it means NO mechanisms
> were returned by your system SASL library. The attribute
> SupportedSASLMechanisms you see in the rootdse query above is read-only:
> it only shows which SASL mechanisms 389-ds knows about but you cannot
> influence them via this attribute. You need to look at your CyrusSASL
> library system configuration.
>
> What does 'pluginviewer' output show? Here is what Fedora 24 reports
> when following packages are installed:
> cyrus-sasl-2.1.26-26.2.fc24.x86_64
> cyrus-sasl-md5-2.1.26-26.2.fc24.x86_64
> cyrus-sasl-plain-2.1.26-26.2.fc24.x86_64
> cyrus-sasl-gssapi-2.1.26-26.2.fc24.x86_64
> cyrus-sasl-lib-2.1.26-26.2.fc24.x86_64
>
> # pluginviewer Installed and properly configured auxprop mechanisms are:
> sasldb
> List of auxprop plugins follows
> Plugin "sasldb" ,     API version: 8
>     supports store: yes
>
> Installed and properly configured SASL (server side) mechanisms are:
>  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 LOGIN PLAIN ANONYMOUS
> Available SASL (server side) mechanisms matching your criteria are:
>  GSS-SPNEGO GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN ANONYMOUS
> List of server plugins follows
> Plugin "gssapiv2" [loaded],     API version: 4
>     SASL mechanism: GSS-SPNEGO, best SSF: 56, supports setpass: no
>     security flags:
> NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
>     features:
> WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD|SUPPORTS_HTTP
> Plugin "gssapiv2" [loaded],     API version: 4
>     SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
>     security flags:
> NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
>     features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|DONTUSE_USERPASSWD
> Plugin "digestmd5" [loaded],     API version: 4
>     SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
>     security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>     features: PROXY_AUTHENTICATION|SUPPORTS_HTTP
> Plugin "crammd5" [loaded],     API version: 4
>     SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
>     security flags: NO_ANONYMOUS|NO_PLAINTEXT
>     features: SERVER_FIRST
> Plugin "login" [loaded],     API version: 4
>     SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
>     security flags: NO_ANONYMOUS|PASS_CREDENTIALS
>     features:
> Plugin "plain" [loaded],     API version: 4
>     SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
>     security flags: NO_ANONYMOUS|PASS_CREDENTIALS
>     features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded],     API version: 4
>     SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
>     security flags: NO_PLAINTEXT
>     features: WANT_CLIENT_FIRST|DONTUSE_USERPASSWD
> Installed and properly configured SASL (client side) mechanisms are:
>  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 LOGIN PLAIN ANONYMOUS
> Available SASL (client side) mechanisms matching your criteria are:
>  GSS-SPNEGO GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 LOGIN PLAIN ANONYMOUS
> List of client plugins follows
> Plugin "gssapiv2" [loaded],     API version: 4
>     SASL mechanism: GSS-SPNEGO, best SSF: 56
>     security flags:
> NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
>     features:
> WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
> Plugin "gssapiv2" [loaded],     API version: 4
>     SASL mechanism: GSSAPI, best SSF: 56
>     security flags:
> NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
>     features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION|NEED_SERVER_FQDN
> Plugin "digestmd5" [loaded],     API version: 4
>     SASL mechanism: DIGEST-MD5, best SSF: 128
>     security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>     features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN|SUPPORTS_HTTP
> Plugin "EXTERNAL" [loaded],     API version: 4
>     SASL mechanism: EXTERNAL, best SSF: 0
>     security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
>     features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "crammd5" [loaded],     API version: 4
>     SASL mechanism: CRAM-MD5, best SSF: 0
>     security flags: NO_ANONYMOUS|NO_PLAINTEXT
>     features: SERVER_FIRST
> Plugin "login" [loaded],     API version: 4
>     SASL mechanism: LOGIN, best SSF: 0
>     security flags: NO_ANONYMOUS|PASS_CREDENTIALS
>     features: SERVER_FIRST
> Plugin "plain" [loaded],     API version: 4
>     SASL mechanism: PLAIN, best SSF: 0
>     security flags: NO_ANONYMOUS|PASS_CREDENTIALS
>     features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded],     API version: 4
>     SASL mechanism: ANONYMOUS, best SSF: 0
>     security flags: NO_PLAINTEXT
>     features: WANT_CLIENT_FIRST
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160819/8d2e6427/attachment.sig>

From abokovoy at redhat.com  Mon Aug 22 07:46:25 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 22 Aug 2016 10:46:25 +0300
Subject: [Freeipa-users] Unable to set up freeIPA on a fresh ubuntu
 16.04.1 install
In-Reply-To: <69625f61-4304-2a35-69bb-ea749e08dc31@shlrm.org>
References: <f99754ba-8af4-ab96-dbad-682af90abf8a@shlrm.org>
	<2aead5a7-6c2a-18f2-e082-28c7bb79f384@shlrm.org>
	<fd579323-1bdb-aeae-be54-727bffe3e2e3@shlrm.org>
	<bfc0cfa5-485d-bd3b-d641-01d7b7640507@redhat.com>
	<657121f5-2ce2-f2f7-1c7e-9da6a5e5d5a2@shlrm.org>
	<57B266CA.5000906@redhat.com>
	<5da4f0ee-3d14-7b33-2a96-afbf9a88a117@shlrm.org>
	<34943a38-4392-3d96-d376-0da89e3f639e@shlrm.org>
	<20160817035105.bkropnfwyzid6bli@redhat.com>
	<69625f61-4304-2a35-69bb-ea749e08dc31@shlrm.org>
Message-ID: <20160822074625.g6h3pid33rf7drdh@redhat.com>

On Fri, 19 Aug 2016, David Kowis wrote:
>On 08/16/2016 10:51 PM, Alexander Bokovoy wrote:
>> On Tue, 16 Aug 2016, David Kowis wrote:
>>> On 08/15/2016 09:27 PM, David Kowis wrote:
>>>> On 08/15/2016 08:05 PM, Rob Crittenden wrote:
>>>>> David Kowis wrote:
>>>>>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>>>>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>>>>>
>>>>>>> In any case, you can check server logs or use tcpdump/wireshark and
>>>>>>> see if the
>>>>>>> error somes from LDAP server or if it is client side error.
>>>>>>>
>>>>>>> That would tell us where to focus.
>
>I think I know what's going on, but not why it's going on:
>
>https://bugs.launchpad.net/ubuntu/+source/389-ds-base/+bug/1088822
>This bug lead me to wonder where the directory server was finding it's
>GSSAPI modules.
>
>For some reason dirsrv is looking in /usr/lib/sasl2 for it's sasl
>modules, when they're actually installed in /usr/lib/i386-linux-gnu/sasl2
>
>A symlink:
>ln -s /usr/lib/i386-linux-gnu/sasl2 /usr/lib/sasl2
>
>
>and then suddenly:
>ldapsearch -h localhost -p 389 -x -b "" -s base -LLL supportedSASLMechanisms
>dn:
>supportedSASLMechanisms: EXTERNAL
>supportedSASLMechanisms: SCRAM-SHA-1
>supportedSASLMechanisms: GS2-IAKERB
>supportedSASLMechanisms: GS2-KRB5
>supportedSASLMechanisms: GSSAPI
>supportedSASLMechanisms: GSS-SPNEGO
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: CRAM-MD5
>supportedSASLMechanisms: NTLM
>supportedSASLMechanisms: PLAIN
>supportedSASLMechanisms: LOGIN
>supportedSASLMechanisms: ANONYMOUS
>
>Should I file a new bug with ubuntu? Did I find some weird i386 only bug
>that should've been fixed?
Please file a bug against CyrusSASL in Ubuntu because it is library's
duty to handle own modules -- while it provides sasl_set_path() to
application to define where to load modules from, the defaults should be
set reasonably. 389-ds does not use sasl_set_path().


-- 
/ Alexander Bokovoy



From pspacek at redhat.com  Mon Aug 22 08:57:19 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Mon, 22 Aug 2016 10:57:19 +0200
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
Message-ID: <7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>

On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
> I am running my set up on AWS cloud, and entropy is low at around 180 .
> 
> I plan to increase it bu installing haveged . But, would low entropy by any
> chance cause this issue of intermittent hang .
> Also, the hang is mostly observed when registering around 20 clients
> together

Possibly, I'm not sure. If you want to dig into this, I would do this:
1. look what process hangs on client (using pstree command or so)
$ pstree

2. look to what server and port is the hanging client connected to
$ lsof -p <PID of the hanging process>

3. jump to server and see what process is bound to the target port
$ netstat -pn

4. see where the process if hanging
$ strace -p <PID of the hanging process>

I hope it helps.

Petr^2 Spacek

> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
> rakesh.rajasekharan at gmail.com> wrote:
> 
>> yes there seems to be something thats worrying.. I have faced this today
>> as well.
>> There are few hosts around 280 odd left and when i try adding them to IPA
>> , the slowness begins..
>>
>> all the ipa commands like ipa user-find.. etc becomes very slow in
>> responding.
>>
>> the SYNC_RECV are not many though just around 80-90 and today that was
>> around 20 only
>>
>>
>> I have for now increased tcp_max_syn_backlog to 5000.
>> For now the slowness seems to have gone.. but I will do a try adding the
>> clients again tomorrow and see how it goes
>>
>> Thanks
>> Rakesh
>>
>> The issues
>>
>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com> wrote:
>>
>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>>> Hi
>>>>
>>>> I am migrating to freeipa from openldap and have around 4000 clients
>>>>
>>>> I had openned a another thread on that, but chose to start a new one
>>> here
>>>> as its a separate issue
>>>>
>>>> I was able to change the nssslapd-maxdescriptors adding an ldif file
>>>>
>>>> cat nsslapd-modify.ldif
>>>> dn: cn=config
>>>> changetype: modify
>>>> replace: nsslapd-maxdescriptors
>>>> nsslapd-maxdescriptors: 17000
>>>>
>>>> and running the ldapmodify command
>>>>
>>>> I have now started moving clients running an openldap to Freeipa and
>>> have
>>>> today moved close to 2000 clients
>>>>
>>>> However, I have noticed that IPA hangs intermittently.
>>>>
>>>> running a kinit admin returns the below error
>>>> kinit: Generic error (see e-text) while getting initial credentials
>>>>
>>>> from the /var/log/messages, I see this entry
>>>>
>>>>  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP counters.
>>>
>>> I would be worried about this message. Maybe kernel/firewall is doing
>>> something fishy behind your back and blocking some connections or so.
>>>
>>> Petr^2 Spacek
>>>
>>>
>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885 of
>>>> user root.
>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885 of
>>>> user root.
>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886 of
>>>> user root.
>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886 of
>>>> user root.
>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>>> Invoked
>>>> with creates=None executable=None shell=True args= removes=None
>>> warn=True
>>>> chdir=None
>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
>>> GSS
>>>> failure.  Minor code may provide more information (KDC returned error
>>>> string: PROCESS_TGS)
>>>>
>>>> Could it be possible that its due to the initial load of adding the
>>> clients
>>>> or is there something else that I need to take care of.



From lkrispen at redhat.com  Mon Aug 22 09:41:50 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Mon, 22 Aug 2016 11:41:50 +0200
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <CA+Bg6wcGaqvozkaasmtq5_22fFatS+4JtfqcvByzok5nnNSwLw@mail.gmail.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
	<CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
	<57B5C1A4.4070707@redhat.com>
	<CA+Bg6wcVbTdFfkVq53+Myde249Nmk_mEQfOXRFCMtC_VLqQCzQ@mail.gmail.com>
	<57B70723.8020702@redhat.com>
	<CA+Bg6wcGaqvozkaasmtq5_22fFatS+4JtfqcvByzok5nnNSwLw@mail.gmail.com>
Message-ID: <57BAC8DE.70904@redhat.com>

Thanks,

I looked into the logs, I think the messages are harmless, just an 
effect of csn adjustment due to time difference on the two machines. I 
had said that the replication protocol will try to adjust the csn 
generator, but looks like you have long lasting replication connections 
and the adjustment is done only at the beginning. Maybe we can look into 
this and improve it.
Just the tracking of one of these error messages:

the entry is modified on adm3
adm3 :[19/Aug/2016:15:47:05 -0400] conn=13 op=126637 MOD 
dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
adm3 :[19/Aug/2016:15:47:05 -0400] conn=13 op=126637 RESULT err=0 
tag=103 nentries=0 etime=0 csn=57b76303000000160000
this mod is replicated to adm0
adm0 :[19/Aug/2016:15:47:06 -0400] conn=1395 op=86121 MOD 
dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
adm0 :[19/Aug/2016:15:47:06 -0400] conn=1395 op=86121 RESULT err=0 
tag=103 nentries=0 etime=0 csn=57b76303000000160000
the entry is modified again on adm0
adm0 :[19/Aug/2016:15:47:07 -0400] conn=27 op=1108697 MOD 
dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
but it looks like the csn generated is smaller than the one already in 
the entry, and it is adjusted
adm0 :[19/Aug/2016:15:47:07 -0400] - replica_generate_next_csn: 
opcsn=57b76301000a00040000 <= basecsn=57b76303000000160000, adjusted 
opcsn=57b76303000100040000
then the result is logged with the adjusted csn
adm0 :[19/Aug/2016:15:47:07 -0400] conn=27 op=1108697 RESULT err=0 
tag=103 nentries=0 etime=0 csn=57b76303000100040000

so the mechanism works, but the messages may be confusing and 
improvement of the protocol could be investigated.

One question I have, but someone more familiar with dns should answer:
we  have regular updates of the same entry on both replicas, about every 
2 seconds, what is the reason for this ?


/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:03 -0400] conn=13 
op=126630 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:05 -0400] conn=13 
op=126637 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:07 -0400] conn=13 
op=126646 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:09 -0400] conn=13 
op=126653 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:13 -0400] conn=13 
op=126666 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:16 -0400] conn=13 
op=126673 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:18 -0400] conn=13 
op=126689 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:20 -0400] conn=13 
op=126696 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:21 -0400] conn=13 
op=126702 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:23 -0400] conn=13 
op=126737 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:26 -0400] conn=13 
op=126758 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
/tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:29 -0400] conn=13 
op=126801 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"



On 08/19/2016 10:00 PM, John Desantis wrote:
> Ludwig,
>
>> you still only grep the replication connection, but before being replicated
>> the entry has to be added by some client connection, can you get all
>> references to the entry ?
>> the log snippet you provide shows also csns with tag=103, which indicate a
>> MOD, are these MODs for the added entries ? or other mods ?
> .....
>
> I can't believe I did that!
>
> Ok, so the logs have been rotated (I didn't think to adjust
> logrotate..), so there aren't any logs to peruse for the case I've
> presented so far.  However, I was able to reproduce the errors by
> "bulk" deleting 39 DNS entries, and only the MASTER reported
> "replica_generate_next_csn" entries.
>
> Given the size of the logs, I think it would be pointless to do any
> kind of sanitization.  I'll go ahead and gzip them for you and email
> you off-list.
>
> I've labeled them as MASTER and REPLICA.
>
> John DeSantis
>
>
> 2016-08-19 9:18 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>> On 08/18/2016 05:28 PM, John Desantis wrote:
>>> Ludwig,
>>>
>>>> unfortunately this is not enough to determine what is going on. The
>>>> intersting generated/used csn is only logged in the
>>>> corresponding RESULT message and these are only the replication
>>>> connections,
>>>> it would be necessary to see the
>>>> original ADD operation, was it added once or twice by a client ?
>>>> you could pick one entry eg server-6-3-sp and grep for all references in
>>>> the
>>>> access logs of both servers  (maybe there are mods as well) and then
>>>> get also get the RESULT line for the ops found
>>> Here are the updated log snippets looking for ADD and RESULT:
>> you still only grep the replication connection, but before being replicated
>> the entry has to be added by some client connection, can you get all
>> references to the entry ?
>> the log snippet you provide shows also csns with tag=103, which indicate a
>> MOD, are these MODs for the added entries ? or other mods ?
>>
>>> PROD:11:20:13-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*(RESULT|ADD)' access.2016081*
>>> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4139
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4140
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4141
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4142
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>> ADD
>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000300040000
>>> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4144
>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bb000400040000
>>> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4145
>>> RESULT err=0 tag=103 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4146
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4147
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>> ADD
>>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000800040000
>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4149
>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bc000100040000
>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4150
>>> RESULT err=0 tag=103 nentries=0 etime=0
>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>> ADD
>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4c1000500040000
>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4152
>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c1000600040000
>>>
>>> PROD:11:19:54-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*(RESULT|ADD)' access.2016081*
>>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4148
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4149
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4150
>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4b9000500160000
>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>> ADD
>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>> RESULT err=0 tag=105 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:44 -0400] conn=1395 op=4152
>>> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4bc000000160000
>>> access.20160817-111940:[17/Aug/2016:13:50:46 -0400] conn=1395 op=4153
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4154
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4155
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4156
>>> RESULT err=0 tag=120 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:48 -0400] conn=1395 op=4157
>>> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4c1000100160000
>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>> ADD
>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>> RESULT err=0 tag=105 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4159
>>> RESULT err=0 tag=103 nentries=0 etime=0
>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4160
>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c3000000160000
>>>
>>> I'm positive that I was the only one performing DNS updates during
>>> this time, and I was only using 1 console.
>>>
>>> Thanks,
>>> John DeSantis
>>>
>>>
>>> 2016-08-18 10:09 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>> On 08/18/2016 03:15 PM, John Desantis wrote:
>>>>> Ludwig,
>>>>>
>>>>> Thank you for your response!
>>>>>
>>>>>> This is a normal scenario, but you could check if the simultaneous
>>>>>> updates
>>>>>> on 4 and 16 are intentional.
>>>>> In regards to the simultaneous updates, the only items I have noted so
>>>>> far
>>>>> are:
>>>>>
>>>>> *  The time sync between the master (4) and replica (16) was off by
>>>>> about 1-2 seconds, with the latter being ahead;
>>>> yes, this happens, but the replication protocol tries to handle this, in
>>>> a
>>>> replication session the supplier and consumer
>>>> exchange their ruvs and if the time differs the csn state generator is
>>>> updated with a local or remote offset so that the
>>>> generated time is always based on the most advanced clock - on all
>>>> servers.
>>>> And even if you adjust the system time, the csn
>>>> time will never go back.
>>>>> *  There are continual log entries referencing
>>>>> "replication-multimaster-extop" and "Netscape Replication End Session"
>>>>> in the dirsrv "access" logs, and during one of the manifestations of
>>>>> "replica_generate_next_csn", I found this:
>>>>>
>>>>> PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
>>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>>>> ADD
>>>>>
>>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>>>> ADD
>>>>>
>>>>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>>>> ADD
>>>>>
>>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>
>>>>> PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
>>>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>>>> ADD
>>>>>
>>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>>>> ADD
>>>>>
>>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>
>>>>> It looks like the entries for server-6-3-sp and 6-5-sp were referenced
>>>>> twice.  Do you think that the time being off by 1-2 seconds between
>>>>> the master and replica could be the issue?  The connection 602 is the
>>>>> replication between the replica and master, and the connection 1395 is
>>>>> the replication between the master and replica.
>>>> unfortunately this is not enough to determine what is going on. The
>>>> intersting generated/used csn is only logged in the
>>>> corresponding RESULT message and these are only the replication
>>>> connections,
>>>> it would be necessary to see the
>>>> original ADD operation, was it added once or twice by a client ?
>>>> you could pick one entry eg server-6-3-sp and grep for all references in
>>>> the
>>>> access logs of both servers  (maybe there are mods as well) and then
>>>> get also get the RESULT line for the ops found
>>>>>
>>>>> Since I know these operations were performed using the console via a
>>>>> for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
>>>>> --a-rec=10.250.12.$i' on one of our login nodes, do you think that
>>>>> specifying an _srv_ record in the DOMAIN configuration with the
>>>>> address of the master server, e.g.: ipa_server = _srv_,
>>>>> MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?
>>>>>
>>>>> I know that these questions are probably leaning more towards the
>>>>> 389ds team, so feel free to pass me over to them if need be.
>>>> I think I can address the ds related questions, but I don't know about
>>>> console and dns to assess if the behaviour is normal
>>>>
>>>>> Again, thank you very much for responding!
>>>>>
>>>>> John DeSantis
>>>>>
>>>>> 2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>>>> On 08/17/2016 08:54 PM, John Desantis wrote:
>>>>>>> Hello all,
>>>>>>>
>>>>>>> We've been re-using old host names and IP addresses for a new
>>>>>>> deployment of nodes, and recently I've been seeing the messages pasted
>>>>>>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>>>>>>
>>>>>>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>>>>>>> opcsn=57b475cf000100040000
>>>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>>>>>>> opcsn=57b47f00000300040000
>>>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>>>>>>> opcsn=57b47f00000500040000
>>>>>>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>>>>>>> opcsn=57b47f30000300040000
>>>>>>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>>>>>>> opcsn=57b4a4bc000100040000
>>>>>>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>>>>>>> opcsn=57b4a53f000100040000
>>>>>>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>>>>>>> opcsn=57b4a553000100040000
>>>>>>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>>>>>>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>>>>>>> opcsn=57b4a564000100040000
>>>>>> Each modification (add/del/mod) gets a csn assignged used in
>>>>>> replication
>>>>>> update resolution. And each assigned csn has to newer than an existing
>>>>>> one.
>>>>>> The messages you see is from code that double checks that the entry
>>>>>> doesn't
>>>>>> have already a lareg csn - and adjusts it.
>>>>>> The logs indicate that entries are more or less concurrently updated on
>>>>>> replica 4 and 16, and the updates from16 are received while processing
>>>>>> the
>>>>>> updates on 4.
>>>>>> This is a normal scenario, but you could check if the simultaneous
>>>>>> updates
>>>>>> on 4 and 16 are intentional.
>>>>>>
>>>>>>> They seem to only occur when updating DNS entries, whether on the
>>>>>>> console or via the GUI (tail -f'ing the log).
>>>>>>>
>>>>>>> A search in this mailing-list returns nothing, but a message is found
>>>>>>> on the 389-ds list [1];  it seems to suggest that the messages aren't
>>>>>>> fatal and are purely informational, yet if they are occurring
>>>>>>> constantly that there could be a problem with the replication
>>>>>>> algorithm and/or deployment.
>>>>>>>
>>>>>>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing has
>>>>>>> changed on the deployment side of things, and I don't recall seeing
>>>>>>> this message before.
>>>>>>>
>>>>>>> I'm wondering if it's safe to disregard these messages due to the
>>>>>>> re-use of the entries, or if something else should be looked into.
>>>>>>>
>>>>>>> Thank you,
>>>>>>> John DeSantis
>>>>>>>
>>>>>>> [1] https://fedorahosted.org/389/ticket/47959
>>>>>>>
>>>>>> --
>>>>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>>> O'Neill,
>>>>>> Eric Shander
>>>>>>
>>>>>> --
>>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>> --
>>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>>>> Eric Shander
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>
>> --
>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>> Eric Shander
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From desantis at mail.usf.edu  Mon Aug 22 14:06:22 2016
From: desantis at mail.usf.edu (John Desantis)
Date: Mon, 22 Aug 2016 10:06:22 -0400
Subject: [Freeipa-users] replica_generate_next_csn messages in dirsrv
 error logs
In-Reply-To: <57BAC8DE.70904@redhat.com>
References: <CA+Bg6wdMSp1OhKtTxZ_G-=fsOugVY=G5M_10WSfw5ymXcJ9_sA@mail.gmail.com>
	<57B56E64.4030104@redhat.com>
	<CA+Bg6wc2q182Hppk60eZx694p5ecFu8X5eimpvHVwrRs1NnzvA@mail.gmail.com>
	<57B5C1A4.4070707@redhat.com>
	<CA+Bg6wcVbTdFfkVq53+Myde249Nmk_mEQfOXRFCMtC_VLqQCzQ@mail.gmail.com>
	<57B70723.8020702@redhat.com>
	<CA+Bg6wcGaqvozkaasmtq5_22fFatS+4JtfqcvByzok5nnNSwLw@mail.gmail.com>
	<57BAC8DE.70904@redhat.com>
Message-ID: <CA+Bg6weiLCUOkBp0XKHZ6_83FbhK_1kzKFpJKfzkEndPv=ykmQ@mail.gmail.com>

Ludwig,

> I looked into the logs, I think the messages are harmless, just an effect of
> csn adjustment due to time difference on the two machines. I had said that
> the replication protocol will try to adjust the csn generator, but looks
> like you have long lasting replication connections and the adjustment is
> done only at the beginning. Maybe we can look into this and improve it.
> Just the tracking of one of these error messages:

Thank you for your insight and looking into these logs.  Given the
relative obscurity of results of this message within Google and this
mailing list, there may be nothing to improve!  In other words, it
looks like the issue has been resolved.

In a not so nutshell, I've been monitoring a ns-slapd thread that was
continually pegged with high file I/O via the 'pread' while reading
its db* files on the master server, which produced some latency.
After seemingly pointless searches, I stumbled upon Rich's "dbmon.sh"
via a post [1] and verified that some tuning was needed for our site.
After applying the changes I did notice that there was a drop in
memory pressure on the system and that there seemed to be less
latency, but the ns-slapd thread was still performing a lot of file
I/O.  It seems now that the issue with the timing was due to this
observed latency.  Anyways, I was still bugged with an issue I had
originally opened in my first post to the list [2] and finally
discovered that one of our replication nodes was culpable for not
responding to the 'ipa-replica-manage clean-ruv #' (stdout via this
command did not report which servers had and had not properly cleaned
the RUV).  I was able to manually remove it via 'ldapmodify' and
cleanruv.  At this point, some of the file I/O I had seen was more
than halved.  The last piece of the puzzle was using
"ipa-csreplica-manage" and 'ldapmodify' to remove [3] the CA
references to the replica mentioned in [1].  Once this was done, all
of the thread I/O stopped.

I then performed some testing of adding and removing DNS records via a
for loop, with and without sleep statements.  Not once did any more of
the replica_generate_next_csn messages appear.

For anyone else seeing similar issues, hopefully this information will help.

John DeSantis

[1] https://www.redhat.com/archives/freeipa-users/2014-November/msg00138.html
[2] https://www.redhat.com/archives/freeipa-users/2014-October/msg00283.html
[3] https://www.redhat.com/archives/freeipa-users/2015-March/msg00436.html

2016-08-22 5:41 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
> Thanks,
>
> I looked into the logs, I think the messages are harmless, just an effect of
> csn adjustment due to time difference on the two machines. I had said that
> the replication protocol will try to adjust the csn generator, but looks
> like you have long lasting replication connections and the adjustment is
> done only at the beginning. Maybe we can look into this and improve it.
> Just the tracking of one of these error messages:
>
> the entry is modified on adm3
> adm3 :[19/Aug/2016:15:47:05 -0400] conn=13 op=126637 MOD
> dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> adm3 :[19/Aug/2016:15:47:05 -0400] conn=13 op=126637 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57b76303000000160000
> this mod is replicated to adm0
> adm0 :[19/Aug/2016:15:47:06 -0400] conn=1395 op=86121 MOD
> dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> adm0 :[19/Aug/2016:15:47:06 -0400] conn=1395 op=86121 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57b76303000000160000
> the entry is modified again on adm0
> adm0 :[19/Aug/2016:15:47:07 -0400] conn=27 op=1108697 MOD
> dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> but it looks like the csn generated is smaller than the one already in the
> entry, and it is adjusted
> adm0 :[19/Aug/2016:15:47:07 -0400] - replica_generate_next_csn:
> opcsn=57b76301000a00040000 <= basecsn=57b76303000000160000, adjusted
> opcsn=57b76303000100040000
> then the result is logged with the adjusted csn
> adm0 :[19/Aug/2016:15:47:07 -0400] conn=27 op=1108697 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57b76303000100040000
>
> so the mechanism works, but the messages may be confusing and improvement of
> the protocol could be investigated.
>
> One question I have, but someone more familiar with dns should answer:
> we  have regular updates of the same entry on both replicas, about every 2
> seconds, what is the reason for this ?
>
>
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:03 -0400] conn=13
> op=126630 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:05 -0400] conn=13
> op=126637 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:07 -0400] conn=13
> op=126646 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:09 -0400] conn=13
> op=126653 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:13 -0400] conn=13
> op=126666 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:16 -0400] conn=13
> op=126673 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:18 -0400] conn=13
> op=126689 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:20 -0400] conn=13
> op=126696 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:21 -0400] conn=13
> op=126702 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:23 -0400] conn=13
> op=126737 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:26 -0400] conn=13
> op=126758 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
> /tmp/adm3-logs-del39-errors.txt:[19/Aug/2016:15:47:29 -0400] conn=13
> op=126801 MOD dn="idnsname=rc.usf.edu,cn=dns,dc=rc,dc=usf,dc=edu"
>
>
>
>
> On 08/19/2016 10:00 PM, John Desantis wrote:
>>
>> Ludwig,
>>
>>> you still only grep the replication connection, but before being
>>> replicated
>>> the entry has to be added by some client connection, can you get all
>>> references to the entry ?
>>> the log snippet you provide shows also csns with tag=103, which indicate
>>> a
>>> MOD, are these MODs for the added entries ? or other mods ?
>>
>> .....
>>
>> I can't believe I did that!
>>
>> Ok, so the logs have been rotated (I didn't think to adjust
>> logrotate..), so there aren't any logs to peruse for the case I've
>> presented so far.  However, I was able to reproduce the errors by
>> "bulk" deleting 39 DNS entries, and only the MASTER reported
>> "replica_generate_next_csn" entries.
>>
>> Given the size of the logs, I think it would be pointless to do any
>> kind of sanitization.  I'll go ahead and gzip them for you and email
>> you off-list.
>>
>> I've labeled them as MASTER and REPLICA.
>>
>> John DeSantis
>>
>>
>> 2016-08-19 9:18 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>
>>> On 08/18/2016 05:28 PM, John Desantis wrote:
>>>>
>>>> Ludwig,
>>>>
>>>>> unfortunately this is not enough to determine what is going on. The
>>>>> intersting generated/used csn is only logged in the
>>>>> corresponding RESULT message and these are only the replication
>>>>> connections,
>>>>> it would be necessary to see the
>>>>> original ADD operation, was it added once or twice by a client ?
>>>>> you could pick one entry eg server-6-3-sp and grep for all references
>>>>> in
>>>>> the
>>>>> access logs of both servers  (maybe there are mods as well) and then
>>>>> get also get the RESULT line for the ops found
>>>>
>>>> Here are the updated log snippets looking for ADD and RESULT:
>>>
>>> you still only grep the replication connection, but before being
>>> replicated
>>> the entry has to be added by some client connection, can you get all
>>> references to the entry ?
>>> the log snippet you provide shows also csns with tag=103, which indicate
>>> a
>>> MOD, are these MODs for the added entries ? or other mods ?
>>>
>>>> PROD:11:20:13-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*(RESULT|ADD)' access.2016081*
>>>> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4139
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:41 -0400] conn=602 op=4140
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4141
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4142
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000300040000
>>>> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4144
>>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bb000400040000
>>>> access.20160817-124811:[17/Aug/2016:13:50:44 -0400] conn=602 op=4145
>>>> RESULT err=0 tag=103 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4146
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4147
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4bb000800040000
>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4149
>>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4bc000100040000
>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4150
>>>> RESULT err=0 tag=103 nentries=0 etime=0
>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>>> RESULT err=0 tag=105 nentries=0 etime=0 csn=57b4a4c1000500040000
>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4152
>>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c1000600040000
>>>>
>>>> PROD:11:19:54-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*(RESULT|ADD)' access.2016081*
>>>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4148
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4149
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:41 -0400] conn=1395 op=4150
>>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4b9000500160000
>>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>>> RESULT err=0 tag=105 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:44 -0400] conn=1395 op=4152
>>>> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4bc000000160000
>>>> access.20160817-111940:[17/Aug/2016:13:50:46 -0400] conn=1395 op=4153
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4154
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4155
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:47 -0400] conn=1395 op=4156
>>>> RESULT err=0 tag=120 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:48 -0400] conn=1395 op=4157
>>>> RESULT err=0 tag=103 nentries=0 etime=1 csn=57b4a4c1000100160000
>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>>> ADD
>>>>
>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>>> RESULT err=0 tag=105 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4159
>>>> RESULT err=0 tag=103 nentries=0 etime=0
>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4160
>>>> RESULT err=0 tag=103 nentries=0 etime=0 csn=57b4a4c3000000160000
>>>>
>>>> I'm positive that I was the only one performing DNS updates during
>>>> this time, and I was only using 1 console.
>>>>
>>>> Thanks,
>>>> John DeSantis
>>>>
>>>>
>>>> 2016-08-18 10:09 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>>>
>>>>> On 08/18/2016 03:15 PM, John Desantis wrote:
>>>>>>
>>>>>> Ludwig,
>>>>>>
>>>>>> Thank you for your response!
>>>>>>
>>>>>>> This is a normal scenario, but you could check if the simultaneous
>>>>>>> updates
>>>>>>> on 4 and 16 are intentional.
>>>>>>
>>>>>> In regards to the simultaneous updates, the only items I have noted so
>>>>>> far
>>>>>> are:
>>>>>>
>>>>>> *  The time sync between the master (4) and replica (16) was off by
>>>>>> about 1-2 seconds, with the latter being ahead;
>>>>>
>>>>> yes, this happens, but the replication protocol tries to handle this,
>>>>> in
>>>>> a
>>>>> replication session the supplier and consumer
>>>>> exchange their ruvs and if the time differs the csn state generator is
>>>>> updated with a local or remote offset so that the
>>>>> generated time is always based on the most advanced clock - on all
>>>>> servers.
>>>>> And even if you adjust the system time, the csn
>>>>> time will never go back.
>>>>>>
>>>>>> *  There are continual log entries referencing
>>>>>> "replication-multimaster-extop" and "Netscape Replication End Session"
>>>>>> in the dirsrv "access" logs, and during one of the manifestations of
>>>>>> "replica_generate_next_csn", I found this:
>>>>>>
>>>>>> PROD:08:46:08-root at REPLICA:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>>>> # grep -E '17/Aug/2016:13:50:4.*conn=602.*ADD' access.2016081*
>>>>>> access.20160817-124811:[17/Aug/2016:13:50:42 -0400] conn=602 op=4143
>>>>>> ADD
>>>>>>
>>>>>>
>>>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>> access.20160817-124811:[17/Aug/2016:13:50:47 -0400] conn=602 op=4148
>>>>>> ADD
>>>>>>
>>>>>>
>>>>>> dn="idnsname=server-6-4-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>> access.20160817-124811:[17/Aug/2016:13:50:49 -0400] conn=602 op=4151
>>>>>> ADD
>>>>>>
>>>>>>
>>>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>>
>>>>>> PROD:08:47:44-root at MASTER:/var/log/dirsrv/slapd-DOM-DOM-DOM
>>>>>> # grep -E '17/Aug/2016:13:50:4.*conn=1395.*ADD' access.2016081*
>>>>>> access.20160817-111940:[17/Aug/2016:13:50:43 -0400] conn=1395 op=4151
>>>>>> ADD
>>>>>>
>>>>>>
>>>>>> dn="idnsname=server-6-3-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>> access.20160817-111940:[17/Aug/2016:13:50:49 -0400] conn=1395 op=4158
>>>>>> ADD
>>>>>>
>>>>>>
>>>>>> dn="idnsname=server-6-5-sp,idnsname=dom.dom.dom,cn=dns,dc=dom,dc=dom,dc=dom"
>>>>>>
>>>>>> It looks like the entries for server-6-3-sp and 6-5-sp were referenced
>>>>>> twice.  Do you think that the time being off by 1-2 seconds between
>>>>>> the master and replica could be the issue?  The connection 602 is the
>>>>>> replication between the replica and master, and the connection 1395 is
>>>>>> the replication between the master and replica.
>>>>>
>>>>> unfortunately this is not enough to determine what is going on. The
>>>>> intersting generated/used csn is only logged in the
>>>>> corresponding RESULT message and these are only the replication
>>>>> connections,
>>>>> it would be necessary to see the
>>>>> original ADD operation, was it added once or twice by a client ?
>>>>> you could pick one entry eg server-6-3-sp and grep for all references
>>>>> in
>>>>> the
>>>>> access logs of both servers  (maybe there are mods as well) and then
>>>>> get also get the RESULT line for the ops found
>>>>>>
>>>>>>
>>>>>> Since I know these operations were performed using the console via a
>>>>>> for loop 'ipa dnsrecord-add dom.dom.dom server-6-$i-sp
>>>>>> --a-rec=10.250.12.$i' on one of our login nodes, do you think that
>>>>>> specifying an _srv_ record in the DOMAIN configuration with the
>>>>>> address of the master server, e.g.: ipa_server = _srv_,
>>>>>> MASTER.dom.dom.dom could be the issue (coupled with the time syncing)?
>>>>>>
>>>>>> I know that these questions are probably leaning more towards the
>>>>>> 389ds team, so feel free to pass me over to them if need be.
>>>>>
>>>>> I think I can address the ds related questions, but I don't know about
>>>>> console and dns to assess if the behaviour is normal
>>>>>
>>>>>> Again, thank you very much for responding!
>>>>>>
>>>>>> John DeSantis
>>>>>>
>>>>>> 2016-08-18 4:14 GMT-04:00 Ludwig Krispenz <lkrispen at redhat.com>:
>>>>>>>
>>>>>>> On 08/17/2016 08:54 PM, John Desantis wrote:
>>>>>>>>
>>>>>>>> Hello all,
>>>>>>>>
>>>>>>>> We've been re-using old host names and IP addresses for a new
>>>>>>>> deployment of nodes, and recently I've been seeing the messages
>>>>>>>> pasted
>>>>>>>> below in the slapd-DC.DC.DC "error" log on our nodes.
>>>>>>>>
>>>>>>>> [17/Aug/2016:10:30:30 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b475cd001200040000 <= basecsn=57b475cf000000160000, adjusted
>>>>>>>> opcsn=57b475cf000100040000
>>>>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b47f00000200040000 <= basecsn=57b47f00000200160000, adjusted
>>>>>>>> opcsn=57b47f00000300040000
>>>>>>>> [17/Aug/2016:11:09:44 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b47f00000400040000 <= basecsn=57b47f00000400160000, adjusted
>>>>>>>> opcsn=57b47f00000500040000
>>>>>>>> [17/Aug/2016:11:10:33 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b47f2f001000040000 <= basecsn=57b47f30000200160000, adjusted
>>>>>>>> opcsn=57b47f30000300040000
>>>>>>>> [17/Aug/2016:13:50:45 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b4a4bb000900040000 <= basecsn=57b4a4bc000000160000, adjusted
>>>>>>>> opcsn=57b4a4bc000100040000
>>>>>>>> [17/Aug/2016:13:52:54 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b4a53e000a00040000 <= basecsn=57b4a53f000000160000, adjusted
>>>>>>>> opcsn=57b4a53f000100040000
>>>>>>>> [17/Aug/2016:13:53:15 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b4a552000700040000 <= basecsn=57b4a553000000160000, adjusted
>>>>>>>> opcsn=57b4a553000100040000
>>>>>>>> [17/Aug/2016:13:53:32 -0400] - replica_generate_next_csn:
>>>>>>>> opcsn=57b4a562000900040000 <= basecsn=57b4a564000000160000, adjusted
>>>>>>>> opcsn=57b4a564000100040000
>>>>>>>
>>>>>>> Each modification (add/del/mod) gets a csn assignged used in
>>>>>>> replication
>>>>>>> update resolution. And each assigned csn has to newer than an
>>>>>>> existing
>>>>>>> one.
>>>>>>> The messages you see is from code that double checks that the entry
>>>>>>> doesn't
>>>>>>> have already a lareg csn - and adjusts it.
>>>>>>> The logs indicate that entries are more or less concurrently updated
>>>>>>> on
>>>>>>> replica 4 and 16, and the updates from16 are received while
>>>>>>> processing
>>>>>>> the
>>>>>>> updates on 4.
>>>>>>> This is a normal scenario, but you could check if the simultaneous
>>>>>>> updates
>>>>>>> on 4 and 16 are intentional.
>>>>>>>
>>>>>>>> They seem to only occur when updating DNS entries, whether on the
>>>>>>>> console or via the GUI (tail -f'ing the log).
>>>>>>>>
>>>>>>>> A search in this mailing-list returns nothing, but a message is
>>>>>>>> found
>>>>>>>> on the 389-ds list [1];  it seems to suggest that the messages
>>>>>>>> aren't
>>>>>>>> fatal and are purely informational, yet if they are occurring
>>>>>>>> constantly that there could be a problem with the replication
>>>>>>>> algorithm and/or deployment.
>>>>>>>>
>>>>>>>> We're using ipa-server 3.0.0-47 and 389-ds 1.2.11.15-60.  Nothing
>>>>>>>> has
>>>>>>>> changed on the deployment side of things, and I don't recall seeing
>>>>>>>> this message before.
>>>>>>>>
>>>>>>>> I'm wondering if it's safe to disregard these messages due to the
>>>>>>>> re-use of the entries, or if something else should be looked into.
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>> John DeSantis
>>>>>>>>
>>>>>>>> [1] https://fedorahosted.org/389/ticket/47959
>>>>>>>>
>>>>>>> --
>>>>>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>>>> O'Neill,
>>>>>>> Eric Shander
>>>>>>>
>>>>>>> --
>>>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>> Go to http://freeipa.org for more info on the project
>>>>>
>>>>>
>>>>> --
>>>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael
>>>>> O'Neill,
>>>>> Eric Shander
>>>>>
>>>>> --
>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>> --
>>> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
>>> Commercial register: Amtsgericht Muenchen, HRB 153243,
>>> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
>>> Eric Shander
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>
>
> --
> Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill,
> Eric Shander
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From rcritten at redhat.com  Mon Aug 22 14:40:02 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 22 Aug 2016 10:40:02 -0400
Subject: [Freeipa-users] ipa-cert-agent,
 Object Signing Cert certificate renewal
In-Reply-To: <DB5PR07MB16052BD80C866702A76D84C8D6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
References: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57B5B7FC.5090004@redhat.com>
	<DB5PR07MB16052BD80C866702A76D84C8D6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
Message-ID: <57BB0EC2.3000906@redhat.com>

Please keep responses on the list.

realstarhealer wrote:
> Hi Rob,
>
> setting back the date and restarting did not help, in fact it can't,
> because certmonger is not tracking these two by default.
>
> Regarding the ipa-ca-agent Cert:
> I followed CVE-2015-5284 slightly to create a new valid ipa-ca-agent
> certificate.

You re-created the wrong cert. You need the cert with subject 'CN=IPA 
RA,O=<REALM>' The RA agent (original serial # usually 7) and the CA 
Agent (original serial # usually 6) have different purposes.

Were you affected by the CVE? I'm not sure why you'd try to replace it 
in this way.

As for the tracking, you'd do something like this (untested b/c I don't 
have a 4.1 install):

# getcert start-tracking -d /etc/httpd/alias -n ipaCert -p 
/etc/httpd/alias/pwdfile.txt -c dogtag-ipa-ca-renew-agent -C renew_ra_cert

> Via pki cert-find --name 'ipa-ca-agent' I can now see both, the new and
> the expired.
> Via freeipa webui I can also See both.
> Via ldapsearch -D 'cn=Directory Manager' -W -b 'ou=people,o=ipaca' I see
> uid=admin using the old expired Cert ID.
>
> Is it sufficient to ldapmodify the new valid Cert to uid=admin to solve
> this? As far as I can See,  it is the only place this Cert is used.

The instructions on the wiki at 
https://www.freeipa.org/page/CVE-2015-5284 seem to confuse the RA agent 
with the CA agent. I don't know the details of that CVE but someone 
needs to revisit these docs. I'd prefer some clarity around SUBJECT, it 
will always be CN=IPA RA,<BASE>

Similarly there is no need to update ca-agent.p12 file if the RA agent 
cert is being replaced.

rob

>
> Greetings
> Vitali
>
>
> -------- Urspr?ngliche Nachricht --------
> Von: Rob Crittenden <rcritten at redhat.com>
> Datum: 18.08.16 15:28 (GMT+01:00)
> An: realstarhealer <realstarhealer at hotmail.com>, freeipa-users at redhat.com
> Betreff: Re: [Freeipa-users] ipa-cert-agent, Object Signing Cert
> certificate renewal
>
> realstarhealer wrote:
>> Hi,
>>
>> I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and
>> noticed some expired certificates recently. Most of them but 2 are
>> auto-renewing by certmonger as I checked. All of them are self signed.
>>
>> "CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by
>> certmonger, ipa-ca-agent expired some days ago and has not been renewed.
>> Second one expires soon. No consequences noticed so far.
>> Can you tell me what they both are for and - if needed - how I should
>> renew that separately? Preferable with certmonger. An Output how the
>> tracking config should look like would be nice.
>
> The object signing cert can probably be ignored. This was used to sign a
> jar file used to automatically configure Firefox but that approach
> doesn't work any more.
>
> The agent cert is used by IPA to communicate to dogtag so yeah, that's
> pretty important.
>
> Since it is expired you'd need to go back in time to renew it.
> Restarting the certmonger process is the simplest method to force it to
> try to renew.
>
> rob



From rcritten at redhat.com  Mon Aug 22 14:48:31 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 22 Aug 2016 10:48:31 -0400
Subject: [Freeipa-users] Very slow enrolment process
In-Reply-To: <2c306f4b-6c3d-f464-14d5-8c443439fd5d@redhat.com>
References: <CAE9rU+6dcFgxQXTRACOYJhDXPmAuYEx=8vt0JnMUp-uFNvFiQw@mail.gmail.com>
	<2c306f4b-6c3d-f464-14d5-8c443439fd5d@redhat.com>
Message-ID: <57BB10BF.3060700@redhat.com>

Petr Spacek wrote:
> On 22.8.2016 03:42, William Muriithi wrote:
>> Hello,
>>
>> I have systems that were previously using openLDAP and plan to migrate
>> them to freeIPA.  I have a problem I have been struggling with since
>> Thursday.  The client take 10 to 15 minutes to finish the enrolment
>> process.
>>
>> I can't find anything in the logs, have disabled nscd, the DNS and
>> hostname is set up write and nothing on the message logs point me to
>> the problem.  Have put se-linux to permissive and done all the basic
>> checks I can think of.
>>
>> Its always stalling at this point. What usually happen after the end
>> of the log below?
>>
>> ---
>>
>> 2016-08-22T01:12:07Z INFO Synchronizing time with KDC...
>>
>> 2016-08-22T01:12:07Z DEBUG Search DNS for SRV record of
>> _ntp._udp.eng.example.com.
>>
>> 2016-08-22T01:12:07Z DEBUG DNS record found:
>> DNSResult::name:_ntp._udp.eng.example.com.,type:33,class:1,rdata={priority:0,port:123,weight:100,server:hydrogen.eng.example.com.}
>>
>> 2016-08-22T01:12:08Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v
>> hydrogen.eng.example.com
>>
>> 2016-08-22T01:12:08Z DEBUG stdout=
>>
>> 2016-08-22T01:12:08Z DEBUG stderr=
>>
>> 2016-08-22T01:12:08Z DEBUG Writing Kerberos configuration to /tmp/tmpYLpzuV:
>>
>> 2016-08-22T01:12:08Z DEBUG #File modified by ipa-client-install
>>
>>
>> includedir /var/lib/sss/pubconf/krb5.include.d/
>>
>>
>> [libdefaults]
>>
>>    default_realm = ENG.EXAMPLE.COM
>>
>>    dns_lookup_realm = false
>>
>>    dns_lookup_kdc = false
>>
>>    rdns = false
>>
>>    ticket_lifetime = 24h
>>
>>    forwardable = yes
>>
>>    udp_preference_limit = 0
>>
>>
>>
>> [realms]
>>
>>    ENG.EXAMPLE.COM = {
>>
>>      kdc = hydrogen.eng.example.com:88
>>
>>      master_kdc = hydrogen.eng.example.com:88
>>
>>      admin_server = hydrogen.eng.example.com:749
>>
>>      default_domain = eng.example.com
>>
>>      pkinit_anchors = FILE:/etc/ipa/ca.crt
>>
>>
>>    }
>>
>>
>>
>> [domain_realm]
>>
>>    .eng.example.com = ENG.EXAMPLE.COM
>>
>>    eng.example.com = ENG.EXAMPLE.COM
>
>
> This is interesting. This output is printed right before calling ipa-join
> command so you should see follow-up line "Starting external process".
>
> Is it somewhere in the file?
>
> I cannot imagine where it could hang between write to the krb5.conf file and
> starting ipa-join command...
>

It potentially does a kinit before calling ipa-join depending on the 
options passed in.

What I'd do is strace the install process. This should tell you what 
it's doing.

rob



From rcritten at redhat.com  Mon Aug 22 15:27:42 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Mon, 22 Aug 2016 11:27:42 -0400
Subject: [Freeipa-users] ipa-cert-agent,
 Object Signing Cert certificate renewal
In-Reply-To: <DB5PR07MB160589B969822C5A82E112EAD6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
References: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57B5B7FC.5090004@redhat.com>
	<DB5PR07MB16052BD80C866702A76D84C8D6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57BB0EC2.3000906@redhat.com>
	<DB5PR07MB160589B969822C5A82E112EAD6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
Message-ID: <57BB19EE.40706@redhat.com>

realstarhealer wrote:
> Hi,
>
> It seemes I confused you. I just used the CVE Tutorial as a hint on
> generally how to create a new Cert for ipa-ca-agent (for uid admin).
> There is nothing wrong with my IPA RA (ipaCert), as it is monitored via
> certmonger and has been renewed recently.
>
> So returning to my previous question, is it sufficient to replace the
> expired  #6 for uid admin in ldap with my new Cert, i created or is #6
> used in more location than this one?

You'd also need to update the description value.

Why are you concerned about updating this certificate? IPA doesn't use 
it in any way AFAIK.

rob

>
> Thanks and Greetings
> Vitali
>
>
> -------- Urspr?ngliche Nachricht --------
> Von: Rob Crittenden <rcritten at redhat.com>
> Datum: 22.08.16 16:40 (GMT+01:00)
> An: realstarhealer <realstarhealer at hotmail.com>, Freeipa-users at redhat.com
> Cc: Jan Cholasta <jcholast at redhat.com>
> Betreff: Re: AW: [Freeipa-users] ipa-cert-agent, Object Signing Cert
> certificate renewal
>
> Please keep responses on the list.
>
> realstarhealer wrote:
>> Hi Rob,
>>
>> setting back the date and restarting did not help, in fact it can't,
>> because certmonger is not tracking these two by default.
>>
>> Regarding the ipa-ca-agent Cert:
>> I followed CVE-2015-5284 slightly to create a new valid ipa-ca-agent
>> certificate.
>
> You re-created the wrong cert. You need the cert with subject 'CN=IPA
> RA,O=<REALM>' The RA agent (original serial # usually 7) and the CA
> Agent (original serial # usually 6) have different purposes.
>
> Were you affected by the CVE? I'm not sure why you'd try to replace it
> in this way.
>
> As for the tracking, you'd do something like this (untested b/c I don't
> have a 4.1 install):
>
> # getcert start-tracking -d /etc/httpd/alias -n ipaCert -p
> /etc/httpd/alias/pwdfile.txt -c dogtag-ipa-ca-renew-agent -C renew_ra_cert
>
>> Via pki cert-find --name 'ipa-ca-agent' I can now see both, the new and
>> the expired.
>> Via freeipa webui I can also See both.
>> Via ldapsearch -D 'cn=Directory Manager' -W -b 'ou=people,o=ipaca' I see
>> uid=admin using the old expired Cert ID.
>>
>> Is it sufficient to ldapmodify the new valid Cert to uid=admin to solve
>> this? As far as I can See,  it is the only place this Cert is used.
>
> The instructions on the wiki at
> https://www.freeipa.org/page/CVE-2015-5284 seem to confuse the RA agent
> with the CA agent. I don't know the details of that CVE but someone
> needs to revisit these docs. I'd prefer some clarity around SUBJECT, it
> will always be CN=IPA RA,<BASE>
>
> Similarly there is no need to update ca-agent.p12 file if the RA agent
> cert is being replaced.
>
> rob
>
>>
>> Greetings
>> Vitali
>>
>>
>> -------- Urspr?ngliche Nachricht --------
>> Von: Rob Crittenden <rcritten at redhat.com>
>> Datum: 18.08.16 15:28 (GMT+01:00)
>> An: realstarhealer <realstarhealer at hotmail.com>, freeipa-users at redhat.com
>> Betreff: Re: [Freeipa-users] ipa-cert-agent, Object Signing Cert
>> certificate renewal
>>
>> realstarhealer wrote:
>>> Hi,
>>>
>>> I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and
>>> noticed some expired certificates recently. Most of them but 2 are
>>> auto-renewing by certmonger as I checked. All of them are self signed.
>>>
>>> "CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by
>>> certmonger, ipa-ca-agent expired some days ago and has not been renewed.
>>> Second one expires soon. No consequences noticed so far.
>>> Can you tell me what they both are for and - if needed - how I should
>>> renew that separately? Preferable with certmonger. An Output how the
>>> tracking config should look like would be nice.
>>
>> The object signing cert can probably be ignored. This was used to sign a
>> jar file used to automatically configure Firefox but that approach
>> doesn't work any more.
>>
>> The agent cert is used by IPA to communicate to dogtag so yeah, that's
>> pretty important.
>>
>> Since it is expired you'd need to go back in time to renew it.
>> Restarting the certmonger process is the simplest method to force it to
>> try to renew.
>>
>> rob
>



From zarko.dudic at oracle.com  Mon Aug 22 19:46:58 2016
From: zarko.dudic at oracle.com (Zarko Dudic)
Date: Mon, 22 Aug 2016 12:46:58 -0700
Subject: [Freeipa-users] Unknown Error - error (pop-up) window
Message-ID: <51edd444-7d5e-2412-0af0-e86802ea8041@oracle.com>

Hi all,

IPA version: ipa-server-4.2.0-15.0.1.el7_2.18.x86_64
Kernel: 3.8.13-118.10.2.el7uek.x86_64

I start seeing pop-up window titled "Unknown Error" with message "error" 
and buttons Retry and Cancel. It happens when selecting almost anything 
on the Web interface, from Identity to IPA Server.
Certainly changes have been made, like adding identities, adding certs 
in nssdb, but can't think of anything that can cause such error.
And when errors happen, no new logs in /var/log/httpd both access and 
error logs. Also no new logs in /var/log/dirsrv/slapd-REALM/

For starter, can you please suggest any troubleshooting steps and other 
logs to query.

-- 
Thanks,
Zarko



From zarko at etcfstab.com  Mon Aug 22 23:52:46 2016
From: zarko at etcfstab.com (Z D)
Date: Mon, 22 Aug 2016 23:52:46 +0000
Subject: [Freeipa-users] IPA Error 4301: CertificateOperationError
Message-ID: <BN6PR12MB1169B9518CF5728C96167DB2C8E80@BN6PR12MB1169.namprd12.prod.outlook.com>

Hello,
There is the error on ver 4.2 while viewing certs: "IPA Error 4301: CertificateOperationError", next it read " Certificate operation cannot be completed: Unable to communicate with CMS ([Errno 113] No route to host)".

I suspect you'll be asking for below two commands, here are results.

# ipa cert-show 1
  Certificate: MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1VUy5P
..shortened ...
H6S7tS4pT9w77K8=
  Subject: CN=Certificate Authority,O=COMP.COM
  Issuer: CN=Certificate Authority,O=COMP.COM
  Not Before: Wed Aug 17 17:20:41 2016 UTC
  Not After: Sun Aug 17 17:20:41 2036 UTC
  Fingerprint (MD5): 00:a5:2c:2d:ea:c8:27:33:62:35:75:53:12:6a:0d:c1
  Fingerprint (SHA1): d1:58:78:83:31:b8:ad:ae:af:2c:e7:05:44:67:6e:3a:37:8c:00:1a
  Serial number (hex): 0x1
  Serial number: 1

# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting ipa_memcached Service
Restarting httpd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

Any help is appreciated, thanks
Zarko

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160822/b28ccbf1/attachment.htm>

From yamakasi.014 at gmail.com  Tue Aug 23 00:08:21 2016
From: yamakasi.014 at gmail.com (Matt .)
Date: Tue, 23 Aug 2016 02:08:21 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
	edit/update
Message-ID: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>

Hi Guys,

What is the way to notify or update a Bind slave which is not an IPA server ?

Do I need to manuallu add an also-notify to the /etc/bind.conf on the
IPA master or is there a different way how to accomplish this ?

I hope this is possible and anyone can explain me how.

Thanks!

Matt



From ftweedal at redhat.com  Tue Aug 23 00:23:59 2016
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Tue, 23 Aug 2016 10:23:59 +1000
Subject: [Freeipa-users] IPA Error 4301: CertificateOperationError
In-Reply-To: <BN6PR12MB1169B9518CF5728C96167DB2C8E80@BN6PR12MB1169.namprd12.prod.outlook.com>
References: <BN6PR12MB1169B9518CF5728C96167DB2C8E80@BN6PR12MB1169.namprd12.prod.outlook.com>
Message-ID: <20160823002359.GB3877@dhcp-40-8.bne.redhat.com>

On Mon, Aug 22, 2016 at 11:52:46PM +0000, Z D wrote:
> Hello,
>
> There is the error on ver 4.2 while viewing certs: "IPA Error
> 4301: CertificateOperationError", next it read " Certificate
> operation cannot be completed: Unable to communicate with CMS
> ([Errno 113] No route to host)".
> 
> I suspect you'll be asking for below two commands, here are results.
> 
> # ipa cert-show 1
>   Certificate: MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1VUy5P
> ..shortened ...
> H6S7tS4pT9w77K8=
>   Subject: CN=Certificate Authority,O=COMP.COM
>   Issuer: CN=Certificate Authority,O=COMP.COM
>   Not Before: Wed Aug 17 17:20:41 2016 UTC
>   Not After: Sun Aug 17 17:20:41 2036 UTC
>   Fingerprint (MD5): 00:a5:2c:2d:ea:c8:27:33:62:35:75:53:12:6a:0d:c1
>   Fingerprint (SHA1): d1:58:78:83:31:b8:ad:ae:af:2c:e7:05:44:67:6e:3a:37:8c:00:1a
>   Serial number (hex): 0x1
>   Serial number: 1
> 
> # ipactl restart
> Restarting Directory Service
> Restarting krb5kdc Service
> Restarting kadmin Service
> Restarting named Service
> Restarting ipa_memcached Service
> Restarting httpd Service
> Restarting ipa-otpd Service
> Restarting ipa-dnskeysyncd Service
> ipa: INFO: The ipactl command was successful
> 
> Any help is appreciated, thanks
> Zarko
>

"while viewing certs" -> do you mean in the IPA Web UI?

The successful `cert-show' command indicates that the CA is up and
running, but the error message indicates that the host running the
failing action cannot contact the CA.  You should check DNS and
firewall settings as a first step.

Thanks,
Fraser



From datakid at gmail.com  Tue Aug 23 01:08:53 2016
From: datakid at gmail.com (Lachlan Musicman)
Date: Tue, 23 Aug 2016 11:08:53 +1000
Subject: [Freeipa-users] Error in selinux child: libsemanage can't parse
 spaces in AD user names
In-Reply-To: <20160718082616.GW4734@hendrix>
References: <CAGBeqiOBntxp0GkTLZHCiUYpbgf4oVue+9sirC6AO=QibHPPkg@mail.gmail.com>
	<CAGBeqiPqV63vj2FoM3S6btJUZsRj=ic6rc6qARjqQLO8KfZ_6Q@mail.gmail.com>
	<20160715065943.GA30895@10.4.128.1> <20160715080523.GK4734@hendrix>
	<CAGBeqiM1NVHdBUvFJN9g-NK_jmp2A+h=14RMwry_FhPdURxNcQ@mail.gmail.com>
	<CAGBeqiM+Dx02OiCt0+gHSgm4oHkSNou6Pw0P4bv9WKvyS5bGvw@mail.gmail.com>
	<20160718082616.GW4734@hendrix>
Message-ID: <CAGBeqiNQasotEbO64oCYLYf+uQUwATOeSrrLyYkqDOw1psswmA@mail.gmail.com>

On 18 July 2016 at 18:26, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Mon, Jul 18, 2016 at 09:33:35AM +1000, Lachlan Musicman wrote:
> > Ok, I've just spoken with my colleague that has been involved in the IPA
> > roll out, and he said he thought that override_space wasn't compatible
> with
> > ID overrides?
>
> I haven't tested that to be honest. But just using my knowledge of the
> code as a basis, I would say the two should be compatible, especially
> with 1.14.0 where we decoupled the output from how we store users. But
> again, I haven't tested any of this.
>
> >
> > Either way, since we have a working system we are reticent to make too
> many
> > changes - soon we will have a test system in place and I will be able to
> > check it then?
>
> selinux_provider=none should be an easy workaround if you don't use the
> SELinux labels. I still have an item on my todo list to test this
> locally, I think I will get to that this week.
>


For what it's worth, we implemented the override_space=_ option.

This has failed, of course, because we had a user with an _ in their
username, and sssd went looking for test user instead of test_user, which
caused all kinds of issues.

We have gone back to selinux_provider=none

L.


------
The most dangerous phrase in the language is, "We've always done it this
way."

- Grace Hopper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/d224728e/attachment.htm>

From tba at statsbiblioteket.dk  Tue Aug 23 06:24:23 2016
From: tba at statsbiblioteket.dk (Tony Brian Albers)
Date: Tue, 23 Aug 2016 06:24:23 +0000
Subject: [Freeipa-users] can't get sudo to work.
Message-ID: <1471933463.9124.24.camel@statsbiblioteket.dk>

Hi guys,

I've been trying to get sudo to work for our day-to-day admin who have
their own usergroup in IPA called subadmin.

For some reason I can't really get sudo to work, I suspect I am missing
something simple, but I can't really figure out what it is.

This is my config:

# ipa sudorule-find
-------------------
1 Sudo Rule matched
-------------------
  Rule name: All
  Enabled: TRUE
  Host category: all
  Command category: all
  User Groups: subadmin
----------------------------
Number of entries returned 1
----------------------------
#




# ipa group-find subadmin
---------------
1 group matched
---------------
  Group name: subadmin
  Description: For daily administration of users and hosts
  GID: 10003
  Member users: abr-sadm, pmd-sadm, tba-sadm, bja-sadm, alberto-ibm
  Roles: Sub-admins
  Member of Sudo rule: All
----------------------------
Number of entries returned 1
----------------------------
#





And on a client:

# cat /etc/sssd/sssd.conf 
[domain/kac.lokalnet]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = kac.sblokalnet
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = kac-man-001.kac.lokalnet
chpass_provider = ipa
ipa_server = _srv_, kac-adm-001.kac.lokalnet
ldap_tls_cacert = /etc/ipa/ca.crt
autofs_provider = ipa
ipa_automount_location = default
krb5_renewable_lifetime = 50d
krb5_renew_interval = 3600
[sssd]
services = nss, sudo, pam, autofs, ssh
config_file_version = 2

domains = kac.lokalnet
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]






nsswitch.conf:

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  sss files
aliases:    files nisplus
sudoers:    files sss




And for a subadmin account:

-sh-4.2$ sudo -l
[sudo] password for tba-sadm: 
Your password will expire in 6 day(s).
User tba-sadm is not allowed to run sudo on kac-man-001.
-sh-4.2$



Any suggestions?  Help is much appreciated.

TIA

/tony

-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316






From th at casalogic.dk  Tue Aug 23 06:42:42 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 23 Aug 2016 08:42:42 +0200 (CEST)
Subject: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
In-Reply-To: <20160811135646.GX19405@hendrix>
References: <1353600688.431314.1470921070237.JavaMail.zimbra@casalogic.dk>
	<20160811135646.GX19405@hendrix>
Message-ID: <1627612896.858181.1471934562779.JavaMail.zimbra@casalogic.dk>



----- On Aug 11, 2016, at 3:56 PM, Jakub Hrozek jhrozek at redhat.com wrote:

> On Thu, Aug 11, 2016 at 03:11:10PM +0200, Troels Hansen wrote:
>> Hi, we are curretly workig on a larger IPA test project and I have a problems
>> which have been buggin me for some time now:
> 
> Which version?

Most recent in Red Hat 7.

SSSD 1.13.0-40.el7_2.12
IPA 4.2.0-15.el7_2.18

>> 
>> On the client we are have set "full_name_format = %1$s" to have users presented
>> without the AD domain part.
>> However, this seems to make SSSD not lookup a users group membership?
> 
> This only works with sssd-1.14+
> 

But it actually works? The username is presented correctly (without domain part) if set, and the parameter is documented in `man sssd.conf`?
Only group lookup fails.



From Lachlan.Simpson at petermac.org  Tue Aug 23 06:49:50 2016
From: Lachlan.Simpson at petermac.org (Simpson Lachlan)
Date: Tue, 23 Aug 2016 06:49:50 +0000
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1471933463.9124.24.camel@statsbiblioteket.dk>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
Message-ID: <0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>

What version of sssd are you using?

We found that it wouldn't work w sssd<1.14

On the IPA server, it would say "yep rule applies", but then on any particular machine it wouldn't (well, it would - but only intermittently).

There's a COPR repo for Centos7 if you aren't on Fedora/RedHat.

Cheers
L.

-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Tony Brian Albers
Sent: Tuesday, 23 August 2016 4:24 PM
To: freeipa-users at redhat.com
Subject: [Freeipa-users] can't get sudo to work.

Hi guys,

I've been trying to get sudo to work for our day-to-day admin who have their own usergroup in IPA called subadmin.

For some reason I can't really get sudo to work, I suspect I am missing something simple, but I can't really figure out what it is.

This is my config:

# ipa sudorule-find
-------------------
1 Sudo Rule matched
-------------------
  Rule name: All
  Enabled: TRUE
  Host category: all
  Command category: all
  User Groups: subadmin
----------------------------
Number of entries returned 1
----------------------------
#




# ipa group-find subadmin
---------------
1 group matched
---------------
  Group name: subadmin
  Description: For daily administration of users and hosts
  GID: 10003
  Member users: abr-sadm, pmd-sadm, tba-sadm, bja-sadm, alberto-ibm
  Roles: Sub-admins
  Member of Sudo rule: All
----------------------------
Number of entries returned 1
----------------------------
#





And on a client:

# cat /etc/sssd/sssd.conf
[domain/kac.lokalnet]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = kac.sblokalnet
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = kac-man-001.kac.lokalnet
chpass_provider = ipa
ipa_server = _srv_, kac-adm-001.kac.lokalnet ldap_tls_cacert = /etc/ipa/ca.crt autofs_provider = ipa ipa_automount_location = default krb5_renewable_lifetime = 50d krb5_renew_interval = 3600 [sssd] services = nss, sudo, pam, autofs, ssh config_file_version = 2

domains = kac.lokalnet
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]






nsswitch.conf:

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  sss files
aliases:    files nisplus
sudoers:    files sss




And for a subadmin account:

-sh-4.2$ sudo -l
[sudo] password for tba-sadm: 
Your password will expire in 6 day(s).
User tba-sadm is not allowed to run sudo on kac-man-001.
-sh-4.2$



Any suggestions?  Help is much appreciated.

TIA

/tony

--
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.




From mbasti at redhat.com  Tue Aug 23 07:07:53 2016
From: mbasti at redhat.com (Martin Basti)
Date: Tue, 23 Aug 2016 09:07:53 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
 edit/update
In-Reply-To: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
References: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
Message-ID: <113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>



On 23.08.2016 02:08, Matt . wrote:
> Hi Guys,
>
> What is the way to notify or update a Bind slave which is not an IPA server ?
>
> Do I need to manuallu add an also-notify to the /etc/bind.conf on the
> IPA master or is there a different way how to accomplish this ?
>
> I hope this is possible and anyone can explain me how.
>
> Thanks!
>
> Matt
>

Hi,

some info about transfers can be found here:
http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG

Yes you need manually update named.conf with also-notify

Martin



From jhrozek at redhat.com  Tue Aug 23 07:09:25 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 23 Aug 2016 09:09:25 +0200
Subject: [Freeipa-users] Possible bug in SSSD/IPA/AD trust
In-Reply-To: <1627612896.858181.1471934562779.JavaMail.zimbra@casalogic.dk>
References: <1353600688.431314.1470921070237.JavaMail.zimbra@casalogic.dk>
	<20160811135646.GX19405@hendrix>
	<1627612896.858181.1471934562779.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160823070925.vequ7gbpszusgnsa@hendrix>

On Tue, Aug 23, 2016 at 08:42:42AM +0200, Troels Hansen wrote:
> 
> 
> ----- On Aug 11, 2016, at 3:56 PM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
> > On Thu, Aug 11, 2016 at 03:11:10PM +0200, Troels Hansen wrote:
> >> Hi, we are curretly workig on a larger IPA test project and I have a problems
> >> which have been buggin me for some time now:
> > 
> > Which version?
> 
> Most recent in Red Hat 7.
> 
> SSSD 1.13.0-40.el7_2.12
> IPA 4.2.0-15.el7_2.18
> 
> >> 
> >> On the client we are have set "full_name_format = %1$s" to have users presented
> >> without the AD domain part.
> >> However, this seems to make SSSD not lookup a users group membership?
> > 
> > This only works with sssd-1.14+
> > 
> 
> But it actually works?

According to my testing, yes

> The username is presented correctly (without domain part) if set, and the parameter is documented in `man sssd.conf`?

It's been documented in sssd.conf in years, it's the full_name_format.
The "only" issue is that it didn't work prior to 1.14 :-)

> Only group lookup fails.
> 

Shouldn't with 1.14, if it does, it may be a bug.



From tba at statsbiblioteket.dk  Tue Aug 23 07:11:44 2016
From: tba at statsbiblioteket.dk (Tony Brian Albers)
Date: Tue, 23 Aug 2016 07:11:44 +0000
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>
Message-ID: <1471936305.2716.1.camel@statsbiblioteket.dk>

Thanks Simon,

Is this a known issue?  We're on Centos 7.2 and yes, the sssd version is
1.13

/tony

On Tue, 2016-08-23 at 06:49 +0000, Simpson Lachlan wrote:
> What version of sssd are you using?
> 
> We found that it wouldn't work w sssd<1.14
> 
> On the IPA server, it would say "yep rule applies", but then on any particular machine it wouldn't (well, it would - but only intermittently).
> 
> There's a COPR repo for Centos7 if you aren't on Fedora/RedHat.
> 
> Cheers
> L.
> 
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Tony Brian Albers
> Sent: Tuesday, 23 August 2016 4:24 PM
> To: freeipa-users at redhat.com
> Subject: [Freeipa-users] can't get sudo to work.
> 
> Hi guys,
> 
> I've been trying to get sudo to work for our day-to-day admin who have their own usergroup in IPA called subadmin.
> 
> For some reason I can't really get sudo to work, I suspect I am missing something simple, but I can't really figure out what it is.
> 
> This is my config:
> 
> # ipa sudorule-find
> -------------------
> 1 Sudo Rule matched
> -------------------
>   Rule name: All
>   Enabled: TRUE
>   Host category: all
>   Command category: all
>   User Groups: subadmin
> ----------------------------
> Number of entries returned 1
> ----------------------------
> #
> 
> 
> 
> 
> # ipa group-find subadmin
> ---------------
> 1 group matched
> ---------------
>   Group name: subadmin
>   Description: For daily administration of users and hosts
>   GID: 10003
>   Member users: abr-sadm, pmd-sadm, tba-sadm, bja-sadm, alberto-ibm
>   Roles: Sub-admins
>   Member of Sudo rule: All
> ----------------------------
> Number of entries returned 1
> ----------------------------
> #
> 
> 
> 
> 
> 
> And on a client:
> 
> # cat /etc/sssd/sssd.conf
> [domain/kac.lokalnet]
> 
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = kac.sblokalnet
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = kac-man-001.kac.lokalnet
> chpass_provider = ipa
> ipa_server = _srv_, kac-adm-001.kac.lokalnet ldap_tls_cacert = /etc/ipa/ca.crt autofs_provider = ipa ipa_automount_location = default krb5_renewable_lifetime = 50d krb5_renew_interval = 3600 [sssd] services = nss, sudo, pam, autofs, ssh config_file_version = 2
> 
> domains = kac.lokalnet
> [nss]
> homedir_substring = /home
> 
> [pam]
> 
> [sudo]
> 
> [autofs]
> 
> [ssh]
> 
> [pac]
> 
> [ifp]
> 
> 
> 
> 
> 
> 
> nsswitch.conf:
> 
> passwd:     files sss
> shadow:     files sss
> group:      files sss
> #initgroups: files
> 
> #hosts:     db files nisplus nis dns
> hosts:      files dns myhostname
> 
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files     
> 
> bootparams: nisplus [NOTFOUND=return] files
> 
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files sss
> 
> netgroup:   files sss
> 
> publickey:  nisplus
> 
> automount:  sss files
> aliases:    files nisplus
> sudoers:    files sss
> 
> 
> 
> 
> And for a subadmin account:
> 
> -sh-4.2$ sudo -l
> [sudo] password for tba-sadm: 
> Your password will expire in 6 day(s).
> User tba-sadm is not allowed to run sudo on kac-man-001.
> -sh-4.2$
> 
> 
> 
> Any suggestions?  Help is much appreciated.
> 
> TIA
> 
> /tony
> 
> --
> Best regards,
> 
> Tony Albers
> Systems administrator, IT-development
> State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
> Tel: +45 8946 2316
> 
> 
> 
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
> This email (including any attachments or links) may contain 
> confidential and/or legally privileged information and is 
> intended only to be read or used by the addressee.  If you 
> are not the intended addressee, any use, distribution, 
> disclosure or copying of this email is strictly 
> prohibited.  
> Confidentiality and legal privilege attached to this email 
> (including any attachments) are not waived or lost by 
> reason of its mistaken delivery to you.
> If you have received this email in error, please delete it 
> and notify us immediately by telephone or email.  Peter 
> MacCallum Cancer Centre provides no guarantee that this 
> transmission is free of virus or that it has not been 
> intercepted or altered and will not be liable for any delay 
> in its receipt.
> 

-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316






From jhrozek at redhat.com  Tue Aug 23 07:15:44 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 23 Aug 2016 09:15:44 +0200
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1471933463.9124.24.camel@statsbiblioteket.dk>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
Message-ID: <20160823071544.ih36kvkjcayxtlxb@hendrix>

On Tue, Aug 23, 2016 at 06:24:23AM +0000, Tony Brian Albers wrote:
> Hi guys,
> 
> I've been trying to get sudo to work for our day-to-day admin who have
> their own usergroup in IPA called subadmin.
> 
> For some reason I can't really get sudo to work, I suspect I am missing
> something simple, but I can't really figure out what it is.

This might be helpful:
    https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO



From jhrozek at redhat.com  Tue Aug 23 07:17:05 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 23 Aug 2016 09:17:05 +0200
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1471936305.2716.1.camel@statsbiblioteket.dk>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>
	<1471936305.2716.1.camel@statsbiblioteket.dk>
Message-ID: <20160823071705.xzc63inuqymqxzij@hendrix>

On Tue, Aug 23, 2016 at 07:11:44AM +0000, Tony Brian Albers wrote:
> Thanks Simon,
> 
> Is this a known issue?  We're on Centos 7.2 and yes, the sssd version is
> 1.13
> 
> /tony

IIRC Simpson's issue was related to using AD trusts and
default_domain_suffix. I would recommend looking at logs first before
jumping to conclusions.



From ianh at brownpapertickets.com  Tue Aug 23 07:20:08 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Tue, 23 Aug 2016 00:20:08 -0700
Subject: [Freeipa-users] clean-ruv
Message-ID: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>

I've followed the procedure in this thread:

https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html

and found my list of RUV that don't have an existing replica id.

I've tried to remove them like so:

[root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
Enter LDAP Password:
dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
objectclass: top
objectclass: extensibleObject
replica-base-dn: dc=bpt,dc=rocks
replica-id: 97
replica-force-cleaning: yes
cn: clean 97

adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"

[root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
CLEANALLRUV tasks
RID 9: Waiting to process all the updates from the deleted replica...
RID 96: Successfully cleaned rid(96).
RID 97: Successfully cleaned rid(97).

No abort CLEANALLRUV tasks running


and yet, they are still there...

[root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
"cn=Directory Manager" -W -b "o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"
Enter LDAP Password:
nsDS5ReplicaId: 81
nsds50ruv: {replicageneration} 55c8f3ae000000600000
nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
568ac431000000510000 5
nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
57b103d400000429000
nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
57a4f2700000042e000
nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
57a478650000043300
nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
57a4176700000438000
nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
57a403e60000043d0000
nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
57a2dd3500000442000
nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
579a963c00000447000
nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
55c8f3bd000000600000
nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
5685b24e000000560000 5
nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
567ad6180001005b0000 5
nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
55c8f3ce000000610000
nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
56f385eb0007004c0000
nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
57048560000900470000
nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
5733e594000a00420000
nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
574421250000003d0000
nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
57a42390000004ab00

What have I done wrong?

The problem I am trying to solve is that seattlenfs.bpt.rocks sends
updates to all its children, but their changes don't come back because
of these errors:

[23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.

in effect, the replication agreements are one-way.

Any ideas?

- Ian



From lkrispen at redhat.com  Tue Aug 23 08:37:23 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Tue, 23 Aug 2016 10:37:23 +0200
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
Message-ID: <57BC0B43.7070601@redhat.com>

looks like you are searching the nstombstone below "o=ipaca", but you 
are cleaning ruvs in "dc=bpt,dc=rocks",

your attrlist_replace error refers to the bpt,rocks backend, so you 
should search the tombstone entry ther, then determine which replicaIDs 
to remove.

Ludwig

On 08/23/2016 09:20 AM, Ian Harding wrote:
> I've followed the procedure in this thread:
>
> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>
> and found my list of RUV that don't have an existing replica id.
>
> I've tried to remove them like so:
>
> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
> Enter LDAP Password:
> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
> objectclass: top
> objectclass: extensibleObject
> replica-base-dn: dc=bpt,dc=rocks
> replica-id: 97
> replica-force-cleaning: yes
> cn: clean 97
>
> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>
> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
> CLEANALLRUV tasks
> RID 9: Waiting to process all the updates from the deleted replica...
> RID 96: Successfully cleaned rid(96).
> RID 97: Successfully cleaned rid(97).
>
> No abort CLEANALLRUV tasks running
>
>
> and yet, they are still there...
>
> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
> "cn=Directory Manager" -W -b "o=ipaca"
> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
> | grep "nsds50ruv\|nsDS5ReplicaId"
> Enter LDAP Password:
> nsDS5ReplicaId: 81
> nsds50ruv: {replicageneration} 55c8f3ae000000600000
> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
> 568ac431000000510000 5
> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
> 57b103d400000429000
> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
> 57a4f2700000042e000
> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
> 57a478650000043300
> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
> 57a4176700000438000
> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
> 57a403e60000043d0000
> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
> 57a2dd3500000442000
> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
> 579a963c00000447000
> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
> 55c8f3bd000000600000
> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
> 5685b24e000000560000 5
> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
> 567ad6180001005b0000 5
> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
> 55c8f3ce000000610000
> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
> 56f385eb0007004c0000
> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
> 57048560000900470000
> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
> 5733e594000a00420000
> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
> 574421250000003d0000
> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
> 57a42390000004ab00
>
> What have I done wrong?
>
> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
> updates to all its children, but their changes don't come back because
> of these errors:
>
> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>
> in effect, the replication agreements are one-way.
>
> Any ideas?
>
> - Ian
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From tba at statsbiblioteket.dk  Tue Aug 23 09:26:24 2016
From: tba at statsbiblioteket.dk (Tony Brian Albers)
Date: Tue, 23 Aug 2016 09:26:24 +0000
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <20160823071705.xzc63inuqymqxzij@hendrix>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>
	<1471936305.2716.1.camel@statsbiblioteket.dk>
	<20160823071705.xzc63inuqymqxzij@hendrix>
Message-ID: <1471944384.2716.8.camel@statsbiblioteket.dk>

Thanks Jakub,

I've attached a file with the output from looking in the log files
mentioned in the link you gave me.

I'm not sure exactly what is wrong, I don't know how to interpret
messages like: name 'tba-sadm' matched without domain, user is tba
-sadm   (is that good or bad?)

Any advice is appreciated.

/tony


On Tue, 2016-08-23 at 09:17 +0200, Jakub Hrozek wrote:
> On Tue, Aug 23, 2016 at 07:11:44AM +0000, Tony Brian Albers wrote:
> > Thanks Simon,
> > 
> > Is this a known issue?  We're on Centos 7.2 and yes, the sssd version is
> > 1.13
> > 
> > /tony
> 
> IIRC Simpson's issue was related to using AD trusts and
> default_domain_suffix. I would recommend looking at logs first before
> jumping to conclusions.
> 

-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316



-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sud-debug
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/741a8c4c/attachment.ksh>

From ianh at brownpapertickets.com  Tue Aug 23 09:52:42 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Tue, 23 Aug 2016 02:52:42 -0700
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <57BC0B43.7070601@redhat.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
Message-ID: <3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>

Ah.  I see.  I mixed those up but I see that those would have to be
consistent.

However, I have been trying to beat some invalid RUV to death for a long
time and I can't seem to kill them.

For example, bellevuenfs has 9 and 16 which are invalid:

[ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
"cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
| grep "nsds50ruv\|nsDS5ReplicaId"
Enter LDAP Password:
nsDS5ReplicaId: 7
nsds50ruv: {replicageneration} 55c8f364000000040000
nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
568ac3cc000000070000 57
nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
57b10377000200140000
nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
57a47801000100120000
nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
57a403860000000f0000 5
nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
57a2dccd0000000e0000
nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
57a422f9000000110000
nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
57a4f20d000600130000
nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
57a41706000000100000
nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
570484ee000000090000 5


So I try to kill them like so:
[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
ipa: WARNING: session memcached servers not running
Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389

Cleaning the wrong replica ID will cause that server to no
longer replicate so it may miss updates while the process
is running. It would need to be re-initialized to maintain
consistency. Be very careful.
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C
^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force --cleanup
ipa: WARNING: session memcached servers not running
Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389

Cleaning the wrong replica ID will cause that server to no
longer replicate so it may miss updates while the process
is running. It would need to be re-initialized to maintain
consistency. Be very careful.
Background task created to clean replication data. This may take a while.
This may be safely interrupted with Ctrl+C
^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
ipa: WARNING: session memcached servers not running
CLEANALLRUV tasks
RID 16: Waiting to process all the updates from the deleted replica...
RID 9: Waiting to process all the updates from the deleted replica...

No abort CLEANALLRUV tasks running
[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
ipa: WARNING: session memcached servers not running
CLEANALLRUV tasks
RID 16: Waiting to process all the updates from the deleted replica...
RID 9: Waiting to process all the updates from the deleted replica...

and it never finishes.

seattlenfs is the first master, that's the only place I should have to
run this command, right?

I'm about to burn everything down and ipa-server-install --uninstall but
I've done that before a couple times and that seems to be what got me
into this mess...

Thank you for your help.




On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
> looks like you are searching the nstombstone below "o=ipaca", but you
> are cleaning ruvs in "dc=bpt,dc=rocks",
> 
> your attrlist_replace error refers to the bpt,rocks backend, so you
> should search the tombstone entry ther, then determine which replicaIDs
> to remove.
> 
> Ludwig
> 
> On 08/23/2016 09:20 AM, Ian Harding wrote:
>> I've followed the procedure in this thread:
>>
>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>
>> and found my list of RUV that don't have an existing replica id.
>>
>> I've tried to remove them like so:
>>
>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>> Enter LDAP Password:
>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>> objectclass: top
>> objectclass: extensibleObject
>> replica-base-dn: dc=bpt,dc=rocks
>> replica-id: 97
>> replica-force-cleaning: yes
>> cn: clean 97
>>
>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>
>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>> CLEANALLRUV tasks
>> RID 9: Waiting to process all the updates from the deleted replica...
>> RID 96: Successfully cleaned rid(96).
>> RID 97: Successfully cleaned rid(97).
>>
>> No abort CLEANALLRUV tasks running
>>
>>
>> and yet, they are still there...
>>
>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>> "cn=Directory Manager" -W -b "o=ipaca"
>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>
>> | grep "nsds50ruv\|nsDS5ReplicaId"
>> Enter LDAP Password:
>> nsDS5ReplicaId: 81
>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>> 568ac431000000510000 5
>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>> 57b103d400000429000
>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>> 57a4f2700000042e000
>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>> 57a478650000043300
>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>> 57a4176700000438000
>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>> 57a403e60000043d0000
>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>> 57a2dd3500000442000
>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>> 579a963c00000447000
>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>> 55c8f3bd000000600000
>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>> 5685b24e000000560000 5
>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>> 567ad6180001005b0000 5
>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>> 55c8f3ce000000610000
>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>> 56f385eb0007004c0000
>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>> 57048560000900470000
>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>> 5733e594000a00420000
>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>> 574421250000003d0000
>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>> 57a42390000004ab00
>>
>> What have I done wrong?
>>
>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>> updates to all its children, but their changes don't come back because
>> of these errors:
>>
>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>> (nsslapd-referral,
>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>
>> in effect, the replication agreements are one-way.
>>
>> Any ideas?
>>
>> - Ian
>>
> 

-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From pvomacka at redhat.com  Tue Aug 23 09:58:00 2016
From: pvomacka at redhat.com (Pavel Vomacka)
Date: Tue, 23 Aug 2016 11:58:00 +0200
Subject: [Freeipa-users] Unknown Error - error (pop-up) window
In-Reply-To: <51edd444-7d5e-2412-0af0-e86802ea8041@oracle.com>
References: <51edd444-7d5e-2412-0af0-e86802ea8041@oracle.com>
Message-ID: <42767c07-6d16-7142-f0ad-77ecb9356640@redhat.com>



On 08/22/2016 09:46 PM, Zarko Dudic wrote:
> Hi all,
>
> IPA version: ipa-server-4.2.0-15.0.1.el7_2.18.x86_64
> Kernel: 3.8.13-118.10.2.el7uek.x86_64
>
> I start seeing pop-up window titled "Unknown Error" with message 
> "error" and buttons Retry and Cancel. It happens when selecting almost 
> anything on the Web interface, from Identity to IPA Server.
> Certainly changes have been made, like adding identities, adding certs 
> in nssdb, but can't think of anything that can cause such error.
> And when errors happen, no new logs in /var/log/httpd both access and 
> error logs. Also no new logs in /var/log/dirsrv/slapd-REALM/
>
> For starter, can you please suggest any troubleshooting steps and 
> other logs to query.
>
Hello,

You are probably facing this issue: 
https://fedorahosted.org/freeipa/ticket/4821 , pvoborni wrote a comment 
with some situations when this error might be seen. Try to check them ( 
https://fedorahosted.org/freeipa/ticket/4821#comment:3 ).

-- 
Pavel^3 Vomacka



From pbrezina at redhat.com  Tue Aug 23 10:02:04 2016
From: pbrezina at redhat.com (=?UTF-8?B?UGF2ZWwgQsWZZXppbmE=?=)
Date: Tue, 23 Aug 2016 12:02:04 +0200
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1471944384.2716.8.camel@statsbiblioteket.dk>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>	<1471936305.2716.1.camel@statsbiblioteket.dk>	<20160823071705.xzc63inuqymqxzij@hendrix>
	<1471944384.2716.8.camel@statsbiblioteket.dk>
Message-ID: <57BC1F1C.3050202@redhat.com>

On 08/23/2016 11:26 AM, Tony Brian Albers wrote:
> Thanks Jakub,
>
> I've attached a file with the output from looking in the log files
> mentioned in the link you gave me.
>
> I'm not sure exactly what is wrong, I don't know how to interpret
> messages like: name 'tba-sadm' matched without domain, user is tba
> -sadm   (is that good or bad?)
>
> Any advice is appreciated.

Hi,
unfortunately the attached file is empty. Can you resend it? You can 
send it to me privately if you want. I will need both sssd and sudo logs 
(both described in the troubleshooting page).

Thank you.

>
> /tony



From lkrispen at redhat.com  Tue Aug 23 10:14:04 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Tue, 23 Aug 2016 12:14:04 +0200
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
	<3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
Message-ID: <57BC21EC.6080702@redhat.com>


On 08/23/2016 11:52 AM, Ian Harding wrote:
> Ah.  I see.  I mixed those up but I see that those would have to be
> consistent.
>
> However, I have been trying to beat some invalid RUV to death for a long
> time and I can't seem to kill them.
>
> For example, bellevuenfs has 9 and 16 which are invalid:
>
> [ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
> "cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
> | grep "nsds50ruv\|nsDS5ReplicaId"
> Enter LDAP Password:
> nsDS5ReplicaId: 7
> nsds50ruv: {replicageneration} 55c8f364000000040000
> nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
> 568ac3cc000000070000 57
> nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
> 57b10377000200140000
> nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
> 57a47801000100120000
> nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
> 57a403860000000f0000 5
> nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
> 57a2dccd0000000e0000
> nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
> 57a422f9000000110000
> nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
> 57a4f20d000600130000
> nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
> 57a41706000000100000
> nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
> 570484ee000000090000 5
>
>
> So I try to kill them like so:
> [ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
> ipa: WARNING: session memcached servers not running
> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>
> Cleaning the wrong replica ID will cause that server to no
> longer replicate so it may miss updates while the process
> is running. It would need to be re-initialized to maintain
> consistency. Be very careful.
> Background task created to clean replication data. This may take a while.
> This may be safely interrupted with Ctrl+C
> ^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force --cleanup
> ipa: WARNING: session memcached servers not running
> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>
> Cleaning the wrong replica ID will cause that server to no
> longer replicate so it may miss updates while the process
> is running. It would need to be re-initialized to maintain
> consistency. Be very careful.
> Background task created to clean replication data. This may take a while.
> This may be safely interrupted with Ctrl+C
> ^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
> ipa: WARNING: session memcached servers not running
> CLEANALLRUV tasks
> RID 16: Waiting to process all the updates from the deleted replica...
> RID 9: Waiting to process all the updates from the deleted replica...
>
> No abort CLEANALLRUV tasks running
> [ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
> ipa: WARNING: session memcached servers not running
> CLEANALLRUV tasks
> RID 16: Waiting to process all the updates from the deleted replica...
> RID 9: Waiting to process all the updates from the deleted replica...
>
> and it never finishes.
>
> seattlenfs is the first master, that's the only place I should have to
> run this command, right?
right, you need to run it only on one master, but this ease of use can 
become the problem.
The cleanallruv task is propagated to all servers in the topology and it 
does this based on the replication agreements it finds.
A frequent cause of failure is that replication agreements still exist 
pointing to no longer existing servers. It is a bit tedious, but could 
you run the following search on ALL
of your current replicas (as directory manager):

ldapsearch ...... -b "cn=config" "objectclass=nsds5replicationagreement" 
nsds5replicahost

if you find any agreement where nsds5replicahost is a host no longer 
existing or working, delete these agreements.
>
> I'm about to burn everything down and ipa-server-install --uninstall but
> I've done that before a couple times and that seems to be what got me
> into this mess...
>
> Thank you for your help.
>
>
>
>
> On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
>> looks like you are searching the nstombstone below "o=ipaca", but you
>> are cleaning ruvs in "dc=bpt,dc=rocks",
>>
>> your attrlist_replace error refers to the bpt,rocks backend, so you
>> should search the tombstone entry ther, then determine which replicaIDs
>> to remove.
>>
>> Ludwig
>>
>> On 08/23/2016 09:20 AM, Ian Harding wrote:
>>> I've followed the procedure in this thread:
>>>
>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>>
>>> and found my list of RUV that don't have an existing replica id.
>>>
>>> I've tried to remove them like so:
>>>
>>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>>> Enter LDAP Password:
>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>>> objectclass: top
>>> objectclass: extensibleObject
>>> replica-base-dn: dc=bpt,dc=rocks
>>> replica-id: 97
>>> replica-force-cleaning: yes
>>> cn: clean 97
>>>
>>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>>
>>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>>> CLEANALLRUV tasks
>>> RID 9: Waiting to process all the updates from the deleted replica...
>>> RID 96: Successfully cleaned rid(96).
>>> RID 97: Successfully cleaned rid(97).
>>>
>>> No abort CLEANALLRUV tasks running
>>>
>>>
>>> and yet, they are still there...
>>>
>>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>> "cn=Directory Manager" -W -b "o=ipaca"
>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>
>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>> Enter LDAP Password:
>>> nsDS5ReplicaId: 81
>>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>>> 568ac431000000510000 5
>>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>>> 57b103d400000429000
>>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>>> 57a4f2700000042e000
>>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>> 57a478650000043300
>>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>>> 57a4176700000438000
>>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>>> 57a403e60000043d0000
>>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>>> 57a2dd3500000442000
>>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>>> 579a963c00000447000
>>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>>> 55c8f3bd000000600000
>>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>>> 5685b24e000000560000 5
>>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>>> 567ad6180001005b0000 5
>>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>>> 55c8f3ce000000610000
>>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>>> 56f385eb0007004c0000
>>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>>> 57048560000900470000
>>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>> 5733e594000a00420000
>>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>>> 574421250000003d0000
>>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>>> 57a42390000004ab00
>>>
>>> What have I done wrong?
>>>
>>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>>> updates to all its children, but their changes don't come back because
>>> of these errors:
>>>
>>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>>> (nsslapd-referral,
>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>>
>>> in effect, the replication agreements are one-way.
>>>
>>> Any ideas?
>>>
>>> - Ian
>>>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From pspacek at redhat.com  Tue Aug 23 10:25:32 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 23 Aug 2016 12:25:32 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
 edit/update
In-Reply-To: <113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>
References: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
	<113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>
Message-ID: <16d6c6fe-bc3b-60e9-15c2-5b3cde93c32b@redhat.com>

On 23.8.2016 09:07, Martin Basti wrote:
> 
> 
> On 23.08.2016 02:08, Matt . wrote:
>> Hi Guys,
>>
>> What is the way to notify or update a Bind slave which is not an IPA server ?
>>
>> Do I need to manuallu add an also-notify to the /etc/bind.conf on the
>> IPA master or is there a different way how to accomplish this ?
>>
>> I hope this is possible and anyone can explain me how.
>>
>> Thanks!
>>
>> Matt
>>
> 
> Hi,
> 
> some info about transfers can be found here:
> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
> 
> Yes you need manually update named.conf with also-notify

Well, the also-notify might not (always) work, it is not directly supported by
bind-dyndb-ldap.

It should work automatically if you list your slave servers in NS records,
BIND will automatically send notify messages to all servers listed in NS records.

-- 
Petr^2 Spacek



From yamakasi.014 at gmail.com  Tue Aug 23 10:43:20 2016
From: yamakasi.014 at gmail.com (Matt .)
Date: Tue, 23 Aug 2016 12:43:20 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
	edit/update
In-Reply-To: <16d6c6fe-bc3b-60e9-15c2-5b3cde93c32b@redhat.com>
References: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
	<113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>
	<16d6c6fe-bc3b-60e9-15c2-5b3cde93c32b@redhat.com>
Message-ID: <CAPNQp04X9Fit8rDrz4fPaDjd9CtG6L-8QCY8U8oR4ViNKKmGvw@mail.gmail.com>

OK, but what kind of records are you talking about then ?

2016-08-23 12:25 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
> On 23.8.2016 09:07, Martin Basti wrote:
>>
>>
>> On 23.08.2016 02:08, Matt . wrote:
>>> Hi Guys,
>>>
>>> What is the way to notify or update a Bind slave which is not an IPA server ?
>>>
>>> Do I need to manuallu add an also-notify to the /etc/bind.conf on the
>>> IPA master or is there a different way how to accomplish this ?
>>>
>>> I hope this is possible and anyone can explain me how.
>>>
>>> Thanks!
>>>
>>> Matt
>>>
>>
>> Hi,
>>
>> some info about transfers can be found here:
>> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>>
>> Yes you need manually update named.conf with also-notify
>
> Well, the also-notify might not (always) work, it is not directly supported by
> bind-dyndb-ldap.
>
> It should work automatically if you list your slave servers in NS records,
> BIND will automatically send notify messages to all servers listed in NS records.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From pspacek at redhat.com  Tue Aug 23 10:47:37 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 23 Aug 2016 12:47:37 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
 edit/update
In-Reply-To: <CAPNQp04X9Fit8rDrz4fPaDjd9CtG6L-8QCY8U8oR4ViNKKmGvw@mail.gmail.com>
References: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
	<113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>
	<16d6c6fe-bc3b-60e9-15c2-5b3cde93c32b@redhat.com>
	<CAPNQp04X9Fit8rDrz4fPaDjd9CtG6L-8QCY8U8oR4ViNKKmGvw@mail.gmail.com>
Message-ID: <821200d8-662b-b6b8-a4a7-5116581e9a16@redhat.com>

On 23.8.2016 12:43, Matt . wrote:
> OK, but what kind of records are you talking about then ?

I'm not sure what else should I say.

NS records: the ones added by

$ ipa record-add <zone> @ --ns-rec=<FQDN of the DNS server>.
(please note the trailing period)

Does it answer your question?

Petr^2 Spacek

> 
> 2016-08-23 12:25 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>> On 23.8.2016 09:07, Martin Basti wrote:
>>>
>>>
>>> On 23.08.2016 02:08, Matt . wrote:
>>>> Hi Guys,
>>>>
>>>> What is the way to notify or update a Bind slave which is not an IPA server ?
>>>>
>>>> Do I need to manuallu add an also-notify to the /etc/bind.conf on the
>>>> IPA master or is there a different way how to accomplish this ?
>>>>
>>>> I hope this is possible and anyone can explain me how.
>>>>
>>>> Thanks!
>>>>
>>>> Matt
>>>>
>>>
>>> Hi,
>>>
>>> some info about transfers can be found here:
>>> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>>>
>>> Yes you need manually update named.conf with also-notify
>>
>> Well, the also-notify might not (always) work, it is not directly supported by
>> bind-dyndb-ldap.
>>
>> It should work automatically if you list your slave servers in NS records,
>> BIND will automatically send notify messages to all servers listed in NS records.
>>
>> --
>> Petr^2 Spacek



From yamakasi.014 at gmail.com  Tue Aug 23 11:21:35 2016
From: yamakasi.014 at gmail.com (Matt .)
Date: Tue, 23 Aug 2016 13:21:35 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
	edit/update
In-Reply-To: <821200d8-662b-b6b8-a4a7-5116581e9a16@redhat.com>
References: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
	<113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>
	<16d6c6fe-bc3b-60e9-15c2-5b3cde93c32b@redhat.com>
	<CAPNQp04X9Fit8rDrz4fPaDjd9CtG6L-8QCY8U8oR4ViNKKmGvw@mail.gmail.com>
	<821200d8-662b-b6b8-a4a7-5116581e9a16@redhat.com>
Message-ID: <CAPNQp058CWG6OAjsMDaobvobChV-3nqbP0P4BPGJRaHNNNdhTQ@mail.gmail.com>

And then allow the ip of the ipa server for update or tranfser on the slave ?

Because I don't see anything coming in.

2016-08-23 12:47 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
> On 23.8.2016 12:43, Matt . wrote:
>> OK, but what kind of records are you talking about then ?
>
> I'm not sure what else should I say.
>
> NS records: the ones added by
>
> $ ipa record-add <zone> @ --ns-rec=<FQDN of the DNS server>.
> (please note the trailing period)
>
> Does it answer your question?
>
> Petr^2 Spacek
>
>>
>> 2016-08-23 12:25 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>>> On 23.8.2016 09:07, Martin Basti wrote:
>>>>
>>>>
>>>> On 23.08.2016 02:08, Matt . wrote:
>>>>> Hi Guys,
>>>>>
>>>>> What is the way to notify or update a Bind slave which is not an IPA server ?
>>>>>
>>>>> Do I need to manuallu add an also-notify to the /etc/bind.conf on the
>>>>> IPA master or is there a different way how to accomplish this ?
>>>>>
>>>>> I hope this is possible and anyone can explain me how.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Matt
>>>>>
>>>>
>>>> Hi,
>>>>
>>>> some info about transfers can be found here:
>>>> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>>>>
>>>> Yes you need manually update named.conf with also-notify
>>>
>>> Well, the also-notify might not (always) work, it is not directly supported by
>>> bind-dyndb-ldap.
>>>
>>> It should work automatically if you list your slave servers in NS records,
>>> BIND will automatically send notify messages to all servers listed in NS records.
>>>
>>> --
>>> Petr^2 Spacek



From pspacek at redhat.com  Tue Aug 23 11:56:00 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 23 Aug 2016 13:56:00 +0200
Subject: [Freeipa-users] Update NON-ipa Bind slave server from IPA-DNS
 edit/update
In-Reply-To: <CAPNQp058CWG6OAjsMDaobvobChV-3nqbP0P4BPGJRaHNNNdhTQ@mail.gmail.com>
References: <CAPNQp06z0oVB5E3sBSB+pYHXcY=m9huQz06j2U95W_stWuRCzA@mail.gmail.com>
	<113011cc-54a5-c1b3-876d-1bcd82a65877@redhat.com>
	<16d6c6fe-bc3b-60e9-15c2-5b3cde93c32b@redhat.com>
	<CAPNQp04X9Fit8rDrz4fPaDjd9CtG6L-8QCY8U8oR4ViNKKmGvw@mail.gmail.com>
	<821200d8-662b-b6b8-a4a7-5116581e9a16@redhat.com>
	<CAPNQp058CWG6OAjsMDaobvobChV-3nqbP0P4BPGJRaHNNNdhTQ@mail.gmail.com>
Message-ID: <2ceff236-2077-7266-bf9f-1380445912f2@redhat.com>

On 23.8.2016 13:21, Matt . wrote:
> And then allow the ip of the ipa server for update or tranfser on the slave ?
> 
> Because I don't see anything coming in.

The config has two parts:

1. master (IPA DNS)
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-master-dns-zones.html#zone-transfers

2. slave (non-IPA DNS)
http://www.zytrax.com/books/dns/ch4/index.html#slave

You need to configure both sides. Slave will then periodically pull the zone
and re-transfer zone whenever IPA DNS sends a NOTIFY message to the slave.

Log on slave should tell you if it is receiving something or not.

-- 
Petr^2 Spacek


> 
> 2016-08-23 12:47 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>> On 23.8.2016 12:43, Matt . wrote:
>>> OK, but what kind of records are you talking about then ?
>>
>> I'm not sure what else should I say.
>>
>> NS records: the ones added by
>>
>> $ ipa record-add <zone> @ --ns-rec=<FQDN of the DNS server>.
>> (please note the trailing period)
>>
>> Does it answer your question?
>>
>> Petr^2 Spacek
>>
>>>
>>> 2016-08-23 12:25 GMT+02:00 Petr Spacek <pspacek at redhat.com>:
>>>> On 23.8.2016 09:07, Martin Basti wrote:
>>>>>
>>>>>
>>>>> On 23.08.2016 02:08, Matt . wrote:
>>>>>> Hi Guys,
>>>>>>
>>>>>> What is the way to notify or update a Bind slave which is not an IPA server ?
>>>>>>
>>>>>> Do I need to manuallu add an also-notify to the /etc/bind.conf on the
>>>>>> IPA master or is there a different way how to accomplish this ?
>>>>>>
>>>>>> I hope this is possible and anyone can explain me how.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> Matt
>>>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> some info about transfers can be found here:
>>>>> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>>>>>
>>>>> Yes you need manually update named.conf with also-notify
>>>>
>>>> Well, the also-notify might not (always) work, it is not directly supported by
>>>> bind-dyndb-ldap.
>>>>
>>>> It should work automatically if you list your slave servers in NS records,
>>>> BIND will automatically send notify messages to all servers listed in NS records.
>>>>
>>>> --
>>>> Petr^2 Spacek



From pbrezina at redhat.com  Tue Aug 23 11:59:02 2016
From: pbrezina at redhat.com (=?UTF-8?B?UGF2ZWwgQsWZZXppbmE=?=)
Date: Tue, 23 Aug 2016 13:59:02 +0200
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1471953329.2716.15.camel@statsbiblioteket.dk>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>	
	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>	
	<1471936305.2716.1.camel@statsbiblioteket.dk>	
	<20160823071705.xzc63inuqymqxzij@hendrix>	
	<1471944384.2716.8.camel@statsbiblioteket.dk>
	<57BC1F1C.3050202@redhat.com>	
	<1471948074.2716.10.camel@statsbiblioteket.dk>	
	<57BC26F9.2000604@redhat.com>	
	<1471950576.2716.13.camel@statsbiblioteket.dk>	
	<57BC3312.5040608@redhat.com>
	<1471953329.2716.15.camel@statsbiblioteket.dk>
Message-ID: <57BC3A86.2050800@redhat.com>

On 08/23/2016 01:55 PM, Tony Brian Albers wrote:
> Here you are:
>
>
> [root ~]# ldapsearch -Y GSSAPI -b $dc
> '(ou=*)' -s onelevel

> # profile, $domain
> dn: ou=profile,$dc
> objectClass: top
> objectClass: organizationalUnit
> ou: profiles
> ou: profile
>
> # search result
> search: 4
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1


Sudo rules are not downloaded by SSSD because ou=sudoers is missing on 
the IPA server, or it may have incorrect ACL. Does someone from IPA team 
know why?



From jgoddard at emerlyn.com  Tue Aug 23 12:13:27 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Tue, 23 Aug 2016 08:13:27 -0400
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1471933463.9124.24.camel@statsbiblioteket.dk>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
Message-ID: <CA+No-6FghHvPjy5pYZL1B9KG-0VerwBgmZs2ZFfDi5Kp56+2yw@mail.gmail.com>

Not sure if it's related or not but I also reported an instance of similar
behavior of this on Ubuntu 16.0.1

On Tue, Aug 23, 2016 at 2:24 AM, Tony Brian Albers <tba at statsbiblioteket.dk>
wrote:

> Hi guys,
>
> I've been trying to get sudo to work for our day-to-day admin who have
> their own usergroup in IPA called subadmin.
>
> For some reason I can't really get sudo to work, I suspect I am missing
> something simple, but I can't really figure out what it is.
>
> This is my config:
>
> # ipa sudorule-find
> -------------------
> 1 Sudo Rule matched
> -------------------
>   Rule name: All
>   Enabled: TRUE
>   Host category: all
>   Command category: all
>   User Groups: subadmin
> ----------------------------
> Number of entries returned 1
> ----------------------------
> #
>
>
>
>
> # ipa group-find subadmin
> ---------------
> 1 group matched
> ---------------
>   Group name: subadmin
>   Description: For daily administration of users and hosts
>   GID: 10003
>   Member users: abr-sadm, pmd-sadm, tba-sadm, bja-sadm, alberto-ibm
>   Roles: Sub-admins
>   Member of Sudo rule: All
> ----------------------------
> Number of entries returned 1
> ----------------------------
> #
>
>
>
>
>
> And on a client:
>
> # cat /etc/sssd/sssd.conf
> [domain/kac.lokalnet]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = kac.sblokalnet
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = kac-man-001.kac.lokalnet
> chpass_provider = ipa
> ipa_server = _srv_, kac-adm-001.kac.lokalnet
> ldap_tls_cacert = /etc/ipa/ca.crt
> autofs_provider = ipa
> ipa_automount_location = default
> krb5_renewable_lifetime = 50d
> krb5_renew_interval = 3600
> [sssd]
> services = nss, sudo, pam, autofs, ssh
> config_file_version = 2
>
> domains = kac.lokalnet
> [nss]
> homedir_substring = /home
>
> [pam]
>
> [sudo]
>
> [autofs]
>
> [ssh]
>
> [pac]
>
> [ifp]
>
>
>
>
>
>
> nsswitch.conf:
>
> passwd:     files sss
> shadow:     files sss
> group:      files sss
> #initgroups: files
>
> #hosts:     db files nisplus nis dns
> hosts:      files dns myhostname
>
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files
> rpc:        files
> services:   files sss
>
> netgroup:   files sss
>
> publickey:  nisplus
>
> automount:  sss files
> aliases:    files nisplus
> sudoers:    files sss
>
>
>
>
> And for a subadmin account:
>
> -sh-4.2$ sudo -l
> [sudo] password for tba-sadm:
> Your password will expire in 6 day(s).
> User tba-sadm is not allowed to run sudo on kac-man-001.
> -sh-4.2$
>
>
>
> Any suggestions?  Help is much appreciated.
>
> TIA
>
> /tony
>
> --
> Best regards,
>
> Tony Albers
> Systems administrator, IT-development
> State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
> Tel: +45 8946 2316
>
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/98e3a0f8/attachment.htm>

From rakesh.rajasekharan at gmail.com  Tue Aug 23 13:07:04 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Tue, 23 Aug 2016 18:37:04 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
Message-ID: <CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>

I was able to fix that may be temporarily... when i checked the network..
there was another process that was running and consuming a lot of network (
i have no idea who did that. I need to seriously start restricting people
access to this machine )

after killing that perfomance improved drastically

But now, suddenly I started experiencing the same hang.

This time , I gert the following error when checked dmesg

[  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
[ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port 88.
Sending cookies.  Check SNMP counters.
[11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
[11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00

and in /var/log/dirsrv/example-com/errors

[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291138 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291139 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291140 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291141 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291142 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291143 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291144 (rc: 32)
[23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3291145 (rc: 32)
[23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
[23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord: could
not delete change record 3292734 (rc: 51)


Can  i do something about this error.. I treid to restart ipa a couple of
time but that did not help

Thanks
Rakesh

On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com> wrote:

> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
> > I am running my set up on AWS cloud, and entropy is low at around 180 .
> >
> > I plan to increase it bu installing haveged . But, would low entropy by
> any
> > chance cause this issue of intermittent hang .
> > Also, the hang is mostly observed when registering around 20 clients
> > together
>
> Possibly, I'm not sure. If you want to dig into this, I would do this:
> 1. look what process hangs on client (using pstree command or so)
> $ pstree
>
> 2. look to what server and port is the hanging client connected to
> $ lsof -p <PID of the hanging process>
>
> 3. jump to server and see what process is bound to the target port
> $ netstat -pn
>
> 4. see where the process if hanging
> $ strace -p <PID of the hanging process>
>
> I hope it helps.
>
> Petr^2 Spacek
>
> > On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
> > rakesh.rajasekharan at gmail.com> wrote:
> >
> >> yes there seems to be something thats worrying.. I have faced this today
> >> as well.
> >> There are few hosts around 280 odd left and when i try adding them to
> IPA
> >> , the slowness begins..
> >>
> >> all the ipa commands like ipa user-find.. etc becomes very slow in
> >> responding.
> >>
> >> the SYNC_RECV are not many though just around 80-90 and today that was
> >> around 20 only
> >>
> >>
> >> I have for now increased tcp_max_syn_backlog to 5000.
> >> For now the slowness seems to have gone.. but I will do a try adding the
> >> clients again tomorrow and see how it goes
> >>
> >> Thanks
> >> Rakesh
> >>
> >> The issues
> >>
> >> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com>
> wrote:
> >>
> >>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> >>>> Hi
> >>>>
> >>>> I am migrating to freeipa from openldap and have around 4000 clients
> >>>>
> >>>> I had openned a another thread on that, but chose to start a new one
> >>> here
> >>>> as its a separate issue
> >>>>
> >>>> I was able to change the nssslapd-maxdescriptors adding an ldif file
> >>>>
> >>>> cat nsslapd-modify.ldif
> >>>> dn: cn=config
> >>>> changetype: modify
> >>>> replace: nsslapd-maxdescriptors
> >>>> nsslapd-maxdescriptors: 17000
> >>>>
> >>>> and running the ldapmodify command
> >>>>
> >>>> I have now started moving clients running an openldap to Freeipa and
> >>> have
> >>>> today moved close to 2000 clients
> >>>>
> >>>> However, I have noticed that IPA hangs intermittently.
> >>>>
> >>>> running a kinit admin returns the below error
> >>>> kinit: Generic error (see e-text) while getting initial credentials
> >>>>
> >>>> from the /var/log/messages, I see this entry
> >>>>
> >>>>  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
> >>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
> counters.
> >>>
> >>> I would be worried about this message. Maybe kernel/firewall is doing
> >>> something fishy behind your back and blocking some connections or so.
> >>>
> >>> Petr^2 Spacek
> >>>
> >>>
> >>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885
> of
> >>>> user root.
> >>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885
> of
> >>>> user root.
> >>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886
> of
> >>>> user root.
> >>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886
> of
> >>>> user root.
> >>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
> >>> Invoked
> >>>> with creates=None executable=None shell=True args= removes=None
> >>> warn=True
> >>>> chdir=None
> >>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
> >>> GSS
> >>>> failure.  Minor code may provide more information (KDC returned error
> >>>> string: PROCESS_TGS)
> >>>>
> >>>> Could it be possible that its due to the initial load of adding the
> >>> clients
> >>>> or is there something else that I need to take care of.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/e0dbceb9/attachment.htm>

From pspacek at redhat.com  Tue Aug 23 13:11:45 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Tue, 23 Aug 2016 15:11:45 +0200
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
Message-ID: <a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>

On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
> I was able to fix that may be temporarily... when i checked the network..
> there was another process that was running and consuming a lot of network (
> i have no idea who did that. I need to seriously start restricting people
> access to this machine )
> 
> after killing that perfomance improved drastically
> 
> But now, suddenly I started experiencing the same hang.
> 
> This time , I gert the following error when checked dmesg
> 
> [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port 88.
> Sending cookies.  Check SNMP counters.
> [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
> [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00

Okay, this one is serious. The LDAP server crashed.

1. Make sure all your packages are up-to-date.

Please see
http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debugging-crashes
for further instructions how to debug this.

Petr^2 Spacek

> 
> and in /var/log/dirsrv/example-com/errors
> 
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291138 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291139 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291140 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291141 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291142 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291143 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291144 (rc: 32)
> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3291145 (rc: 32)
> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord: could
> not delete change record 3292734 (rc: 51)
> 
> 
> Can  i do something about this error.. I treid to restart ipa a couple of
> time but that did not help
> 
> Thanks
> Rakesh
> 
> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com> wrote:
> 
>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>> I am running my set up on AWS cloud, and entropy is low at around 180 .
>>>
>>> I plan to increase it bu installing haveged . But, would low entropy by
>> any
>>> chance cause this issue of intermittent hang .
>>> Also, the hang is mostly observed when registering around 20 clients
>>> together
>>
>> Possibly, I'm not sure. If you want to dig into this, I would do this:
>> 1. look what process hangs on client (using pstree command or so)
>> $ pstree
>>
>> 2. look to what server and port is the hanging client connected to
>> $ lsof -p <PID of the hanging process>
>>
>> 3. jump to server and see what process is bound to the target port
>> $ netstat -pn
>>
>> 4. see where the process if hanging
>> $ strace -p <PID of the hanging process>
>>
>> I hope it helps.
>>
>> Petr^2 Spacek
>>
>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>>> rakesh.rajasekharan at gmail.com> wrote:
>>>
>>>> yes there seems to be something thats worrying.. I have faced this today
>>>> as well.
>>>> There are few hosts around 280 odd left and when i try adding them to
>> IPA
>>>> , the slowness begins..
>>>>
>>>> all the ipa commands like ipa user-find.. etc becomes very slow in
>>>> responding.
>>>>
>>>> the SYNC_RECV are not many though just around 80-90 and today that was
>>>> around 20 only
>>>>
>>>>
>>>> I have for now increased tcp_max_syn_backlog to 5000.
>>>> For now the slowness seems to have gone.. but I will do a try adding the
>>>> clients again tomorrow and see how it goes
>>>>
>>>> Thanks
>>>> Rakesh
>>>>
>>>> The issues
>>>>
>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com>
>> wrote:
>>>>
>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>>>>> Hi
>>>>>>
>>>>>> I am migrating to freeipa from openldap and have around 4000 clients
>>>>>>
>>>>>> I had openned a another thread on that, but chose to start a new one
>>>>> here
>>>>>> as its a separate issue
>>>>>>
>>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif file
>>>>>>
>>>>>> cat nsslapd-modify.ldif
>>>>>> dn: cn=config
>>>>>> changetype: modify
>>>>>> replace: nsslapd-maxdescriptors
>>>>>> nsslapd-maxdescriptors: 17000
>>>>>>
>>>>>> and running the ldapmodify command
>>>>>>
>>>>>> I have now started moving clients running an openldap to Freeipa and
>>>>> have
>>>>>> today moved close to 2000 clients
>>>>>>
>>>>>> However, I have noticed that IPA hangs intermittently.
>>>>>>
>>>>>> running a kinit admin returns the below error
>>>>>> kinit: Generic error (see e-text) while getting initial credentials
>>>>>>
>>>>>> from the /var/log/messages, I see this entry
>>>>>>
>>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
>>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
>> counters.
>>>>>
>>>>> I would be worried about this message. Maybe kernel/firewall is doing
>>>>> something fishy behind your back and blocking some connections or so.
>>>>>
>>>>> Petr^2 Spacek
>>>>>
>>>>>
>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885
>> of
>>>>>> user root.
>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session 4885
>> of
>>>>>> user root.
>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886
>> of
>>>>>> user root.
>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session 4886
>> of
>>>>>> user root.
>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>>>>> Invoked
>>>>>> with creates=None executable=None shell=True args= removes=None
>>>>> warn=True
>>>>>> chdir=None
>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error: Unspecified
>>>>> GSS
>>>>>> failure.  Minor code may provide more information (KDC returned error
>>>>>> string: PROCESS_TGS)
>>>>>>
>>>>>> Could it be possible that its due to the initial load of adding the
>>>>> clients
>>>>>> or is there something else that I need to take care of.
>>
> 


-- 
Petr Spacek  @  Red Hat



From th at casalogic.dk  Tue Aug 23 13:17:48 2016
From: th at casalogic.dk (Troels Hansen)
Date: Tue, 23 Aug 2016 15:17:48 +0200 (CEST)
Subject: [Freeipa-users] SUDO and group lookup in AD trust
Message-ID: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>

Running RHEL 7.2: 

ipa-client-4.2.0-15.el7_2.18 
sssd-ipa-1.13.0-40.el7_2.12.x86_64 
ipa-server-4.2.0-15.el7_2.18.x86_64 

I have a sudo rule where I try to give sudo access based on a AD group. 

# groups drextrha at net.dr.dk 
drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk 

I'm member of the group domain_users via AD. 

SUDO rule in LDAP: 

# guffe, sudoers, linux.dr.dk 
dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk 
sudoUser: %domain_users 
sudoRunAsGroup: ALL 
objectClass: sudoRole 
objectClass: top 
sudoCommand: /usr/bin/cat /var/log/messages 
sudoRunAsUser: ALL 
sudoHost: ALL 
cn: guffe 


sudo debug log shows: 
<cut> 
Aug 23 14:48:26 sudo[27307] Received 1 rule(s) 
</cut> 

<cut> 
Aug 23 14:48:26 sudo[27307] val[0]=%domain_users 
Aug 23 14:48:26 sudo[27307] -> usergr_matches @ ./match.c:802 
Aug 23 14:48:26 sudo[27307] -> user_in_group @ ./pwutil.c:940 
Aug 23 14:48:26 sudo[27307] -> sudo_get_grlist @ ./pwutil.c:877 
Aug 23 14:48:26 sudo[27307] -> rbfind @ ./redblack.c:273 
Aug 23 14:48:26 sudo[27307] <- rbfind @ ./redblack.c:277 := 0x7ff224cb31d0 
Aug 23 14:48:26 sudo[27307] <- sudo_get_grlist @ ./pwutil.c:930 := 0x7ff224cb3348 
Aug 23 14:48:26 sudo[27307] -> sudo_getgrnam @ ./pwutil.c:719 
Aug 23 14:48:26 sudo[27307] -> rbfind @ ./redblack.c:273 
Aug 23 14:48:26 sudo[27307] <- rbfind @ ./redblack.c:280 := (nil) 
Aug 23 14:48:26 sudo[27307] -> rbinsert @ ./redblack.c:181 
Aug 23 14:48:26 sudo[27307] <- rbinsert @ ./redblack.c:261 := (nil) 
Aug 23 14:48:26 sudo[27307] <- sudo_getgrnam @ ./pwutil.c:745 := (nil) 
Aug 23 14:48:26 sudo[27307] -> sudo_grlist_delref @ ./pwutil.c:816 
Aug 23 14:48:26 sudo[27307] -> sudo_grlist_delref_item @ ./pwutil.c:805 
Aug 23 14:48:26 sudo[27307] <- sudo_grlist_delref_item @ ./pwutil.c:810 
Aug 23 14:48:26 sudo[27307] <- sudo_grlist_delref @ ./pwutil.c:818 
Aug 23 14:48:26 sudo[27307] <- user_in_group @ ./pwutil.c:1010 := false 
Aug 23 14:48:26 sudo[27307] <- usergr_matches @ ./match.c:835 := false 
Aug 23 14:48:26 sudo[27307] <- sudo_sss_filter_sudoUser @ ./sssd.c:683 := false 
</cut> 

Soo, a rule is matched, but I'm not in the group? 



I have tried setting 
use_fully_qualified_names = true 

in sssd.conf, but no luck. The sudo is still denied. 

Am I missing something? 


-- 


Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/004db98b/attachment.htm>

From siology.io at gmail.com  Mon Aug 22 23:34:13 2016
From: siology.io at gmail.com (siology.io)
Date: Tue, 23 Aug 2016 11:34:13 +1200
Subject: [Freeipa-users] private user groups for existing users
Message-ID: <CAL8of0HY37sLYdqjMWhr-t8UREb6RD7zpuAE6dCVeGfsAHUx5Q@mail.gmail.com>

 i've noticed that some of my users (imported from openldap) don't have
personal user groups, but the new ones that i make within freeipa do.

Is there a way of marking the existing accounts such that they get user
groups made for them ? I couldn't seem to see the groups that IPA is making
in the LDAP output so it must be creating them via some other means.

Is there some sort of  'ipa user create-private-group <userA>' command ?

The only work around i have is to make hundreds of fake private groups by
making normal user groups each with one user, which'll clutter the UI up
with pointless groups.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/f8b3160f/attachment.htm>

From realstarhealer at hotmail.com  Tue Aug 23 12:20:38 2016
From: realstarhealer at hotmail.com (realstarhealer)
Date: Tue, 23 Aug 2016 12:20:38 +0000
Subject: [Freeipa-users] ipa-cert-agent,
 Object Signing Cert certificate renewal
In-Reply-To: <57BB19EE.40706@redhat.com>
References: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57B5B7FC.5090004@redhat.com>
	<DB5PR07MB16052BD80C866702A76D84C8D6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57BB0EC2.3000906@redhat.com>
	<DB5PR07MB160589B969822C5A82E112EAD6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>,
	<57BB19EE.40706@redhat.com>
Message-ID: <DB5PR07MB16052529B041DE918413D360D6EB0@DB5PR07MB1605.eurprd07.prod.outlook.com>

Hi Rob,


I was concerned, just because it nowhere clearly stated what ipa-ca-agent / caAdminCert with default serial id #6 is used for and how it affects the system when expired.


So if it is not needed by IPA, I also do not strictly need to recreate a new valid Cert for that.


Is it sure, that it is unnecessarily, can we verify this somehow? Just want to be sure that my 10000+ Hosts will not suddenly stop to authenticate us in the next days, because of this one.


Greeting


Vitali


________________________________
Von: Rob Crittenden <rcritten at redhat.com>
Gesendet: Montag, 22. August 2016 17:27
An: realstarhealer; freeipa-users at redhat.com
Betreff: Re: AW: AW: [Freeipa-users] ipa-cert-agent, Object Signing Cert certificate renewal

realstarhealer wrote:
> Hi,
>
> It seemes I confused you. I just used the CVE Tutorial as a hint on
> generally how to create a new Cert for ipa-ca-agent (for uid admin).
> There is nothing wrong with my IPA RA (ipaCert), as it is monitored via
> certmonger and has been renewed recently.
>
> So returning to my previous question, is it sufficient to replace the
> expired  #6 for uid admin in ldap with my new Cert, i created or is #6
> used in more location than this one?

You'd also need to update the description value.

Why are you concerned about updating this certificate? IPA doesn't use
it in any way AFAIK.

rob

>
> Thanks and Greetings
> Vitali
>
>
> -------- Urspr?ngliche Nachricht --------
> Von: Rob Crittenden <rcritten at redhat.com>
> Datum: 22.08.16 16:40 (GMT+01:00)
> An: realstarhealer <realstarhealer at hotmail.com>, Freeipa-users at redhat.com
> Cc: Jan Cholasta <jcholast at redhat.com>
> Betreff: Re: AW: [Freeipa-users] ipa-cert-agent, Object Signing Cert
> certificate renewal
>
> Please keep responses on the list.
>
> realstarhealer wrote:
>> Hi Rob,
>>
>> setting back the date and restarting did not help, in fact it can't,
>> because certmonger is not tracking these two by default.
>>
>> Regarding the ipa-ca-agent Cert:
>> I followed CVE-2015-5284 slightly to create a new valid ipa-ca-agent
>> certificate.
>
> You re-created the wrong cert. You need the cert with subject 'CN=IPA
> RA,O=<REALM>' The RA agent (original serial # usually 7) and the CA
> Agent (original serial # usually 6) have different purposes.
>
> Were you affected by the CVE? I'm not sure why you'd try to replace it
> in this way.
>
> As for the tracking, you'd do something like this (untested b/c I don't
> have a 4.1 install):
>
> # getcert start-tracking -d /etc/httpd/alias -n ipaCert -p
> /etc/httpd/alias/pwdfile.txt -c dogtag-ipa-ca-renew-agent -C renew_ra_cert
>
>> Via pki cert-find --name 'ipa-ca-agent' I can now see both, the new and
>> the expired.
>> Via freeipa webui I can also See both.
>> Via ldapsearch -D 'cn=Directory Manager' -W -b 'ou=people,o=ipaca' I see
>> uid=admin using the old expired Cert ID.
>>
>> Is it sufficient to ldapmodify the new valid Cert to uid=admin to solve
>> this? As far as I can See,  it is the only place this Cert is used.
>
> The instructions on the wiki at
> https://www.freeipa.org/page/CVE-2015-5284 seem to confuse the RA agent
CVE-2015-5284 - FreeIPA<https://www.freeipa.org/page/CVE-2015-5284>
www.freeipa.org
CVE-2015-5284 Summary. The ipa-kra-install command, which configures KRA for IPA, puts the CA agent certificate and private key to a world readable file, /etc/httpd ...



> with the CA agent. I don't know the details of that CVE but someone
> needs to revisit these docs. I'd prefer some clarity around SUBJECT, it
> will always be CN=IPA RA,<BASE>
>
> Similarly there is no need to update ca-agent.p12 file if the RA agent
> cert is being replaced.
>
> rob
>
>>
>> Greetings
>> Vitali
>>
>>
>> -------- Urspr?ngliche Nachricht --------
>> Von: Rob Crittenden <rcritten at redhat.com>
>> Datum: 18.08.16 15:28 (GMT+01:00)
>> An: realstarhealer <realstarhealer at hotmail.com>, freeipa-users at redhat.com
>> Betreff: Re: [Freeipa-users] ipa-cert-agent, Object Signing Cert
>> certificate renewal
>>
>> realstarhealer wrote:
>>> Hi,
>>>
>>> I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and
>>> noticed some expired certificates recently. Most of them but 2 are
>>> auto-renewing by certmonger as I checked. All of them are self signed.
>>>
>>> "CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by
>>> certmonger, ipa-ca-agent expired some days ago and has not been renewed.
>>> Second one expires soon. No consequences noticed so far.
>>> Can you tell me what they both are for and - if needed - how I should
>>> renew that separately? Preferable with certmonger. An Output how the
>>> tracking config should look like would be nice.
>>
>> The object signing cert can probably be ignored. This was used to sign a
>> jar file used to automatically configure Firefox but that approach
>> doesn't work any more.
>>
>> The agent cert is used by IPA to communicate to dogtag so yeah, that's
>> pretty important.
>>
>> Since it is expired you'd need to go back in time to renew it.
>> Restarting the certmonger process is the simplest method to force it to
>> try to renew.
>>
>> rob
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/ed479202/attachment.htm>

From rcritten at redhat.com  Tue Aug 23 14:10:13 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 23 Aug 2016 10:10:13 -0400
Subject: [Freeipa-users] ipa-cert-agent,
 Object Signing Cert certificate renewal
In-Reply-To: <DB5PR07MB16052529B041DE918413D360D6EB0@DB5PR07MB1605.eurprd07.prod.outlook.com>
References: <DB5PR07MB1605A8A5BDDACAC1D4013528D6140@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57B5B7FC.5090004@redhat.com>
	<DB5PR07MB16052BD80C866702A76D84C8D6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57BB0EC2.3000906@redhat.com>
	<DB5PR07MB160589B969822C5A82E112EAD6E80@DB5PR07MB1605.eurprd07.prod.outlook.com>
	<57BB19EE.40706@redhat.com>
	<DB5PR07MB16052529B041DE918413D360D6EB0@DB5PR07MB1605.eurprd07.prod.outlook.com>
Message-ID: <57BC5945.5060305@redhat.com>

realstarhealer wrote:
> Hi Rob,
>
>
> I was concerned, just because it nowhere clearly stated what
> ipa-ca-agent / caAdminCert with default serial id #6 is used for and how
> it affects the system when expired.

It isn't used at all. This is the admin cert typically used when 
interfacing with the dogtag UI. You are certainly free to renew it but 
it isn't something that IPA typically needs.

> So if it is not needed by IPA, I also do not strictly need to recreate a
> new valid Cert for that.

Right

> Is it sure, that it is unnecessarily, can we verify this somehow? Just
> want to be sure that my 10000+ Hosts will not suddenly stop to
> authenticate us in the next days, because of this one.

There have been some bumps in renewals over the years but never one due 
to this certificate.

rob

>
>
> Greeting
>
>
> Vitali
>
>
>
> ------------------------------------------------------------------------
> *Von:* Rob Crittenden <rcritten at redhat.com>
> *Gesendet:* Montag, 22. August 2016 17:27
> *An:* realstarhealer; freeipa-users at redhat.com
> *Betreff:* Re: AW: AW: [Freeipa-users] ipa-cert-agent, Object Signing
> Cert certificate renewal
> realstarhealer wrote:
>> Hi,
>>
>> It seemes I confused you. I just used the CVE Tutorial as a hint on
>> generally how to create a new Cert for ipa-ca-agent (for uid admin).
>> There is nothing wrong with my IPA RA (ipaCert), as it is monitored via
>> certmonger and has been renewed recently.
>>
>> So returning to my previous question, is it sufficient to replace the
>> expired  #6 for uid admin in ldap with my new Cert, i created or is #6
>> used in more location than this one?
>
> You'd also need to update the description value.
>
> Why are you concerned about updating this certificate? IPA doesn't use
> it in any way AFAIK.
>
> rob
>
>>
>> Thanks and Greetings
>> Vitali
>>
>>
>> -------- Urspr?ngliche Nachricht --------
>> Von: Rob Crittenden <rcritten at redhat.com>
>> Datum: 22.08.16 16:40 (GMT+01:00)
>> An: realstarhealer <realstarhealer at hotmail.com>, Freeipa-users at redhat.com
>> Cc: Jan Cholasta <jcholast at redhat.com>
>> Betreff: Re: AW: [Freeipa-users] ipa-cert-agent, Object Signing Cert
>> certificate renewal
>>
>> Please keep responses on the list.
>>
>> realstarhealer wrote:
>>> Hi Rob,
>>>
>>> setting back the date and restarting did not help, in fact it can't,
>>> because certmonger is not tracking these two by default.
>>>
>>> Regarding the ipa-ca-agent Cert:
>>> I followed CVE-2015-5284 slightly to create a new valid ipa-ca-agent
>>> certificate.
>>
>> You re-created the wrong cert. You need the cert with subject 'CN=IPA
>> RA,O=<REALM>' The RA agent (original serial # usually 7) and the CA
>> Agent (original serial # usually 6) have different purposes.
>>
>> Were you affected by the CVE? I'm not sure why you'd try to replace it
>> in this way.
>>
>> As for the tracking, you'd do something like this (untested b/c I don't
>> have a 4.1 install):
>>
>> # getcert start-tracking -d /etc/httpd/alias -n ipaCert -p
>> /etc/httpd/alias/pwdfile.txt -c dogtag-ipa-ca-renew-agent -C renew_ra_cert
>>
>>> Via pki cert-find --name 'ipa-ca-agent' I can now see both, the new and
>>> the expired.
>>> Via freeipa webui I can also See both.
>>> Via ldapsearch -D 'cn=Directory Manager' -W -b 'ou=people,o=ipaca' I see
>>> uid=admin using the old expired Cert ID.
>>>
>>> Is it sufficient to ldapmodify the new valid Cert to uid=admin to solve
>>> this? As far as I can See,  it is the only place this Cert is used.
>>
>> The instructions on the wiki at
>>https://www.freeipa.org/page/CVE-2015-5284 seem to confuse the RA agent
> CVE-2015-5284 - FreeIPA <https://www.freeipa.org/page/CVE-2015-5284>
> www.freeipa.org
> CVE-2015-5284 Summary. The ipa-kra-install command, which configures KRA
> for IPA, puts the CA agent certificate and private key to a world
> readable file, /etc/httpd ...
>
>
>
>> with the CA agent. I don't know the details of that CVE but someone
>> needs to revisit these docs. I'd prefer some clarity around SUBJECT, it
>> will always be CN=IPA RA,<BASE>
>>
>> Similarly there is no need to update ca-agent.p12 file if the RA agent
>> cert is being replaced.
>>
>> rob
>>
>>>
>>> Greetings
>>> Vitali
>>>
>>>
>>> -------- Urspr?ngliche Nachricht --------
>>> Von: Rob Crittenden <rcritten at redhat.com>
>>> Datum: 18.08.16 15:28 (GMT+01:00)
>>> An: realstarhealer <realstarhealer at hotmail.com>, freeipa-users at redhat.com
>>> Betreff: Re: [Freeipa-users] ipa-cert-agent, Object Signing Cert
>>> certificate renewal
>>>
>>> realstarhealer wrote:
>>>> Hi,
>>>>
>>>> I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and
>>>> noticed some expired certificates recently. Most of them but 2 are
>>>> auto-renewing by certmonger as I checked. All of them are self signed.
>>>>
>>>> "CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by
>>>> certmonger, ipa-ca-agent expired some days ago and has not been renewed.
>>>> Second one expires soon. No consequences noticed so far.
>>>> Can you tell me what they both are for and - if needed - how I should
>>>> renew that separately? Preferable with certmonger. An Output how the
>>>> tracking config should look like would be nice.
>>>
>>> The object signing cert can probably be ignored. This was used to sign a
>>> jar file used to automatically configure Firefox but that approach
>>> doesn't work any more.
>>>
>>> The agent cert is used by IPA to communicate to dogtag so yeah, that's
>>> pretty important.
>>>
>>> Since it is expired you'd need to go back in time to renew it.
>>> Restarting the certmonger process is the simplest method to force it to
>>> try to renew.
>>>
>>> rob
>>
>



From rcritten at redhat.com  Tue Aug 23 14:13:01 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 23 Aug 2016 10:13:01 -0400
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <57BC3A86.2050800@redhat.com>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>
	<1471936305.2716.1.camel@statsbiblioteket.dk>
	<20160823071705.xzc63inuqymqxzij@hendrix>
	<1471944384.2716.8.camel@statsbiblioteket.dk>
	<57BC1F1C.3050202@redhat.com>
	<1471948074.2716.10.camel@statsbiblioteket.dk>
	<57BC26F9.2000604@redhat.com>
	<1471950576.2716.13.camel@statsbiblioteket.dk>
	<57BC3312.5040608@redhat.com>
	<1471953329.2716.15.camel@statsbiblioteket.dk>
	<57BC3A86.2050800@redhat.com>
Message-ID: <57BC59ED.7040604@redhat.com>

Pavel B?ezina wrote:
> On 08/23/2016 01:55 PM, Tony Brian Albers wrote:
>> Here you are:
>>
>>
>> [root ~]# ldapsearch -Y GSSAPI -b $dc
>> '(ou=*)' -s onelevel
>
>> # profile, $domain
>> dn: ou=profile,$dc
>> objectClass: top
>> objectClass: organizationalUnit
>> ou: profiles
>> ou: profile
>>
>> # search result
>> search: 4
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>
>
> Sudo rules are not downloaded by SSSD because ou=sudoers is missing on
> the IPA server, or it may have incorrect ACL. Does someone from IPA team
> know why?

Perhaps the compat tree is disabled:

$ ipa-compat-manage status

rob




From rcritten at redhat.com  Tue Aug 23 14:20:32 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 23 Aug 2016 10:20:32 -0400
Subject: [Freeipa-users] private user groups for existing users
In-Reply-To: <CAL8of0HY37sLYdqjMWhr-t8UREb6RD7zpuAE6dCVeGfsAHUx5Q@mail.gmail.com>
References: <CAL8of0HY37sLYdqjMWhr-t8UREb6RD7zpuAE6dCVeGfsAHUx5Q@mail.gmail.com>
Message-ID: <57BC5BB0.7090009@redhat.com>

siology.io wrote:
>   i've noticed that some of my users (imported from openldap) don't have
> personal user groups, but the new ones that i make within freeipa do.
>
> Is there a way of marking the existing accounts such that they get user
> groups made for them ? I couldn't seem to see the groups that IPA is
> making in the LDAP output so it must be creating them via some other means.
>
> Is there some sort of  'ipa user create-private-group <userA>' command ?
>
> The only work around i have is to make hundreds of fake private groups
> by making normal user groups each with one user, which'll clutter the UI
> up with pointless groups.

Yeah, there is a ticket open to allow UPG creation in migration but as 
you see, it isn't done yet.

There is no documented way to do it but it should be possible with 
ldapmodify. I forget the exact ordering but I'd probably do the group 
first, then the user. In theory you can convert a group to be managed by 
adding:

objectclass: mepmanagedentry
mepmanagedby: uid=<user>,cn=users,cn=accounts,$SUFFIX

And removing:

objectclass: groupofnames
objectclass: nestedgroup

You also need to update the user with:

objectclass: meporiginentry
mepmanagedentry: cn=<user>,cn=groups,cn=accounts,$SUFFIX

Just don't do this with any groups that have members.

Definitely worth experimenting on a non-production installation.

rob



From rcritten at redhat.com  Tue Aug 23 14:21:47 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 23 Aug 2016 10:21:47 -0400
Subject: [Freeipa-users] IPA Error 4301: CertificateOperationError
In-Reply-To: <20160823002359.GB3877@dhcp-40-8.bne.redhat.com>
References: <BN6PR12MB1169B9518CF5728C96167DB2C8E80@BN6PR12MB1169.namprd12.prod.outlook.com>
	<20160823002359.GB3877@dhcp-40-8.bne.redhat.com>
Message-ID: <57BC5BFB.7080307@redhat.com>

Fraser Tweedale wrote:
> On Mon, Aug 22, 2016 at 11:52:46PM +0000, Z D wrote:
>> Hello,
>>
>> There is the error on ver 4.2 while viewing certs: "IPA Error
>> 4301: CertificateOperationError", next it read " Certificate
>> operation cannot be completed: Unable to communicate with CMS
>> ([Errno 113] No route to host)".
>>
>> I suspect you'll be asking for below two commands, here are results.
>>
>> # ipa cert-show 1
>>    Certificate: MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1VUy5P
>> ..shortened ...
>> H6S7tS4pT9w77K8=
>>    Subject: CN=Certificate Authority,O=COMP.COM
>>    Issuer: CN=Certificate Authority,O=COMP.COM
>>    Not Before: Wed Aug 17 17:20:41 2016 UTC
>>    Not After: Sun Aug 17 17:20:41 2036 UTC
>>    Fingerprint (MD5): 00:a5:2c:2d:ea:c8:27:33:62:35:75:53:12:6a:0d:c1
>>    Fingerprint (SHA1): d1:58:78:83:31:b8:ad:ae:af:2c:e7:05:44:67:6e:3a:37:8c:00:1a
>>    Serial number (hex): 0x1
>>    Serial number: 1
>>
>> # ipactl restart
>> Restarting Directory Service
>> Restarting krb5kdc Service
>> Restarting kadmin Service
>> Restarting named Service
>> Restarting ipa_memcached Service
>> Restarting httpd Service
>> Restarting ipa-otpd Service
>> Restarting ipa-dnskeysyncd Service
>> ipa: INFO: The ipactl command was successful
>>
>> Any help is appreciated, thanks
>> Zarko
>>
>
> "while viewing certs" -> do you mean in the IPA Web UI?
>
> The successful `cert-show' command indicates that the CA is up and
> running, but the error message indicates that the host running the
> failing action cannot contact the CA.  You should check DNS and
> firewall settings as a first step.

If a request for a certificate operation comes into an IPA master that 
isn't running a CA the request is sent to one that does. It sure seems 
like that is happening in this case and the chosen CA isn't available.

rob



From rakesh.rajasekharan at gmail.com  Tue Aug 23 15:32:54 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Tue, 23 Aug 2016 21:02:54 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
Message-ID: <CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>

My disk was getting filled too fast

logs under /var/log/dirsrv was coming around 5 gb quickly filling up

Is there a way to make the logging less verbose



On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com> wrote:

> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
> > I was able to fix that may be temporarily... when i checked the network..
> > there was another process that was running and consuming a lot of
> network (
> > i have no idea who did that. I need to seriously start restricting people
> > access to this machine )
> >
> > after killing that perfomance improved drastically
> >
> > But now, suddenly I started experiencing the same hang.
> >
> > This time , I gert the following error when checked dmesg
> >
> > [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
> > 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
> > [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port 88.
> > Sending cookies.  Check SNMP counters.
> > [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
> > 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
> > [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
> > 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>
> Okay, this one is serious. The LDAP server crashed.
>
> 1. Make sure all your packages are up-to-date.
>
> Please see
> http://directory.fedoraproject.org/docs/389ds/
> FAQ/faq.html#debugging-crashes
> for further instructions how to debug this.
>
> Petr^2 Spacek
>
> >
> > and in /var/log/dirsrv/example-com/errors
> >
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291138 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291139 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291140 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291141 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291142 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291143 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291144 (rc: 32)
> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3291145 (rc: 32)
> > [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
> > [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord: could
> > not delete change record 3292734 (rc: 51)
> >
> >
> > Can  i do something about this error.. I treid to restart ipa a couple of
> > time but that did not help
> >
> > Thanks
> > Rakesh
> >
> > On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com> wrote:
> >
> >> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
> >>> I am running my set up on AWS cloud, and entropy is low at around 180 .
> >>>
> >>> I plan to increase it bu installing haveged . But, would low entropy by
> >> any
> >>> chance cause this issue of intermittent hang .
> >>> Also, the hang is mostly observed when registering around 20 clients
> >>> together
> >>
> >> Possibly, I'm not sure. If you want to dig into this, I would do this:
> >> 1. look what process hangs on client (using pstree command or so)
> >> $ pstree
> >>
> >> 2. look to what server and port is the hanging client connected to
> >> $ lsof -p <PID of the hanging process>
> >>
> >> 3. jump to server and see what process is bound to the target port
> >> $ netstat -pn
> >>
> >> 4. see where the process if hanging
> >> $ strace -p <PID of the hanging process>
> >>
> >> I hope it helps.
> >>
> >> Petr^2 Spacek
> >>
> >>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
> >>> rakesh.rajasekharan at gmail.com> wrote:
> >>>
> >>>> yes there seems to be something thats worrying.. I have faced this
> today
> >>>> as well.
> >>>> There are few hosts around 280 odd left and when i try adding them to
> >> IPA
> >>>> , the slowness begins..
> >>>>
> >>>> all the ipa commands like ipa user-find.. etc becomes very slow in
> >>>> responding.
> >>>>
> >>>> the SYNC_RECV are not many though just around 80-90 and today that was
> >>>> around 20 only
> >>>>
> >>>>
> >>>> I have for now increased tcp_max_syn_backlog to 5000.
> >>>> For now the slowness seems to have gone.. but I will do a try adding
> the
> >>>> clients again tomorrow and see how it goes
> >>>>
> >>>> Thanks
> >>>> Rakesh
> >>>>
> >>>> The issues
> >>>>
> >>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com>
> >> wrote:
> >>>>
> >>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> >>>>>> Hi
> >>>>>>
> >>>>>> I am migrating to freeipa from openldap and have around 4000 clients
> >>>>>>
> >>>>>> I had openned a another thread on that, but chose to start a new one
> >>>>> here
> >>>>>> as its a separate issue
> >>>>>>
> >>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif file
> >>>>>>
> >>>>>> cat nsslapd-modify.ldif
> >>>>>> dn: cn=config
> >>>>>> changetype: modify
> >>>>>> replace: nsslapd-maxdescriptors
> >>>>>> nsslapd-maxdescriptors: 17000
> >>>>>>
> >>>>>> and running the ldapmodify command
> >>>>>>
> >>>>>> I have now started moving clients running an openldap to Freeipa and
> >>>>> have
> >>>>>> today moved close to 2000 clients
> >>>>>>
> >>>>>> However, I have noticed that IPA hangs intermittently.
> >>>>>>
> >>>>>> running a kinit admin returns the below error
> >>>>>> kinit: Generic error (see e-text) while getting initial credentials
> >>>>>>
> >>>>>> from the /var/log/messages, I see this entry
> >>>>>>
> >>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
> >>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
> >> counters.
> >>>>>
> >>>>> I would be worried about this message. Maybe kernel/firewall is doing
> >>>>> something fishy behind your back and blocking some connections or so.
> >>>>>
> >>>>> Petr^2 Spacek
> >>>>>
> >>>>>
> >>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session 4885
> >> of
> >>>>>> user root.
> >>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session
> 4885
> >> of
> >>>>>> user root.
> >>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session 4886
> >> of
> >>>>>> user root.
> >>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session
> 4886
> >> of
> >>>>>> user root.
> >>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
> >>>>> Invoked
> >>>>>> with creates=None executable=None shell=True args= removes=None
> >>>>> warn=True
> >>>>>> chdir=None
> >>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
> Unspecified
> >>>>> GSS
> >>>>>> failure.  Minor code may provide more information (KDC returned
> error
> >>>>>> string: PROCESS_TGS)
> >>>>>>
> >>>>>> Could it be possible that its due to the initial load of adding the
> >>>>> clients
> >>>>>> or is there something else that I need to take care of.
> >>
> >
>
>
> --
> Petr Spacek  @  Red Hat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/121c1ed8/attachment.htm>

From APtashnik at cccis.com  Tue Aug 23 15:53:48 2016
From: APtashnik at cccis.com (Andrey Ptashnik)
Date: Tue, 23 Aug 2016 15:53:48 +0000
Subject: [Freeipa-users] IPA to IPA trust
Message-ID: <2EE95C41-1586-4D55-8318-B87408AC1D32@cccis.com>

Hello IPA team,

Is there a way to implement IPA to IPA trust between different domains?
We are thinking of using more than one domain, however we will need users to cross login from one domain to another.

Regards,
Andrey



From rakesh.rajasekharan at gmail.com  Tue Aug 23 16:31:32 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Tue, 23 Aug 2016 22:01:32 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
Message-ID: <CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>

i changed the loggin level to 4 . Modifying nsslapd-accesslog-level

But, the hang is still there. though I dont see the sigfault now




On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
rakesh.rajasekharan at gmail.com> wrote:

> My disk was getting filled too fast
>
> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
>
> Is there a way to make the logging less verbose
>
>
>
> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com> wrote:
>
>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>> > I was able to fix that may be temporarily... when i checked the
>> network..
>> > there was another process that was running and consuming a lot of
>> network (
>> > i have no idea who did that. I need to seriously start restricting
>> people
>> > access to this machine )
>> >
>> > after killing that perfomance improved drastically
>> >
>> > But now, suddenly I started experiencing the same hang.
>> >
>> > This time , I gert the following error when checked dmesg
>> >
>> > [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
>> > 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>> > [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port 88.
>> > Sending cookies.  Check SNMP counters.
>> > [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
>> > 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>> > [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
>> > 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>>
>> Okay, this one is serious. The LDAP server crashed.
>>
>> 1. Make sure all your packages are up-to-date.
>>
>> Please see
>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#
>> debugging-crashes
>> for further instructions how to debug this.
>>
>> Petr^2 Spacek
>>
>> >
>> > and in /var/log/dirsrv/example-com/errors
>> >
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291138 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291139 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291140 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291141 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291142 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291143 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291144 (rc: 32)
>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3291145 (rc: 32)
>> > [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>> > [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord:
>> could
>> > not delete change record 3292734 (rc: 51)
>> >
>> >
>> > Can  i do something about this error.. I treid to restart ipa a couple
>> of
>> > time but that did not help
>> >
>> > Thanks
>> > Rakesh
>> >
>> > On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
>> wrote:
>> >
>> >> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>> >>> I am running my set up on AWS cloud, and entropy is low at around 180
>> .
>> >>>
>> >>> I plan to increase it bu installing haveged . But, would low entropy
>> by
>> >> any
>> >>> chance cause this issue of intermittent hang .
>> >>> Also, the hang is mostly observed when registering around 20 clients
>> >>> together
>> >>
>> >> Possibly, I'm not sure. If you want to dig into this, I would do this:
>> >> 1. look what process hangs on client (using pstree command or so)
>> >> $ pstree
>> >>
>> >> 2. look to what server and port is the hanging client connected to
>> >> $ lsof -p <PID of the hanging process>
>> >>
>> >> 3. jump to server and see what process is bound to the target port
>> >> $ netstat -pn
>> >>
>> >> 4. see where the process if hanging
>> >> $ strace -p <PID of the hanging process>
>> >>
>> >> I hope it helps.
>> >>
>> >> Petr^2 Spacek
>> >>
>> >>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>> >>> rakesh.rajasekharan at gmail.com> wrote:
>> >>>
>> >>>> yes there seems to be something thats worrying.. I have faced this
>> today
>> >>>> as well.
>> >>>> There are few hosts around 280 odd left and when i try adding them to
>> >> IPA
>> >>>> , the slowness begins..
>> >>>>
>> >>>> all the ipa commands like ipa user-find.. etc becomes very slow in
>> >>>> responding.
>> >>>>
>> >>>> the SYNC_RECV are not many though just around 80-90 and today that
>> was
>> >>>> around 20 only
>> >>>>
>> >>>>
>> >>>> I have for now increased tcp_max_syn_backlog to 5000.
>> >>>> For now the slowness seems to have gone.. but I will do a try adding
>> the
>> >>>> clients again tomorrow and see how it goes
>> >>>>
>> >>>> Thanks
>> >>>> Rakesh
>> >>>>
>> >>>> The issues
>> >>>>
>> >>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com>
>> >> wrote:
>> >>>>
>> >>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>> >>>>>> Hi
>> >>>>>>
>> >>>>>> I am migrating to freeipa from openldap and have around 4000
>> clients
>> >>>>>>
>> >>>>>> I had openned a another thread on that, but chose to start a new
>> one
>> >>>>> here
>> >>>>>> as its a separate issue
>> >>>>>>
>> >>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif
>> file
>> >>>>>>
>> >>>>>> cat nsslapd-modify.ldif
>> >>>>>> dn: cn=config
>> >>>>>> changetype: modify
>> >>>>>> replace: nsslapd-maxdescriptors
>> >>>>>> nsslapd-maxdescriptors: 17000
>> >>>>>>
>> >>>>>> and running the ldapmodify command
>> >>>>>>
>> >>>>>> I have now started moving clients running an openldap to Freeipa
>> and
>> >>>>> have
>> >>>>>> today moved close to 2000 clients
>> >>>>>>
>> >>>>>> However, I have noticed that IPA hangs intermittently.
>> >>>>>>
>> >>>>>> running a kinit admin returns the below error
>> >>>>>> kinit: Generic error (see e-text) while getting initial credentials
>> >>>>>>
>> >>>>>> from the /var/log/messages, I see this entry
>> >>>>>>
>> >>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP: request_sock_TCP:
>> >>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
>> >> counters.
>> >>>>>
>> >>>>> I would be worried about this message. Maybe kernel/firewall is
>> doing
>> >>>>> something fishy behind your back and blocking some connections or
>> so.
>> >>>>>
>> >>>>> Petr^2 Spacek
>> >>>>>
>> >>>>>
>> >>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session
>> 4885
>> >> of
>> >>>>>> user root.
>> >>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session
>> 4885
>> >> of
>> >>>>>> user root.
>> >>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session
>> 4886
>> >> of
>> >>>>>> user root.
>> >>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session
>> 4886
>> >> of
>> >>>>>> user root.
>> >>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>> >>>>> Invoked
>> >>>>>> with creates=None executable=None shell=True args= removes=None
>> >>>>> warn=True
>> >>>>>> chdir=None
>> >>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>> Unspecified
>> >>>>> GSS
>> >>>>>> failure.  Minor code may provide more information (KDC returned
>> error
>> >>>>>> string: PROCESS_TGS)
>> >>>>>>
>> >>>>>> Could it be possible that its due to the initial load of adding the
>> >>>>> clients
>> >>>>>> or is there something else that I need to take care of.
>> >>
>> >
>>
>>
>> --
>> Petr Spacek  @  Red Hat
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/361a40f9/attachment.htm>

From rakesh.rajasekharan at gmail.com  Tue Aug 23 16:44:01 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Tue, 23 Aug 2016 22:14:01 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
Message-ID: <CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>

I think thers something seriously wrong with my system

not able to run any  IPA commands

klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin at XYZ.COM

Valid starting       Expires              Service principal
2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/XYZ.COM at XYZ.COM


[root at prod-ipa-master-1a :~] ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful



[root at prod-ipa-master :~] ipa user-find p-testuser
ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may
provide more information', 851968)/("Cannot contact any KDC for realm '
XYZ.COM'", -1765328228)



Thanks

Rakesh

On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
rakesh.rajasekharan at gmail.com> wrote:

> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
>
> But, the hang is still there. though I dont see the sigfault now
>
>
>
>
> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
> rakesh.rajasekharan at gmail.com> wrote:
>
>> My disk was getting filled too fast
>>
>> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
>>
>> Is there a way to make the logging less verbose
>>
>>
>>
>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com> wrote:
>>
>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>>> > I was able to fix that may be temporarily... when i checked the
>>> network..
>>> > there was another process that was running and consuming a lot of
>>> network (
>>> > i have no idea who did that. I need to seriously start restricting
>>> people
>>> > access to this machine )
>>> >
>>> > after killing that perfomance improved drastically
>>> >
>>> > But now, suddenly I started experiencing the same hang.
>>> >
>>> > This time , I gert the following error when checked dmesg
>>> >
>>> > [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
>>> > 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>>> > [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port 88.
>>> > Sending cookies.  Check SNMP counters.
>>> > [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
>>> > 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>>> > [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
>>> > 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>>>
>>> Okay, this one is serious. The LDAP server crashed.
>>>
>>> 1. Make sure all your packages are up-to-date.
>>>
>>> Please see
>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>>> ebugging-crashes
>>> for further instructions how to debug this.
>>>
>>> Petr^2 Spacek
>>>
>>> >
>>> > and in /var/log/dirsrv/example-com/errors
>>> >
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291138 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291139 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291140 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291141 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291142 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291143 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291144 (rc: 32)
>>> > [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3291145 (rc: 32)
>>> > [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>>> > [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord:
>>> could
>>> > not delete change record 3292734 (rc: 51)
>>> >
>>> >
>>> > Can  i do something about this error.. I treid to restart ipa a couple
>>> of
>>> > time but that did not help
>>> >
>>> > Thanks
>>> > Rakesh
>>> >
>>> > On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
>>> wrote:
>>> >
>>> >> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>> >>> I am running my set up on AWS cloud, and entropy is low at around
>>> 180 .
>>> >>>
>>> >>> I plan to increase it bu installing haveged . But, would low entropy
>>> by
>>> >> any
>>> >>> chance cause this issue of intermittent hang .
>>> >>> Also, the hang is mostly observed when registering around 20 clients
>>> >>> together
>>> >>
>>> >> Possibly, I'm not sure. If you want to dig into this, I would do this:
>>> >> 1. look what process hangs on client (using pstree command or so)
>>> >> $ pstree
>>> >>
>>> >> 2. look to what server and port is the hanging client connected to
>>> >> $ lsof -p <PID of the hanging process>
>>> >>
>>> >> 3. jump to server and see what process is bound to the target port
>>> >> $ netstat -pn
>>> >>
>>> >> 4. see where the process if hanging
>>> >> $ strace -p <PID of the hanging process>
>>> >>
>>> >> I hope it helps.
>>> >>
>>> >> Petr^2 Spacek
>>> >>
>>> >>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>>> >>> rakesh.rajasekharan at gmail.com> wrote:
>>> >>>
>>> >>>> yes there seems to be something thats worrying.. I have faced this
>>> today
>>> >>>> as well.
>>> >>>> There are few hosts around 280 odd left and when i try adding them
>>> to
>>> >> IPA
>>> >>>> , the slowness begins..
>>> >>>>
>>> >>>> all the ipa commands like ipa user-find.. etc becomes very slow in
>>> >>>> responding.
>>> >>>>
>>> >>>> the SYNC_RECV are not many though just around 80-90 and today that
>>> was
>>> >>>> around 20 only
>>> >>>>
>>> >>>>
>>> >>>> I have for now increased tcp_max_syn_backlog to 5000.
>>> >>>> For now the slowness seems to have gone.. but I will do a try
>>> adding the
>>> >>>> clients again tomorrow and see how it goes
>>> >>>>
>>> >>>> Thanks
>>> >>>> Rakesh
>>> >>>>
>>> >>>> The issues
>>> >>>>
>>> >>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com>
>>> >> wrote:
>>> >>>>
>>> >>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>> >>>>>> Hi
>>> >>>>>>
>>> >>>>>> I am migrating to freeipa from openldap and have around 4000
>>> clients
>>> >>>>>>
>>> >>>>>> I had openned a another thread on that, but chose to start a new
>>> one
>>> >>>>> here
>>> >>>>>> as its a separate issue
>>> >>>>>>
>>> >>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif
>>> file
>>> >>>>>>
>>> >>>>>> cat nsslapd-modify.ldif
>>> >>>>>> dn: cn=config
>>> >>>>>> changetype: modify
>>> >>>>>> replace: nsslapd-maxdescriptors
>>> >>>>>> nsslapd-maxdescriptors: 17000
>>> >>>>>>
>>> >>>>>> and running the ldapmodify command
>>> >>>>>>
>>> >>>>>> I have now started moving clients running an openldap to Freeipa
>>> and
>>> >>>>> have
>>> >>>>>> today moved close to 2000 clients
>>> >>>>>>
>>> >>>>>> However, I have noticed that IPA hangs intermittently.
>>> >>>>>>
>>> >>>>>> running a kinit admin returns the below error
>>> >>>>>> kinit: Generic error (see e-text) while getting initial
>>> credentials
>>> >>>>>>
>>> >>>>>> from the /var/log/messages, I see this entry
>>> >>>>>>
>>> >>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP:
>>> request_sock_TCP:
>>> >>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
>>> >> counters.
>>> >>>>>
>>> >>>>> I would be worried about this message. Maybe kernel/firewall is
>>> doing
>>> >>>>> something fishy behind your back and blocking some connections or
>>> so.
>>> >>>>>
>>> >>>>> Petr^2 Spacek
>>> >>>>>
>>> >>>>>
>>> >>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session
>>> 4885
>>> >> of
>>> >>>>>> user root.
>>> >>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session
>>> 4885
>>> >> of
>>> >>>>>> user root.
>>> >>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session
>>> 4886
>>> >> of
>>> >>>>>> user root.
>>> >>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session
>>> 4886
>>> >> of
>>> >>>>>> user root.
>>> >>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>>> >>>>> Invoked
>>> >>>>>> with creates=None executable=None shell=True args= removes=None
>>> >>>>> warn=True
>>> >>>>>> chdir=None
>>> >>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>>> Unspecified
>>> >>>>> GSS
>>> >>>>>> failure.  Minor code may provide more information (KDC returned
>>> error
>>> >>>>>> string: PROCESS_TGS)
>>> >>>>>>
>>> >>>>>> Could it be possible that its due to the initial load of adding
>>> the
>>> >>>>> clients
>>> >>>>>> or is there something else that I need to take care of.
>>> >>
>>> >
>>>
>>>
>>> --
>>> Petr Spacek  @  Red Hat
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/fc57a87c/attachment.htm>

From abokovoy at redhat.com  Tue Aug 23 17:24:47 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 23 Aug 2016 20:24:47 +0300
Subject: [Freeipa-users] IPA to IPA trust
In-Reply-To: <2EE95C41-1586-4D55-8318-B87408AC1D32@cccis.com>
References: <2EE95C41-1586-4D55-8318-B87408AC1D32@cccis.com>
Message-ID: <20160823172447.f7etyqqqs62stxan@redhat.com>

On Tue, 23 Aug 2016, Andrey Ptashnik wrote:
>Hello IPA team,
>
>Is there a way to implement IPA to IPA trust between different domains?
>We are thinking of using more than one domain, however we will need
>users to cross login from one domain to another.
No, not yet.
https://www.freeipa.org/page/Frequently_Asked_Questions#When_will_we_implement_FreeIPA_to_FreeIPA_trusts.3F


-- 
/ Alexander Bokovoy



From zwolfinger at myemma.com  Tue Aug 23 19:21:45 2016
From: zwolfinger at myemma.com (Zak Wolfinger)
Date: Tue, 23 Aug 2016 14:21:45 -0500
Subject: [Freeipa-users] Deleting a duplicate user
Message-ID: <86DE884F-3D3C-4F7B-A102-34D35E6E90CD@myemma.com>

We were in the final stages of migrating FreeIPA from 3.0 to 4.2.  During the migration, both the 3.0 replicas and the 4.2 replicas were in the replica pool.  User account changes made to 3.0 would replicate to 4.2 just fine, but changes wouldn?t replicate from 4.2 to 3.0.

Admins should have been aware of this and performing all changes to the 3.0 replicas.  However 2 accounts were created on the 4.2 replicas and then also added to the 3.0 replicas.  This resulted in a replication conflict and each user account has a duplicate with the same username but different UIDs.

I want to delete the duplicates.  ?ipa user-del? will not take the UID as an identifier, only the username.  Using just the username fails with an error due to the duplicate accounts.

The old 3.0 replicas have all been removed from the pool and decommissioned.  It would be tons of work to bring them back into production.

Any thoughts on how to fix this issue?

Cheers,
Zak Wolfinger

Infrastructure Engineer  |  Emma?
zak.wolfinger at myemma.com <mailto:zak.wolfinger at myemma.com>
800.595.4401 or 615.292.5888 x197
615.292.0777 (fax)

Emma helps organizations everywhere communicate & market in style.
Visit us online at www.myemma.com <http://myemma.com/?utm_source=%20EmmaSignatures&utm_medium=%20email&utm_content=text-lin%20k&utm_campaign=EmmaSignatu%20res-email-text-link-home>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/0ce7eb00/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/0ce7eb00/attachment.sig>

From abokovoy at redhat.com  Tue Aug 23 19:40:40 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 23 Aug 2016 22:40:40 +0300
Subject: [Freeipa-users] Deleting a duplicate user
In-Reply-To: <86DE884F-3D3C-4F7B-A102-34D35E6E90CD@myemma.com>
References: <86DE884F-3D3C-4F7B-A102-34D35E6E90CD@myemma.com>
Message-ID: <20160823194040.y6jswid3zdqqvvcm@redhat.com>

On Tue, 23 Aug 2016, Zak Wolfinger wrote:
>We were in the final stages of migrating FreeIPA from 3.0 to 4.2.
>During the migration, both the 3.0 replicas and the 4.2 replicas were
>in the replica pool.  User account changes made to 3.0 would replicate
>to 4.2 just fine, but changes wouldn?t replicate from 4.2 to 3.0.
>
>Admins should have been aware of this and performing all changes to the
>3.0 replicas.  However 2 accounts were created on the 4.2 replicas and
>then also added to the 3.0 replicas.  This resulted in a replication
>conflict and each user account has a duplicate with the same username
>but different UIDs.
>
>I want to delete the duplicates.  ?ipa user-del? will not take the UID
>as an identifier, only the username.  Using just the username fails
>with an error due to the duplicate accounts.
>
>The old 3.0 replicas have all been removed from the pool and
>decommissioned.  It would be tons of work to bring them back into
>production.
>
>Any thoughts on how to fix this issue?
You can delete wrong entry using ldapdelete.

Search for the records with 'ipa user-find' first:

[root ipa]# ipa user-find --all --raw --login myuser | grep dn:
  dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=xxxx,dc=exampe,dc=com

This gives you a DN of the conflict entry. Now you can delete it with
ldapdelete:

[root ipa]# ldapdelete -Y GSSPAI nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=xxxx,dc=exampe,dc=com

-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Tue Aug 23 19:51:16 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 23 Aug 2016 22:51:16 +0300
Subject: [Freeipa-users] Deleting a duplicate user
In-Reply-To: <20160823194040.y6jswid3zdqqvvcm@redhat.com>
References: <86DE884F-3D3C-4F7B-A102-34D35E6E90CD@myemma.com>
	<20160823194040.y6jswid3zdqqvvcm@redhat.com>
Message-ID: <20160823195116.3ybfxcd6ysu4jvdp@redhat.com>

On Tue, 23 Aug 2016, Alexander Bokovoy wrote:
>On Tue, 23 Aug 2016, Zak Wolfinger wrote:
>>We were in the final stages of migrating FreeIPA from 3.0 to 4.2.
>>During the migration, both the 3.0 replicas and the 4.2 replicas were
>>in the replica pool.  User account changes made to 3.0 would replicate
>>to 4.2 just fine, but changes wouldn?t replicate from 4.2 to 3.0.
>>
>>Admins should have been aware of this and performing all changes to the
>>3.0 replicas.  However 2 accounts were created on the 4.2 replicas and
>>then also added to the 3.0 replicas.  This resulted in a replication
>>conflict and each user account has a duplicate with the same username
>>but different UIDs.
>>
>>I want to delete the duplicates.  ?ipa user-del? will not take the UID
>>as an identifier, only the username.  Using just the username fails
>>with an error due to the duplicate accounts.
>>
>>The old 3.0 replicas have all been removed from the pool and
>>decommissioned.  It would be tons of work to bring them back into
>>production.
>>
>>Any thoughts on how to fix this issue?
>You can delete wrong entry using ldapdelete.
>
>Search for the records with 'ipa user-find' first:
>
>[root ipa]# ipa user-find --all --raw --login myuser | grep dn:
> dn: nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=xxxx,dc=exampe,dc=com
>
>This gives you a DN of the conflict entry. Now you can delete it with
>ldapdelete:
>
>[root ipa]# ldapdelete -Y GSSPAI nsuniqueid=ef3d3a81-2e3111e4-8c13b928-a98b9061+uid=myuser,cn=users,cn=accounts,dc=xxxx,dc=exampe,dc=com
s/GSSPAI/GSSAPI/, of course.

-- 
/ Alexander Bokovoy



From zarko at etcfstab.com  Tue Aug 23 20:25:04 2016
From: zarko at etcfstab.com (Z D)
Date: Tue, 23 Aug 2016 20:25:04 +0000
Subject: [Freeipa-users] The 3rd party cert for IPA Web GUI
Message-ID: <BN6PR12MB1169387DBD13307DBD4B3928C8EB0@BN6PR12MB1169.namprd12.prod.outlook.com>

Hi there, is it possible to have a cert (say from VeriSign) for a IPA host and use it for httpd (Web GUI), without breaking anything else? I've acquired one and added it to nssdb (/etc/httpd/alias).


# certutil -L -d /etc/httpd/alias
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
ipaCert                                                      u,u,u
Server-Cert                                                  u,u,u
COMP.COM IPA CA                                         CT,C,C
Signing-Cert                                                 u,u,u
CA-LDAP01-CHAINED                                            u,u,u
Comp SSL CA - G2 - VeriSign, Inc.                          ,,

It's now used in /etc/httpd/conf.d/nss.conf and the cert looks good via a browser. But it's breaking something, since I see this:

# ipa user-show admin
ipa: ERROR: cert validation failed for "CN=ca-ldap01.comp.com,OU=Corp,O=Corporation,L=City,ST=California,C=US" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.)
ipa: ERROR: cannot connect to 'https://ca-ldap01.comp.com/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.


Adding this cert to /etc/dirsrv/slapd-CORP-COM/ nssdb didn't resolve the issue. Thanks for any advice.

Zarko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/fa6b68bb/attachment.htm>

From bahanw042014 at gmail.com  Tue Aug 23 20:44:47 2016
From: bahanw042014 at gmail.com (bahan w)
Date: Tue, 23 Aug 2016 22:44:47 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
Message-ID: <CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>

Hello !

I am using IPA 3.0.0 on RedHat 6.6 servers.

I have two masters and this evening, I realized that one of them was
desynchronized, some users and groups were missing.

I was wondering if there was an ipa command to resynchronize replica which
are not sync with the other ?

Thank you in advance for your help.

Best regards.

Bahan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160823/79a6e581/attachment.htm>

From orion at cora.nwra.com  Tue Aug 23 22:27:10 2016
From: orion at cora.nwra.com (Orion Poplawski)
Date: Tue, 23 Aug 2016 16:27:10 -0600
Subject: [Freeipa-users] Default gid for AD trust users
Message-ID: <da5d13ff-81a2-bb4b-2087-8ab9f73a306e@cora.nwra.com>

Is there any way to control the default gid for AD trust users?  At the moment
each user has it's own default group, e.g.:

uid=22603(user at ad.domain) gid=22603(user at ad.domain)

It would be nice to be able to set this to an actual group.

Thanks.

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com



From ianh at brownpapertickets.com  Tue Aug 23 23:08:19 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Tue, 23 Aug 2016 16:08:19 -0700
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <57BC21EC.6080702@redhat.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
	<3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
	<57BC21EC.6080702@redhat.com>
Message-ID: <21d57b9b-3bc7-d2a4-8143-2a7371db79ac@brownpapertickets.com>



On 08/23/2016 03:14 AM, Ludwig Krispenz wrote:
> 
> On 08/23/2016 11:52 AM, Ian Harding wrote:
>> Ah.  I see.  I mixed those up but I see that those would have to be
>> consistent.
>>
>> However, I have been trying to beat some invalid RUV to death for a long
>> time and I can't seem to kill them.
>>
>> For example, bellevuenfs has 9 and 16 which are invalid:
>>
>> [ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>> "cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>
>> | grep "nsds50ruv\|nsDS5ReplicaId"
>> Enter LDAP Password:
>> nsDS5ReplicaId: 7
>> nsds50ruv: {replicageneration} 55c8f364000000040000
>> nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
>> 568ac3cc000000070000 57
>> nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
>> 57b10377000200140000
>> nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>> 57a47801000100120000
>> nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
>> 57a403860000000f0000 5
>> nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
>> 57a2dccd0000000e0000
>> nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
>> 57a422f9000000110000
>> nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
>> 57a4f20d000600130000
>> nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
>> 57a41706000000100000
>> nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
>> 570484ee000000090000 5
>>
>>
>> So I try to kill them like so:
>> [ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
>> ipa: WARNING: session memcached servers not running
>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>
>> Cleaning the wrong replica ID will cause that server to no
>> longer replicate so it may miss updates while the process
>> is running. It would need to be re-initialized to maintain
>> consistency. Be very careful.
>> Background task created to clean replication data. This may take a while.
>> This may be safely interrupted with Ctrl+C
>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force --cleanup
>> ipa: WARNING: session memcached servers not running
>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>
>> Cleaning the wrong replica ID will cause that server to no
>> longer replicate so it may miss updates while the process
>> is running. It would need to be re-initialized to maintain
>> consistency. Be very careful.
>> Background task created to clean replication data. This may take a while.
>> This may be safely interrupted with Ctrl+C
>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>> ipa: WARNING: session memcached servers not running
>> CLEANALLRUV tasks
>> RID 16: Waiting to process all the updates from the deleted replica...
>> RID 9: Waiting to process all the updates from the deleted replica...
>>
>> No abort CLEANALLRUV tasks running
>> [ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>> ipa: WARNING: session memcached servers not running
>> CLEANALLRUV tasks
>> RID 16: Waiting to process all the updates from the deleted replica...
>> RID 9: Waiting to process all the updates from the deleted replica...
>>
>> and it never finishes.
>>
>> seattlenfs is the first master, that's the only place I should have to
>> run this command, right?
> right, you need to run it only on one master, but this ease of use can
> become the problem.
> The cleanallruv task is propagated to all servers in the topology and it
> does this based on the replication agreements it finds.
> A frequent cause of failure is that replication agreements still exist
> pointing to no longer existing servers. It is a bit tedious, but could
> you run the following search on ALL
> of your current replicas (as directory manager):
> 
> ldapsearch ...... -b "cn=config" "objectclass=nsds5replicationagreement"
> nsds5replicahost
> 
> if you find any agreement where nsds5replicahost is a host no longer
> existing or working, delete these agreements.

I have 7 FreeIPA servers, all of which have been in existence in some
form or another since I started.  It used to work great.  I've broken it
now but the hostnames and ip addresses all still exist.  I've
uninstalled and reinstalled them a few times which I think is the source
of my troubles so I tried to straighten out the RUVs and probably messed
that up pretty good

Anyway, now what I THINK I have is

seattlenfs
|-freeipa-sea
  |- freeipa-dal
  |- bellevuenfs
  |- fremontnis
  |- bpt-nyc1-nfs
  |- edinburghnfs

Until I get this squared away I've turned off ipa services on all but
seattlenfs, freeipa-sea and freeipa-dal and am hoping that any password
changes etc. happen on seattlenfs.  I need the other two because they
are my DNS.  The rest I can kind of live without since they are just
local instances living on nfs servers.

Here's the output from that ldap query on all the hosts:

SEATTLENFS

[root at seattlenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mappin
 g tree, config
dn:
cn=masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
 ca,cn=mapping tree,cn=config
nsds5replicahost: bellevuenfs.bpt.rocks

# masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica,
o\3Dipaca, mappi
 ng tree, config
dn:
cn=masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dip
 aca,cn=mapping tree,cn=config
nsds5replicahost: bpt-nyc1-nfs.bpt.rocks

# masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mappin
 g tree, config
dn:
cn=masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
 ca,cn=mapping tree,cn=config
nsds5replicahost: freeipa-dal.bpt.rocks

# masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mappin
 g tree, config
dn:
cn=masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
 ca,cn=mapping tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# masterAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mapping
  tree, config
dn:
cn=masterAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
 a,cn=mapping tree,cn=config
nsds5replicahost: fremontnis.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6

FREEIPA-SEA

[root at freeipa-sea ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTobellevuenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTobellevuenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: bellevuenfs.bpt.rocks

# meTobpt-nyc1-nfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, con
 fig
dn:
cn=meTobpt-nyc1-nfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
 ng tree,cn=config
nsds5replicahost: bpt-nyc1-nfs.bpt.rocks

# meToedinburghnfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, con
 fig
dn:
cn=meToedinburghnfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
 ng tree,cn=config
nsds5replicahost: edinburghnfs.bpt.rocks

# meTofreeipa-dal.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-dal.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-dal.bpt.rocks

# meTofremontnis.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, confi
 g
dn:
cn=meTofremontnis.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
  tree,cn=config
nsds5replicahost: fremontnis.bpt.rocks

# meToseattlenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, confi
 g
dn:
cn=meToseattlenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
  tree,cn=config
nsds5replicahost: seattlenfs.bpt.rocks

# cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mapping
  tree, config
dn:
cn=cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
 a,cn=mapping tree,cn=config
nsds5replicahost: seattlenfs.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 8
# numEntries: 7

FREEIPA-DAL

[root at freeipa-dal ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mapping
  tree, config
dn:
cn=cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
 a,cn=mapping tree,cn=config
nsds5replicahost: seattlenfs.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

BELLEVUENFS

[root at bellevuenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mapping
  tree, config
dn:
cn=cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
 a,cn=mapping tree,cn=config
nsds5replicahost: seattlenfs.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2


FREMONTNIS

[root at fremontnis ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mapping
 tree, config
dn:
cn=cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipaca
 ,cn=mapping tree,cn=config
nsds5replicahost: seattlenfs.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

BPT-NYC1-NFS

[root at bpt-nyc1-nfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mappin
 g tree, config
dn:
cn=cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
 ca,cn=mapping tree,cn=config
nsds5replicahost: seattlenfs.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

EDINBURGHNFS

[root at edinburghnfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
"cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: objectclass=nsds5replicationagreement
# requesting: nsds5replicahost
#

# meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
tree, conf
 ig
dn:
cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
 g tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
mappin
 g tree, config
dn:
cn=cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
 ca,cn=mapping tree,cn=config
nsds5replicahost: freeipa-sea.bpt.rocks

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Here's the errors from starting up EDINBURGHNFS to run that query.  It
has some familiar looking problems.

[23/Aug/2016:23:56:35 +0100] SSL Initialization - Configured SSL version
range: min: TLS1.0, max: TLS1.2
[23/Aug/2016:23:56:35 +0100] - 389-Directory/1.3.4.0 B2016.215.1556
starting up
[23/Aug/2016:23:56:35 +0100] - WARNING: changelog: entry cache size
2097152B is less than db size 12361728B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[23/Aug/2016:23:56:35 +0100] schema-compat-plugin - scheduled
schema-compat-plugin tree scan in about 5 seconds after the server startup!
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
ou=sudoers,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=bpt,dc=rocks does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
does not exist
[23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target cn=automember
rebuild membership,cn=tasks,cn=config does not exist
[23/Aug/2016:23:56:35 +0100] auto-membership-plugin -
automember_parse_regex_rule: Unable to parse regex rule (invalid regex).
 Error "nothing to repeat".
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 1095
ldap://freeipa-sea.bpt.rocks:389} 579a963c000004470000
57a575a0000004470000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 81
ldap://seattlenfs.bpt.rocks:389} 568ac431000000510000
57a4175f000500510000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 96
ldap://freeipa-sea.bpt.rocks:389} 55c8f3bd000000600000
5799a02e000000600000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 86
ldap://fremontnis.bpt.rocks:389} 5685b24e000000560000
5703db4b000500560000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 91
ldap://seattlenis.bpt.rocks:389} 567ad6180001005b0000
568703740000005b0000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 97
ldap://freeipa-dal.bpt.rocks:389} 55c8f3ce000000610000
56f4d70b000000610000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 76
ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000
56f386180004004c0000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 71
ldap://bellevuenfs.bpt.rocks:389} 57048560000900470000
5745722e000000470000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 66
ldap://bpt-nyc1-nfs.bpt.rocks:389} 5733e594000a00420000
5733e5b7002f00420000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 61
ldap://edinburghnfs.bpt.rocks:389} 574421250000003d0000
57785b420004003d0000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 1090
ldap://freeipa-dal.bpt.rocks:389} 57a2dd35000004420000
57a2dd35000404420000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 1085
ldap://fremontnis.bpt.rocks:389} 57a403e60000043d0000
57a403e70002043d0000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 1080
ldap://bellevuenfs.bpt.rocks:389} 57a41767000004380000
57a41768000004380000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: for replica o=ipaca there were
some differences between the changelog max RUV and the database RUV.  If
there are obsolete elements in the database RUV, you should remove them
using the CLEANALLRUV task.  If they are not obsolete, you should check
their status to see why there are no changes from those servers in the
changelog.
[23/Aug/2016:23:56:35 +0100] set_krb5_creds - Could not get initial
credentials for principal [ldap/edinburghnfs.bpt.rocks at BPT.ROCKS] in
keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
for requested realm)
[23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
(nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
[23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
(nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 20
ldap://freeipa-sea.bpt.rocks:389} 57b10377000200140000
57bb7bc9000500140000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 18
ldap://bpt-nyc1-nfs.bpt.rocks:389} 57a47801000100120000
57b03107000100120000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 15
ldap://fremontnis.bpt.rocks:389} 57a403860000000f0000
57b036b20002000f0000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 14
ldap://freeipa-dal.bpt.rocks:389} 57a2dccd0000000e0000
57bb7b690005000e0000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 19
ldap://bellevuenfs.bpt.rocks:389} 57a4f20d000600130000
57b0fa3b000100130000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 16
ldap://bellevuenfs.bpt.rocks:389} 57a41706000000100000
57a41706000100100000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
RUV [changelog max RUV] does not contain element [{replica 9
ldap://bellevuenfs.bpt.rocks:389} 570484ee000000090000
579f6419000000090000] which is present in RUV [database RUV]
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: for replica dc=bpt,dc=rocks
there were some differences between the changelog max RUV and the
database RUV.  If there are obsolete elements in the database RUV, you
should remove them using the CLEANALLRUV task.  If they are not
obsolete, you should check their status to see why there are no changes
from those servers in the changelog.
[23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
[23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
(nsslapd-referral,
ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
[23/Aug/2016:23:56:35 +0100] schema-compat-plugin - schema-compat-plugin
tree scan will start in about 5 seconds!
[23/Aug/2016:23:56:35 +0100] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[23/Aug/2016:23:56:35 +0100] - Listening on All Interfaces port 636 for
LDAPS requests
[23/Aug/2016:23:56:35 +0100] - Listening on
/var/run/slapd-BPT-ROCKS.socket for LDAPI requests
[23/Aug/2016:23:56:35 +0100] slapd_ldap_sasl_interactive_bind - Error:
could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
-2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure.  Minor code may provide more information (No Kerberos
credentials available)) errno 0 (Success)
[23/Aug/2016:23:56:35 +0100] slapi_ldap_bind - Error: could not perform
interactive bind for id [] authentication mechanism [GSSAPI]: error -2
(Local error)
[23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
more information (No Kerberos credentials available))
[23/Aug/2016:23:56:39 +0100] NSMMReplicationPlugin -
agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
with GSSAPI auth resumed
[23/Aug/2016:23:56:40 +0100] schema-compat-plugin - Finished plugin
initialization.
[23/Aug/2016:23:56:41 +0100] agmt="cn=meTofreeipa-sea.bpt.rocks"
(freeipa-sea:389) - Can't locate CSN 570484ee000000090000 in the
changelog (DB rc=-30988). If replication stops, the consumer may need to
be reinitialized.
[23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin - changelog program -
agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): CSN
570484ee000000090000 not found, we aren't as up to date, or we purged
[23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin -
agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Data required to
update replica has been purged. The replica must be reinitialized.
[23/Aug/2016:23:56:42 +0100] NSMMReplicationPlugin -
agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Incremental
update failed and requires administrator action


I went around and around re-initializing from various servers last night
to try make these go away but it's like whackamole.

What's the best way you can think of to put humpty dumpty back together
again?

Thank you so much for your time.  Come to Tacoma and I will buy you all
the beer.
>>
>> I'm about to burn everything down and ipa-server-install --uninstall but
>> I've done that before a couple times and that seems to be what got me
>> into this mess...
>>
>> Thank you for your help.
>>
>>
>>
>>
>> On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
>>> looks like you are searching the nstombstone below "o=ipaca", but you
>>> are cleaning ruvs in "dc=bpt,dc=rocks",
>>>
>>> your attrlist_replace error refers to the bpt,rocks backend, so you
>>> should search the tombstone entry ther, then determine which replicaIDs
>>> to remove.
>>>
>>> Ludwig
>>>
>>> On 08/23/2016 09:20 AM, Ian Harding wrote:
>>>> I've followed the procedure in this thread:
>>>>
>>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>>>
>>>> and found my list of RUV that don't have an existing replica id.
>>>>
>>>> I've tried to remove them like so:
>>>>
>>>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>>>> Enter LDAP Password:
>>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>>>> objectclass: top
>>>> objectclass: extensibleObject
>>>> replica-base-dn: dc=bpt,dc=rocks
>>>> replica-id: 97
>>>> replica-force-cleaning: yes
>>>> cn: clean 97
>>>>
>>>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>>>
>>>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>>>> CLEANALLRUV tasks
>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>> RID 96: Successfully cleaned rid(96).
>>>> RID 97: Successfully cleaned rid(97).
>>>>
>>>> No abort CLEANALLRUV tasks running
>>>>
>>>>
>>>> and yet, they are still there...
>>>>
>>>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>>> "cn=Directory Manager" -W -b "o=ipaca"
>>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>>
>>>>
>>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>>> Enter LDAP Password:
>>>> nsDS5ReplicaId: 81
>>>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>>>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>>>> 568ac431000000510000 5
>>>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>>>> 57b103d400000429000
>>>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>>>> 57a4f2700000042e000
>>>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>> 57a478650000043300
>>>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>>>> 57a4176700000438000
>>>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>>>> 57a403e60000043d0000
>>>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>>>> 57a2dd3500000442000
>>>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>>>> 579a963c00000447000
>>>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>>>> 55c8f3bd000000600000
>>>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>>>> 5685b24e000000560000 5
>>>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>>>> 567ad6180001005b0000 5
>>>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>>>> 55c8f3ce000000610000
>>>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>>>> 56f385eb0007004c0000
>>>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>>>> 57048560000900470000
>>>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>> 5733e594000a00420000
>>>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>>>> 574421250000003d0000
>>>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>>>> 57a42390000004ab00
>>>>
>>>> What have I done wrong?
>>>>
>>>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>>>> updates to all its children, but their changes don't come back because
>>>> of these errors:
>>>>
>>>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>>>> (nsslapd-referral,
>>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>>>
>>>> in effect, the replication agreements are one-way.
>>>>
>>>> Any ideas?
>>>>
>>>> - Ian
>>>>
> 

-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From zarko.dudic at oracle.com  Tue Aug 23 23:25:28 2016
From: zarko.dudic at oracle.com (Zarko Dudic)
Date: Tue, 23 Aug 2016 16:25:28 -0700
Subject: [Freeipa-users] ipa-server-install ERROR: IPA CA certificate
 not found in ...
In-Reply-To: <20160816180913.wpqpvmwznwrfdfya@redhat.com>
References: <605a11e4-e50c-c414-1d19-c65ce882dba8@oracle.com>
	<57B33989.2070400@redhat.com>
	<3860280a-7bda-b38e-6c28-ba6b646c78b8@oracle.com>
	<20160816180913.wpqpvmwznwrfdfya@redhat.com>
Message-ID: <3c73a1e3-1ad7-2cf7-bcb9-0269a75f49d9@oracle.com>



On 8/16/2016 11:09 AM, Alexander Bokovoy wrote:
> On Tue, 16 Aug 2016, Zarko Dudic wrote:
>> Thanks Rob. This command creates the CSR.
>>
>> # ipa-server-install  --subject 
>> 'OU=CorpArch,O=Corporation,L=Town,ST=California,C=US' --external-ca
>>
>> And verification with command :
>>
>> # openssl req -in /root/ipa.csr -noout -text
>>
>> ... shows "Subject: C=US, ST=California, L=Town, O=Corporation, 
>> OU=CorpArch, CN=Certificate Authority"
>>
>> Since the CN is unconfigurable, how it's expected to be signed by 3rd 
>> party external CA, they usually want to see FQDN.
> This is not a certificate signing request for a host-based certificate.
> This is a certificate signing request for a CA root certificate. It is
> unlikely that you will get it signed by a public CA because that
> signature basically makes your IPA CA a sub-CA.
>

Hi Alexander,
It makes sense what you say here, I was trying this because the doc 
"Linux Domain Identity, Authentication, and Policy Guide" in the  " 
2.3.2. Determining What CA Configuration to Use" reads:

An external CA is the root CA

The Certificate System CA is subordinate to an external CA.
However, all certificates for the IdM domain are still issued by the 
Certificate System instance.
The external CA can be a corporate CA or a third-party CA, such as 
Verisign or Thawte.
The certificates issued within the IdM domain are potentially subject to 
restrictions set by the external root CA for attributes like the 
validity period.





> This is quite different from signing a server certificate.
>
> --external-ca option is provided to allow your IPA CA to be a sub-ca for
> a corporate CA. I don't know any publicly available CA that could
> actually sign it for you.
>

-- 
Thanks,
Zarko



From pspacek at redhat.com  Wed Aug 24 06:41:50 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 24 Aug 2016 08:41:50 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
Message-ID: <1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>

On 23.8.2016 22:44, bahan w wrote:
> Hello !
> 
> I am using IPA 3.0.0 on RedHat 6.6 servers.
> 
> I have two masters and this evening, I realized that one of them was
> desynchronized, some users and groups were missing.
> 
> I was wondering if there was an ipa command to resynchronize replica which
> are not sync with the other ?

First of all, it is necessary to find out replication does not work.

Please see
http://www.freeipa.org/page/Troubleshooting#Replication_issues

-- 
Petr^2 Spacek



From tba at statsbiblioteket.dk  Wed Aug 24 06:55:31 2016
From: tba at statsbiblioteket.dk (Tony Brian Albers)
Date: Wed, 24 Aug 2016 06:55:31 +0000
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <57BC59ED.7040604@redhat.com>
References: <1471933463.9124.24.camel@statsbiblioteket.dk>
	<0137003026EBE54FBEC540C5600C03C437B31A@PMC-EXMBX02.petermac.org.au>
	<1471936305.2716.1.camel@statsbiblioteket.dk>
	<20160823071705.xzc63inuqymqxzij@hendrix>
	<1471944384.2716.8.camel@statsbiblioteket.dk>
	<57BC1F1C.3050202@redhat.com>
	<1471948074.2716.10.camel@statsbiblioteket.dk>
	<57BC26F9.2000604@redhat.com>
	<1471950576.2716.13.camel@statsbiblioteket.dk>
	<57BC3312.5040608@redhat.com>
	<1471953329.2716.15.camel@statsbiblioteket.dk>
	<57BC3A86.2050800@redhat.com> <57BC59ED.7040604@redhat.com>
Message-ID: <1472021731.11720.3.camel@statsbiblioteket.dk>

And indeed the compat tree was disabled.

Guess I forgot to reenable it after copying the db to a testing
environment.

Thanks guys, sudo is working fine now.

/tony

On Tue, 2016-08-23 at 10:13 -0400, Rob Crittenden wrote:
> Pavel B?ezina wrote:
> > On 08/23/2016 01:55 PM, Tony Brian Albers wrote:
> >> Here you are:
> >>
> >>
> >> [root ~]# ldapsearch -Y GSSAPI -b $dc
> >> '(ou=*)' -s onelevel
> >
> >> # profile, $domain
> >> dn: ou=profile,$dc
> >> objectClass: top
> >> objectClass: organizationalUnit
> >> ou: profiles
> >> ou: profile
> >>
> >> # search result
> >> search: 4
> >> result: 0 Success
> >>
> >> # numResponses: 2
> >> # numEntries: 1
> >
> >
> > Sudo rules are not downloaded by SSSD because ou=sudoers is missing on
> > the IPA server, or it may have incorrect ACL. Does someone from IPA team
> > know why?
> 
> Perhaps the compat tree is disabled:
> 
> $ ipa-compat-manage status
> 
> rob
> 
> 

-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316






From siology.io at gmail.com  Wed Aug 24 02:07:38 2016
From: siology.io at gmail.com (siology.io)
Date: Wed, 24 Aug 2016 14:07:38 +1200
Subject: [Freeipa-users] Freeipa-users Digest, Vol 97, Issue 97
In-Reply-To: <mailman.26362.1471966379.3910.freeipa-users@redhat.com>
References: <mailman.26362.1471966379.3910.freeipa-users@redhat.com>
Message-ID: <CAL8of0GB0OCo+Y09+TasAq_oxSLkOrFDV3XfiQbM513tu_Na6A@mail.gmail.com>

>
>
> Date: Tue, 23 Aug 2016 10:20:32 -0400
> From: Rob Crittenden <rcritten at redhat.com>
> To: "siology.io" <siology.io at gmail.com>,        freeipa-users
>         <freeipa-users at redhat.com>
> Subject: Re: [Freeipa-users] private user groups for existing users
> Message-ID: <57BC5BB0.7090009 at redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> siology.io wrote:
> >   i've noticed that some of my users (imported from openldap) don't have
> > personal user groups, but the new ones that i make within freeipa do.
> >
> > Is there a way of marking the existing accounts such that they get user
> > groups made for them ? I couldn't seem to see the groups that IPA is
> > making in the LDAP output so it must be creating them via some other
> means.
> >
> > Is there some sort of  'ipa user create-private-group <userA>' command ?
> >
> > The only work around i have is to make hundreds of fake private groups
> > by making normal user groups each with one user, which'll clutter the UI
> > up with pointless groups.
>
> Yeah, there is a ticket open to allow UPG creation in migration but as
> you see, it isn't done yet.
>
> There is no documented way to do it but it should be possible with
> ldapmodify. I forget the exact ordering but I'd probably do the group
> first, then the user. In theory you can convert a group to be managed by
> adding:
>
> objectclass: mepmanagedentry
> mepmanagedby: uid=<user>,cn=users,cn=accounts,$SUFFIX
>
> And removing:
>
> objectclass: groupofnames
> objectclass: nestedgroup
>
> You also need to update the user with:
>
> objectclass: meporiginentry
> mepmanagedentry: cn=<user>,cn=groups,cn=accounts,$SUFFIX
>
> Just don't do this with any groups that have members.
>
> Definitely worth experimenting on a non-production installation.
>
> rob
>


I'm not too hot with ldapmodify at all. So far i've got:
http://pastebin.com/MDE1SN0F but i dont think that's working for me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160824/47b9f2af/attachment.htm>

From pspacek at redhat.com  Wed Aug 24 07:08:04 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 24 Aug 2016 09:08:04 +0200
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
Message-ID: <ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>

On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
> I think thers something seriously wrong with my system
> 
> not able to run any  IPA commands
> 
> klist
> Ticket cache: KEYRING:persistent:0:0
> Default principal: admin at XYZ.COM
> 
> Valid starting       Expires              Service principal
> 2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/XYZ.COM at XYZ.COM
> 
> 
> [root at prod-ipa-master-1a :~] ipactl status
> Directory Service: RUNNING
> krb5kdc Service: RUNNING
> kadmin Service: RUNNING
> ipa_memcached Service: RUNNING
> httpd Service: RUNNING
> pki-tomcatd Service: RUNNING
> ipa-otpd Service: RUNNING
> ipa: INFO: The ipactl command was successful
> 
> 
> 
> [root at prod-ipa-master :~] ipa user-find p-testuser
> ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may
> provide more information', 851968)/("Cannot contact any KDC for realm '
> XYZ.COM'", -1765328228)
> 

This is weird because the server seems to be up.

Please follow
http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos

Petr^2 Spacek

> 
> 
> Thanks
> 
> Rakesh
> 
> On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
> rakesh.rajasekharan at gmail.com> wrote:
> 
>> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
>>
>> But, the hang is still there. though I dont see the sigfault now
>>
>>
>>
>>
>> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
>> rakesh.rajasekharan at gmail.com> wrote:
>>
>>> My disk was getting filled too fast
>>>
>>> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
>>>
>>> Is there a way to make the logging less verbose
>>>
>>>
>>>
>>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com> wrote:
>>>
>>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>>>>> I was able to fix that may be temporarily... when i checked the
>>>> network..
>>>>> there was another process that was running and consuming a lot of
>>>> network (
>>>>> i have no idea who did that. I need to seriously start restricting
>>>> people
>>>>> access to this machine )
>>>>>
>>>>> after killing that perfomance improved drastically
>>>>>
>>>>> But now, suddenly I started experiencing the same hang.
>>>>>
>>>>> This time , I gert the following error when checked dmesg
>>>>>
>>>>> [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
>>>>> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port 88.
>>>>> Sending cookies.  Check SNMP counters.
>>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
>>>>> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
>>>>> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>>>>
>>>> Okay, this one is serious. The LDAP server crashed.
>>>>
>>>> 1. Make sure all your packages are up-to-date.
>>>>
>>>> Please see
>>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>>>> ebugging-crashes
>>>> for further instructions how to debug this.
>>>>
>>>> Petr^2 Spacek
>>>>
>>>>>
>>>>> and in /var/log/dirsrv/example-com/errors
>>>>>
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291138 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291139 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291140 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291141 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291142 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291143 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291144 (rc: 32)
>>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3291145 (rc: 32)
>>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord:
>>>> could
>>>>> not delete change record 3292734 (rc: 51)
>>>>>
>>>>>
>>>>> Can  i do something about this error.. I treid to restart ipa a couple
>>>> of
>>>>> time but that did not help
>>>>>
>>>>> Thanks
>>>>> Rakesh
>>>>>
>>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
>>>> wrote:
>>>>>
>>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>>>>>> I am running my set up on AWS cloud, and entropy is low at around
>>>> 180 .
>>>>>>>
>>>>>>> I plan to increase it bu installing haveged . But, would low entropy
>>>> by
>>>>>> any
>>>>>>> chance cause this issue of intermittent hang .
>>>>>>> Also, the hang is mostly observed when registering around 20 clients
>>>>>>> together
>>>>>>
>>>>>> Possibly, I'm not sure. If you want to dig into this, I would do this:
>>>>>> 1. look what process hangs on client (using pstree command or so)
>>>>>> $ pstree
>>>>>>
>>>>>> 2. look to what server and port is the hanging client connected to
>>>>>> $ lsof -p <PID of the hanging process>
>>>>>>
>>>>>> 3. jump to server and see what process is bound to the target port
>>>>>> $ netstat -pn
>>>>>>
>>>>>> 4. see where the process if hanging
>>>>>> $ strace -p <PID of the hanging process>
>>>>>>
>>>>>> I hope it helps.
>>>>>>
>>>>>> Petr^2 Spacek
>>>>>>
>>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>>>>>>> rakesh.rajasekharan at gmail.com> wrote:
>>>>>>>
>>>>>>>> yes there seems to be something thats worrying.. I have faced this
>>>> today
>>>>>>>> as well.
>>>>>>>> There are few hosts around 280 odd left and when i try adding them
>>>> to
>>>>>> IPA
>>>>>>>> , the slowness begins..
>>>>>>>>
>>>>>>>> all the ipa commands like ipa user-find.. etc becomes very slow in
>>>>>>>> responding.
>>>>>>>>
>>>>>>>> the SYNC_RECV are not many though just around 80-90 and today that
>>>> was
>>>>>>>> around 20 only
>>>>>>>>
>>>>>>>>
>>>>>>>> I have for now increased tcp_max_syn_backlog to 5000.
>>>>>>>> For now the slowness seems to have gone.. but I will do a try
>>>> adding the
>>>>>>>> clients again tomorrow and see how it goes
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Rakesh
>>>>>>>>
>>>>>>>> The issues
>>>>>>>>
>>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com>
>>>>>> wrote:
>>>>>>>>
>>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>>>>>>>>> Hi
>>>>>>>>>>
>>>>>>>>>> I am migrating to freeipa from openldap and have around 4000
>>>> clients
>>>>>>>>>>
>>>>>>>>>> I had openned a another thread on that, but chose to start a new
>>>> one
>>>>>>>>> here
>>>>>>>>>> as its a separate issue
>>>>>>>>>>
>>>>>>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif
>>>> file
>>>>>>>>>>
>>>>>>>>>> cat nsslapd-modify.ldif
>>>>>>>>>> dn: cn=config
>>>>>>>>>> changetype: modify
>>>>>>>>>> replace: nsslapd-maxdescriptors
>>>>>>>>>> nsslapd-maxdescriptors: 17000
>>>>>>>>>>
>>>>>>>>>> and running the ldapmodify command
>>>>>>>>>>
>>>>>>>>>> I have now started moving clients running an openldap to Freeipa
>>>> and
>>>>>>>>> have
>>>>>>>>>> today moved close to 2000 clients
>>>>>>>>>>
>>>>>>>>>> However, I have noticed that IPA hangs intermittently.
>>>>>>>>>>
>>>>>>>>>> running a kinit admin returns the below error
>>>>>>>>>> kinit: Generic error (see e-text) while getting initial
>>>> credentials
>>>>>>>>>>
>>>>>>>>>> from the /var/log/messages, I see this entry
>>>>>>>>>>
>>>>>>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP:
>>>> request_sock_TCP:
>>>>>>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
>>>>>> counters.
>>>>>>>>>
>>>>>>>>> I would be worried about this message. Maybe kernel/firewall is
>>>> doing
>>>>>>>>> something fishy behind your back and blocking some connections or
>>>> so.
>>>>>>>>>
>>>>>>>>> Petr^2 Spacek
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session
>>>> 4885
>>>>>> of
>>>>>>>>>> user root.
>>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session
>>>> 4885
>>>>>> of
>>>>>>>>>> user root.
>>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session
>>>> 4886
>>>>>> of
>>>>>>>>>> user root.
>>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session
>>>> 4886
>>>>>> of
>>>>>>>>>> user root.
>>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]: ansible-command
>>>>>>>>> Invoked
>>>>>>>>>> with creates=None executable=None shell=True args= removes=None
>>>>>>>>> warn=True
>>>>>>>>>> chdir=None
>>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>>>> Unspecified
>>>>>>>>> GSS
>>>>>>>>>> failure.  Minor code may provide more information (KDC returned
>>>> error
>>>>>>>>>> string: PROCESS_TGS)
>>>>>>>>>>
>>>>>>>>>> Could it be possible that its due to the initial load of adding
>>>> the
>>>>>>>>> clients
>>>>>>>>>> or is there something else that I need to take care of.



From jhrozek at redhat.com  Wed Aug 24 07:50:09 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Wed, 24 Aug 2016 09:50:09 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160824075009.rj73yous3ptypj54@hendrix>

On Tue, Aug 23, 2016 at 03:17:48PM +0200, Troels Hansen wrote:
> Running RHEL 7.2: 
> 
> ipa-client-4.2.0-15.el7_2.18 
> sssd-ipa-1.13.0-40.el7_2.12.x86_64 
> ipa-server-4.2.0-15.el7_2.18.x86_64 
> 
> I have a sudo rule where I try to give sudo access based on a AD group. 
> 
> # groups drextrha at net.dr.dk 
> drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk 
> 
> I'm member of the group domain_users via AD. 
> 
> SUDO rule in LDAP: 
> 
> # guffe, sudoers, linux.dr.dk 
> dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk 
> sudoUser: %domain_users 
> sudoRunAsGroup: ALL 
> objectClass: sudoRole 
> objectClass: top 
> sudoCommand: /usr/bin/cat /var/log/messages 
> sudoRunAsUser: ALL 
> sudoHost: ALL 
> cn: guffe 

domain_users != domain_users at linux.dr.dk

I'm also curious why sssd qualifies the IPA group name (domain_users is
an IPA group name right?)

do you set use_fully_qualified_names=true by chance in the config file?



From pspacek at redhat.com  Wed Aug 24 10:00:44 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 24 Aug 2016 12:00:44 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
Message-ID: <6e25174e-4fbf-e29c-3742-101d6d16161b@redhat.com>

Hi,

please keep freeipa-users at redhat.com in Cc.

If there are no problems indicated in log, is it really a problem with
replication or something else?

I would try

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Monitoring_Replication_Status.html#replication-monitoring-script

and see if replication is working or not.

Petr^2 Spacek

On 24.8.2016 11:50, bahan w wrote:
> Hello Petr, Orion.
> 
> I checked the errors log from the dirsrv on both masters and I found
> nothing related to an error with the replication plugin.
> 
> I also performed all the tests described in the link Petr provided. Thank
> you for this. Every one of this command is OK on both masters.
> 
> I'm checking the access logs from dirsrv now.
> 
> Any other tracks to follow ? Increase the log level on the replica failing
> to sync ?
> 
> Best regards.
> 
> Bahan
> 
> On Wed, Aug 24, 2016 at 8:41 AM, Petr Spacek <pspacek at redhat.com> wrote:
> 
>> On 23.8.2016 22:44, bahan w wrote:
>>> Hello !
>>>
>>> I am using IPA 3.0.0 on RedHat 6.6 servers.
>>>
>>> I have two masters and this evening, I realized that one of them was
>>> desynchronized, some users and groups were missing.
>>>
>>> I was wondering if there was an ipa command to resynchronize replica
>> which
>>> are not sync with the other ?
>>
>> First of all, it is necessary to find out replication does not work.
>>
>> Please see
>> http://www.freeipa.org/page/Troubleshooting#Replication_issues
>>
>> --
>> Petr^2 Spacek



From pspacek at redhat.com  Wed Aug 24 10:16:44 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 24 Aug 2016 12:16:44 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
Message-ID: <265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>

Hi,

again, please always keep freeipa-users at redhat.com in Cc of your e-mails. This
is not a private support channel.

Ludwig, do you know if dataversion is expected to be consistent among all
replicas or not? I would not expect consistent values.

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/rootdse-attributes.html#dataversion

did not answer this question. If we find out the right answer we should extend
the description in documentation.

Petr^2 Spacek

On 24.8.2016 12:12, bahan w wrote:
> Re.
> 
> I checked the conflicts but I didn't find any between the two servers.
> ###
> 
> ldapsearch -x -D "cn=directory manager" -W -b "dc=<MY REALM>"
> "nsds5ReplConflict=*" \* nsds5ReplConflict
> ###
> 
> The only thing I see is that one my master is in IPA 3.0.0.42 and another
> is IPA 3.0.0.47.
> The server with a problem of synchronization is 3.0.0.47.
> 
> Here is a partial result from the command on each server:
> ###
> ldapsearch -Y GSSAPI -h `hostname` -b "" -s base
> ###
> 
> On the server OK
> ###
> 
> vendorVersion: 389-Directory/1.2.11.15 B2015.247.1737
> dataversion: 020160823201940
> 
> ###
> 
> 
> On the server with the problem of sync :
> 
> ###
> 
> vendorVersion: 389-Directory/1.2.11.15 B2015.022.1831
> dataversion: 020160823195011
> ###
> 
> Is the field dataversion the timestamp of the last version of the ldap
> database ?
> 
> I'm going to increase loglevel to DEBUG this afternoon before anything.
> 
> I found this in the red hat doc :
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ipa-replica-manage.html
> 
> ###
> 28.5.4. Reinitializing IdM Servers
> When a replica is first created, the database of the master server is
> copied, completely, over to the replica database. This process is called
> *initialization*. If a server/replica is offline for a long period of time
> or there is some kind of corruption in its database, then the server can be
> re-initialized, with a fresh and updated set of data.
> This is done using the re-initialize command. The target server being
> initialized is the local host. The server or replica from which to pull the
> data to initialize the local database is specified in the --from option:
> 
> [root at server ~]# ipa-replica-manage re-initialize --from srv1.example.com
> 
> ###
> 
> Do you know if it is available in IPA 3.0.0.47 ?
> 
> Best regards.
> 
> Bahan
> 
> On Wed, Aug 24, 2016 at 11:50 AM, bahan w <bahanw042014 at gmail.com> wrote:
> 
>> Hello Petr, Orion.
>>
>> I checked the errors log from the dirsrv on both masters and I found
>> nothing related to an error with the replication plugin.
>>
>> I also performed all the tests described in the link Petr provided. Thank
>> you for this. Every one of this command is OK on both masters.
>>
>> I'm checking the access logs from dirsrv now.
>>
>> Any other tracks to follow ? Increase the log level on the replica failing
>> to sync ?
>>
>> Best regards.
>>
>> Bahan
>>
>> On Wed, Aug 24, 2016 at 8:41 AM, Petr Spacek <pspacek at redhat.com> wrote:
>>
>>> On 23.8.2016 22:44, bahan w wrote:
>>>> Hello !
>>>>
>>>> I am using IPA 3.0.0 on RedHat 6.6 servers.
>>>>
>>>> I have two masters and this evening, I realized that one of them was
>>>> desynchronized, some users and groups were missing.
>>>>
>>>> I was wondering if there was an ipa command to resynchronize replica
>>> which
>>>> are not sync with the other ?
>>>
>>> First of all, it is necessary to find out replication does not work.
>>>
>>> Please see
>>> http://www.freeipa.org/page/Troubleshooting#Replication_issues
>>>
>>> --
>>> Petr^2 Spacek



From lslebodn at redhat.com  Wed Aug 24 11:21:04 2016
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Wed, 24 Aug 2016 13:21:04 +0200
Subject: [Freeipa-users] can't get sudo to work.
In-Reply-To: <1472021731.11720.3.camel@statsbiblioteket.dk>
References: <1471944384.2716.8.camel@statsbiblioteket.dk>
	<57BC1F1C.3050202@redhat.com>
	<1471948074.2716.10.camel@statsbiblioteket.dk>
	<57BC26F9.2000604@redhat.com>
	<1471950576.2716.13.camel@statsbiblioteket.dk>
	<57BC3312.5040608@redhat.com>
	<1471953329.2716.15.camel@statsbiblioteket.dk>
	<57BC3A86.2050800@redhat.com> <57BC59ED.7040604@redhat.com>
	<1472021731.11720.3.camel@statsbiblioteket.dk>
Message-ID: <20160824112104.GB31829@10.4.128.1>

On (24/08/16 06:55), Tony Brian Albers wrote:
>And indeed the compat tree was disabled.
>
>Guess I forgot to reenable it after copying the db to a testing
>environment.
>
>Thanks guys, sudo is working fine now.
>
BTW it would work with upstream 1.13.4 even with disabled
compat tree (or 1.13.3 in el6)

LS



From lkrispen at redhat.com  Wed Aug 24 11:43:50 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Wed, 24 Aug 2016 13:43:50 +0200
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <21d57b9b-3bc7-d2a4-8143-2a7371db79ac@brownpapertickets.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
	<3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
	<57BC21EC.6080702@redhat.com>
	<21d57b9b-3bc7-d2a4-8143-2a7371db79ac@brownpapertickets.com>
Message-ID: <57BD8876.10005@redhat.com>


On 08/24/2016 01:08 AM, Ian Harding wrote:
>
> On 08/23/2016 03:14 AM, Ludwig Krispenz wrote:
>> On 08/23/2016 11:52 AM, Ian Harding wrote:
>>> Ah.  I see.  I mixed those up but I see that those would have to be
>>> consistent.
>>>
>>> However, I have been trying to beat some invalid RUV to death for a long
>>> time and I can't seem to kill them.
>>>
>>> For example, bellevuenfs has 9 and 16 which are invalid:
>>>
>>> [ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>> "cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>
>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>> Enter LDAP Password:
>>> nsDS5ReplicaId: 7
>>> nsds50ruv: {replicageneration} 55c8f364000000040000
>>> nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
>>> 568ac3cc000000070000 57
>>> nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
>>> 57b10377000200140000
>>> nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>> 57a47801000100120000
>>> nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
>>> 57a403860000000f0000 5
>>> nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
>>> 57a2dccd0000000e0000
>>> nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
>>> 57a422f9000000110000
>>> nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
>>> 57a4f20d000600130000
>>> nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
>>> 57a41706000000100000
>>> nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
>>> 570484ee000000090000 5
>>>
>>>
>>> So I try to kill them like so:
>>> [ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
>>> ipa: WARNING: session memcached servers not running
>>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>>
>>> Cleaning the wrong replica ID will cause that server to no
>>> longer replicate so it may miss updates while the process
>>> is running. It would need to be re-initialized to maintain
>>> consistency. Be very careful.
>>> Background task created to clean replication data. This may take a while.
>>> This may be safely interrupted with Ctrl+C
>>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force --cleanup
>>> ipa: WARNING: session memcached servers not running
>>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>>
>>> Cleaning the wrong replica ID will cause that server to no
>>> longer replicate so it may miss updates while the process
>>> is running. It would need to be re-initialized to maintain
>>> consistency. Be very careful.
>>> Background task created to clean replication data. This may take a while.
>>> This may be safely interrupted with Ctrl+C
>>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>>> ipa: WARNING: session memcached servers not running
>>> CLEANALLRUV tasks
>>> RID 16: Waiting to process all the updates from the deleted replica...
>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>
>>> No abort CLEANALLRUV tasks running
>>> [ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>>> ipa: WARNING: session memcached servers not running
>>> CLEANALLRUV tasks
>>> RID 16: Waiting to process all the updates from the deleted replica...
>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>
>>> and it never finishes.
>>>
>>> seattlenfs is the first master, that's the only place I should have to
>>> run this command, right?
>> right, you need to run it only on one master, but this ease of use can
>> become the problem.
>> The cleanallruv task is propagated to all servers in the topology and it
>> does this based on the replication agreements it finds.
>> A frequent cause of failure is that replication agreements still exist
>> pointing to no longer existing servers. It is a bit tedious, but could
>> you run the following search on ALL
>> of your current replicas (as directory manager):
>>
>> ldapsearch ...... -b "cn=config" "objectclass=nsds5replicationagreement"
>> nsds5replicahost
>>
>> if you find any agreement where nsds5replicahost is a host no longer
>> existing or working, delete these agreements.
> I have 7 FreeIPA servers, all of which have been in existence in some
> form or another since I started.  It used to work great.  I've broken it
> now but the hostnames and ip addresses all still exist.  I've
> uninstalled and reinstalled them a few times which I think is the source
> of my troubles so I tried to straighten out the RUVs and probably messed
> that up pretty good
>
> Anyway, now what I THINK I have is
>
> seattlenfs
> |-freeipa-sea
>    |- freeipa-dal
>    |- bellevuenfs
>    |- fremontnis
>    |- bpt-nyc1-nfs
>    |- edinburghnfs
>
> Until I get this squared away I've turned off ipa services on all but
> seattlenfs, freeipa-sea and freeipa-dal and am hoping that any password
> changes etc. happen on seattlenfs.  I need the other two because they
> are my DNS.  The rest I can kind of live without since they are just
> local instances living on nfs servers.
>
> Here's the output from that ldap query on all the hosts:
yes, looks like the replication agreements are fine, but the RUVs are not.

In the o=ipaca suffix, there is a reference to bellvuenis:

  [{replica 76
ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000


but this seems to be now bellevuenfs.

In the dc=bpt,dc=rocks replica id 9 is causing the trouble. There are 
two replicaids : 9 and 16 for bellevuenfs, and it causes replication 
failure from edinburgh to freeipa-sea. Looks like replicaid 9 is not 
present in freeipa-sea and edinburgh "thinks" it has to send changes, 
but can't position in changelog.

You had tried to cleanallruv for rid9, which seemed not to complete, but 
I don't know what the status is on all servers.
what I would do is

check again the ruvs (the fffff.... tombstone) on all servers,
check  if there are still active tasks, try to get rid of them, (but 
they can be stubborn), either by trying abort cleanallruv or the hard 
way, stop the server, check the dse.ldif for existing task attributes in 
the replica object and remove them.

then either retry cleanallruv, but without the force option (this makes 
the task live until all servers are cleaned, but if replication does not 
work this will not happen),
or, on each server do individual ruv cleaning (only on the server, not 
the cleanallruv task), you can have a look here: 
http://www.port389.org/docs/389ds/howto/howto-cleanruv.html

>
> SEATTLENFS
>
> [root at seattlenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mappin
>   g tree, config
> dn:
> cn=masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>   ca,cn=mapping tree,cn=config
> nsds5replicahost: bellevuenfs.bpt.rocks
>
> # masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica,
> o\3Dipaca, mappi
>   ng tree, config
> dn:
> cn=masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dip
>   aca,cn=mapping tree,cn=config
> nsds5replicahost: bpt-nyc1-nfs.bpt.rocks
>
> # masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mappin
>   g tree, config
> dn:
> cn=masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>   ca,cn=mapping tree,cn=config
> nsds5replicahost: freeipa-dal.bpt.rocks
>
> # masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mappin
>   g tree, config
> dn:
> cn=masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>   ca,cn=mapping tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # masterAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mapping
>    tree, config
> dn:
> cn=masterAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>   a,cn=mapping tree,cn=config
> nsds5replicahost: fremontnis.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 7
> # numEntries: 6
>
> FREEIPA-SEA
>
> [root at freeipa-sea ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTobellevuenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTobellevuenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: bellevuenfs.bpt.rocks
>
> # meTobpt-nyc1-nfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, con
>   fig
> dn:
> cn=meTobpt-nyc1-nfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
>   ng tree,cn=config
> nsds5replicahost: bpt-nyc1-nfs.bpt.rocks
>
> # meToedinburghnfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, con
>   fig
> dn:
> cn=meToedinburghnfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
>   ng tree,cn=config
> nsds5replicahost: edinburghnfs.bpt.rocks
>
> # meTofreeipa-dal.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-dal.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-dal.bpt.rocks
>
> # meTofremontnis.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, confi
>   g
> dn:
> cn=meTofremontnis.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
>    tree,cn=config
> nsds5replicahost: fremontnis.bpt.rocks
>
> # meToseattlenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, confi
>   g
> dn:
> cn=meToseattlenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
>    tree,cn=config
> nsds5replicahost: seattlenfs.bpt.rocks
>
> # cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mapping
>    tree, config
> dn:
> cn=cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>   a,cn=mapping tree,cn=config
> nsds5replicahost: seattlenfs.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 8
> # numEntries: 7
>
> FREEIPA-DAL
>
> [root at freeipa-dal ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mapping
>    tree, config
> dn:
> cn=cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>   a,cn=mapping tree,cn=config
> nsds5replicahost: seattlenfs.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
> BELLEVUENFS
>
> [root at bellevuenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mapping
>    tree, config
> dn:
> cn=cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>   a,cn=mapping tree,cn=config
> nsds5replicahost: seattlenfs.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
>
> FREMONTNIS
>
> [root at fremontnis ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mapping
>   tree, config
> dn:
> cn=cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipaca
>   ,cn=mapping tree,cn=config
> nsds5replicahost: seattlenfs.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
> BPT-NYC1-NFS
>
> [root at bpt-nyc1-nfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mappin
>   g tree, config
> dn:
> cn=cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>   ca,cn=mapping tree,cn=config
> nsds5replicahost: seattlenfs.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
> EDINBURGHNFS
>
> [root at edinburghnfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: objectclass=nsds5replicationagreement
> # requesting: nsds5replicahost
> #
>
> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
> tree, conf
>   ig
> dn:
> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>   g tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
> mappin
>   g tree, config
> dn:
> cn=cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>   ca,cn=mapping tree,cn=config
> nsds5replicahost: freeipa-sea.bpt.rocks
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
> Here's the errors from starting up EDINBURGHNFS to run that query.  It
> has some familiar looking problems.
>
> [23/Aug/2016:23:56:35 +0100] SSL Initialization - Configured SSL version
> range: min: TLS1.0, max: TLS1.2
> [23/Aug/2016:23:56:35 +0100] - 389-Directory/1.3.4.0 B2016.215.1556
> starting up
> [23/Aug/2016:23:56:35 +0100] - WARNING: changelog: entry cache size
> 2097152B is less than db size 12361728B; We recommend to increase the
> entry cache size nsslapd-cachememsize.
> [23/Aug/2016:23:56:35 +0100] schema-compat-plugin - scheduled
> schema-compat-plugin tree scan in about 5 seconds after the server startup!
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> ou=sudoers,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=bpt,dc=rocks does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
> does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
> cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
> does not exist
> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target cn=automember
> rebuild membership,cn=tasks,cn=config does not exist
> [23/Aug/2016:23:56:35 +0100] auto-membership-plugin -
> automember_parse_regex_rule: Unable to parse regex rule (invalid regex).
>   Error "nothing to repeat".
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 1095
> ldap://freeipa-sea.bpt.rocks:389} 579a963c000004470000
> 57a575a0000004470000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 81
> ldap://seattlenfs.bpt.rocks:389} 568ac431000000510000
> 57a4175f000500510000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 96
> ldap://freeipa-sea.bpt.rocks:389} 55c8f3bd000000600000
> 5799a02e000000600000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 86
> ldap://fremontnis.bpt.rocks:389} 5685b24e000000560000
> 5703db4b000500560000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 91
> ldap://seattlenis.bpt.rocks:389} 567ad6180001005b0000
> 568703740000005b0000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 97
> ldap://freeipa-dal.bpt.rocks:389} 55c8f3ce000000610000
> 56f4d70b000000610000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 76
> ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000
> 56f386180004004c0000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 71
> ldap://bellevuenfs.bpt.rocks:389} 57048560000900470000
> 5745722e000000470000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 66
> ldap://bpt-nyc1-nfs.bpt.rocks:389} 5733e594000a00420000
> 5733e5b7002f00420000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 61
> ldap://edinburghnfs.bpt.rocks:389} 574421250000003d0000
> 57785b420004003d0000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 1090
> ldap://freeipa-dal.bpt.rocks:389} 57a2dd35000004420000
> 57a2dd35000404420000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 1085
> ldap://fremontnis.bpt.rocks:389} 57a403e60000043d0000
> 57a403e70002043d0000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 1080
> ldap://bellevuenfs.bpt.rocks:389} 57a41767000004380000
> 57a41768000004380000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: for replica o=ipaca there were
> some differences between the changelog max RUV and the database RUV.  If
> there are obsolete elements in the database RUV, you should remove them
> using the CLEANALLRUV task.  If they are not obsolete, you should check
> their status to see why there are no changes from those servers in the
> changelog.
> [23/Aug/2016:23:56:35 +0100] set_krb5_creds - Could not get initial
> credentials for principal [ldap/edinburghnfs.bpt.rocks at BPT.ROCKS] in
> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
> for requested realm)
> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 20
> ldap://freeipa-sea.bpt.rocks:389} 57b10377000200140000
> 57bb7bc9000500140000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 18
> ldap://bpt-nyc1-nfs.bpt.rocks:389} 57a47801000100120000
> 57b03107000100120000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 15
> ldap://fremontnis.bpt.rocks:389} 57a403860000000f0000
> 57b036b20002000f0000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 14
> ldap://freeipa-dal.bpt.rocks:389} 57a2dccd0000000e0000
> 57bb7b690005000e0000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 19
> ldap://bellevuenfs.bpt.rocks:389} 57a4f20d000600130000
> 57b0fa3b000100130000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 16
> ldap://bellevuenfs.bpt.rocks:389} 57a41706000000100000
> 57a41706000100100000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
> RUV [changelog max RUV] does not contain element [{replica 9
> ldap://bellevuenfs.bpt.rocks:389} 570484ee000000090000
> 579f6419000000090000] which is present in RUV [database RUV]
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: for replica dc=bpt,dc=rocks
> there were some differences between the changelog max RUV and the
> database RUV.  If there are obsolete elements in the database RUV, you
> should remove them using the CLEANALLRUV task.  If they are not
> obsolete, you should check their status to see why there are no changes
> from those servers in the changelog.
> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
> [23/Aug/2016:23:56:35 +0100] schema-compat-plugin - schema-compat-plugin
> tree scan will start in about 5 seconds!
> [23/Aug/2016:23:56:35 +0100] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [23/Aug/2016:23:56:35 +0100] - Listening on All Interfaces port 636 for
> LDAPS requests
> [23/Aug/2016:23:56:35 +0100] - Listening on
> /var/run/slapd-BPT-ROCKS.socket for LDAPI requests
> [23/Aug/2016:23:56:35 +0100] slapd_ldap_sasl_interactive_bind - Error:
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
> GSS failure.  Minor code may provide more information (No Kerberos
> credentials available)) errno 0 (Success)
> [23/Aug/2016:23:56:35 +0100] slapi_ldap_bind - Error: could not perform
> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
> (Local error)
> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
> with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
> more information (No Kerberos credentials available))
> [23/Aug/2016:23:56:39 +0100] NSMMReplicationPlugin -
> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
> with GSSAPI auth resumed
> [23/Aug/2016:23:56:40 +0100] schema-compat-plugin - Finished plugin
> initialization.
> [23/Aug/2016:23:56:41 +0100] agmt="cn=meTofreeipa-sea.bpt.rocks"
> (freeipa-sea:389) - Can't locate CSN 570484ee000000090000 in the
> changelog (DB rc=-30988). If replication stops, the consumer may need to
> be reinitialized.
> [23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin - changelog program -
> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): CSN
> 570484ee000000090000 not found, we aren't as up to date, or we purged
> [23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin -
> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Data required to
> update replica has been purged. The replica must be reinitialized.
> [23/Aug/2016:23:56:42 +0100] NSMMReplicationPlugin -
> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Incremental
> update failed and requires administrator action
>
>
> I went around and around re-initializing from various servers last night
> to try make these go away but it's like whackamole.
>
> What's the best way you can think of to put humpty dumpty back together
> again?
>
> Thank you so much for your time.  Come to Tacoma and I will buy you all
> the beer.
>>> I'm about to burn everything down and ipa-server-install --uninstall but
>>> I've done that before a couple times and that seems to be what got me
>>> into this mess...
>>>
>>> Thank you for your help.
>>>
>>>
>>>
>>>
>>> On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
>>>> looks like you are searching the nstombstone below "o=ipaca", but you
>>>> are cleaning ruvs in "dc=bpt,dc=rocks",
>>>>
>>>> your attrlist_replace error refers to the bpt,rocks backend, so you
>>>> should search the tombstone entry ther, then determine which replicaIDs
>>>> to remove.
>>>>
>>>> Ludwig
>>>>
>>>> On 08/23/2016 09:20 AM, Ian Harding wrote:
>>>>> I've followed the procedure in this thread:
>>>>>
>>>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>>>>
>>>>> and found my list of RUV that don't have an existing replica id.
>>>>>
>>>>> I've tried to remove them like so:
>>>>>
>>>>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>>>>> Enter LDAP Password:
>>>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>>>>> objectclass: top
>>>>> objectclass: extensibleObject
>>>>> replica-base-dn: dc=bpt,dc=rocks
>>>>> replica-id: 97
>>>>> replica-force-cleaning: yes
>>>>> cn: clean 97
>>>>>
>>>>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>>>>
>>>>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>>>>> CLEANALLRUV tasks
>>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>> RID 96: Successfully cleaned rid(96).
>>>>> RID 97: Successfully cleaned rid(97).
>>>>>
>>>>> No abort CLEANALLRUV tasks running
>>>>>
>>>>>
>>>>> and yet, they are still there...
>>>>>
>>>>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>>>> "cn=Directory Manager" -W -b "o=ipaca"
>>>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>>>
>>>>>
>>>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>>>> Enter LDAP Password:
>>>>> nsDS5ReplicaId: 81
>>>>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>>>>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>>>>> 568ac431000000510000 5
>>>>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>>>>> 57b103d400000429000
>>>>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>>>>> 57a4f2700000042e000
>>>>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>> 57a478650000043300
>>>>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>>>>> 57a4176700000438000
>>>>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>>>>> 57a403e60000043d0000
>>>>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>>>>> 57a2dd3500000442000
>>>>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>>>>> 579a963c00000447000
>>>>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>>>>> 55c8f3bd000000600000
>>>>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>>>>> 5685b24e000000560000 5
>>>>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>>>>> 567ad6180001005b0000 5
>>>>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>>>>> 55c8f3ce000000610000
>>>>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>>>>> 56f385eb0007004c0000
>>>>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>>>>> 57048560000900470000
>>>>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>> 5733e594000a00420000
>>>>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>>>>> 574421250000003d0000
>>>>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>>>>> 57a42390000004ab00
>>>>>
>>>>> What have I done wrong?
>>>>>
>>>>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>>>>> updates to all its children, but their changes don't come back because
>>>>> of these errors:
>>>>>
>>>>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>>>>> (nsslapd-referral,
>>>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>>>>
>>>>> in effect, the replication agreements are one-way.
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> - Ian
>>>>>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From mareynol at redhat.com  Wed Aug 24 13:48:01 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Wed, 24 Aug 2016 09:48:01 -0400
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
	<3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
Message-ID: <448c0658-2f3e-b130-fdbf-cd8cfebf2128@redhat.com>



On 08/23/2016 05:52 AM, Ian Harding wrote:
> Ah.  I see.  I mixed those up but I see that those would have to be
> consistent.
>
> However, I have been trying to beat some invalid RUV to death for a long
> time and I can't seem to kill them.
>
> For example, bellevuenfs has 9 and 16 which are invalid:
>
> [ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
> "cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
> | grep "nsds50ruv\|nsDS5ReplicaId"
> Enter LDAP Password:
> nsDS5ReplicaId: 7
> nsds50ruv: {replicageneration} 55c8f364000000040000
> nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
> 568ac3cc000000070000 57
> nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
> 57b10377000200140000
> nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
> 57a47801000100120000
> nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
> 57a403860000000f0000 5
> nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
> 57a2dccd0000000e0000
> nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
> 57a422f9000000110000
> nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
> 57a4f20d000600130000
> nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
> 57a41706000000100000
> nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
> 570484ee000000090000 5
>
>
> So I try to kill them like so:
> [ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
> ipa: WARNING: session memcached servers not running
> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>
> Cleaning the wrong replica ID will cause that server to no
> longer replicate so it may miss updates while the process
> is running. It would need to be re-initialized to maintain
> consistency. Be very careful.
> Background task created to clean replication data. This may take a while.
> This may be safely interrupted with Ctrl+C
> ^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force --cleanup
> ipa: WARNING: session memcached servers not running
> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>
> Cleaning the wrong replica ID will cause that server to no
> longer replicate so it may miss updates while the process
> is running. It would need to be re-initialized to maintain
> consistency. Be very careful.
> Background task created to clean replication data. This may take a while.
> This may be safely interrupted with Ctrl+C
> ^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
> ipa: WARNING: session memcached servers not running
> CLEANALLRUV tasks
> RID 16: Waiting to process all the updates from the deleted replica...
> RID 9: Waiting to process all the updates from the deleted replica...
Looks like you are hitting a bug that is fixed in newer versions of
389-ds-base.  The current version of 389-ds-base/cleanAllRUV does not
wait for updates from the deleted replica if you use the force option. 
Since you did use the force option, and it's still waiting, that tells
me you are hitting this old bug and ultimately you need to upgrade or
get a hotfix(if you are paying customer). 

I do not know what version of 389 you are on, or if it's possible to
upgrade, but with your current version the cleanAllRUV task is not going
to be able to finish.

You can always "abort" the current "clean"  tasks that are not working
(look for the abort section from the link below), but unfortunately you
won't be able to clean those rids until you upgrade 389-ds-base.

http://www.port389.org/docs/389ds/howto/howto-cleanruv.html#cleanallruv

Regards,
Mark
>
> No abort CLEANALLRUV tasks running
> [ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
> ipa: WARNING: session memcached servers not running
> CLEANALLRUV tasks
> RID 16: Waiting to process all the updates from the deleted replica...
> RID 9: Waiting to process all the updates from the deleted replica...
>
> and it never finishes.
>
> seattlenfs is the first master, that's the only place I should have to
> run this command, right?
>
> I'm about to burn everything down and ipa-server-install --uninstall but
> I've done that before a couple times and that seems to be what got me
> into this mess...
>
> Thank you for your help.
>
>
>
>
> On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
>> looks like you are searching the nstombstone below "o=ipaca", but you
>> are cleaning ruvs in "dc=bpt,dc=rocks",
>>
>> your attrlist_replace error refers to the bpt,rocks backend, so you
>> should search the tombstone entry ther, then determine which replicaIDs
>> to remove.
>>
>> Ludwig
>>
>> On 08/23/2016 09:20 AM, Ian Harding wrote:
>>> I've followed the procedure in this thread:
>>>
>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>>
>>> and found my list of RUV that don't have an existing replica id.
>>>
>>> I've tried to remove them like so:
>>>
>>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>>> Enter LDAP Password:
>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>>> objectclass: top
>>> objectclass: extensibleObject
>>> replica-base-dn: dc=bpt,dc=rocks
>>> replica-id: 97
>>> replica-force-cleaning: yes
>>> cn: clean 97
>>>
>>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>>
>>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>>> CLEANALLRUV tasks
>>> RID 9: Waiting to process all the updates from the deleted replica...
>>> RID 96: Successfully cleaned rid(96).
>>> RID 97: Successfully cleaned rid(97).
>>>
>>> No abort CLEANALLRUV tasks running
>>>
>>>
>>> and yet, they are still there...
>>>
>>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>> "cn=Directory Manager" -W -b "o=ipaca"
>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>
>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>> Enter LDAP Password:
>>> nsDS5ReplicaId: 81
>>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>>> 568ac431000000510000 5
>>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>>> 57b103d400000429000
>>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>>> 57a4f2700000042e000
>>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>> 57a478650000043300
>>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>>> 57a4176700000438000
>>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>>> 57a403e60000043d0000
>>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>>> 57a2dd3500000442000
>>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>>> 579a963c00000447000
>>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>>> 55c8f3bd000000600000
>>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>>> 5685b24e000000560000 5
>>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>>> 567ad6180001005b0000 5
>>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>>> 55c8f3ce000000610000
>>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>>> 56f385eb0007004c0000
>>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>>> 57048560000900470000
>>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>> 5733e594000a00420000
>>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>>> 574421250000003d0000
>>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>>> 57a42390000004ab00
>>>
>>> What have I done wrong?
>>>
>>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>>> updates to all its children, but their changes don't come back because
>>> of these errors:
>>>
>>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>>> (nsslapd-referral,
>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>>
>>> in effect, the replication agreements are one-way.
>>>
>>> Any ideas?
>>>
>>> - Ian
>>>



From bahanw042014 at gmail.com  Wed Aug 24 16:33:57 2016
From: bahanw042014 at gmail.com (bahan w)
Date: Wed, 24 Aug 2016 18:33:57 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
	<265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
Message-ID: <CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>

Hey guys.

I performed it :
###
# /usr/bin/repl-monitor.pl -f /tmp/checkconf -s
Directory Server Replication Status (Version 1.1)

Time: Wed Aug 24 2016 18:16:50

Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
Replica ID: 4
Replica Root: dc=<REALM>
Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
Receiver: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
Type: master
Time Lag: 0:00:00
Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
Last Modify Time: 8/24/2016 18:16:50
Supplier: <MASTER OK>:389
Sent/Skipped: 179031 / 1037
Update Status: 0 Replica acquired successfully: Incremental update started
Update Started: 08/24/2016 18:16:50
Update Ended: n/a
Schedule: always in sync
SSL: SASL/GSSAPI

Master: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
Replica ID: 3
Replica Root: dc=<REALM>
Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
Type: master
Time Lag: - 0:22:29
Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
Last Modify Time: 8/24/2016 17:07:34
Supplier: <MASTER UNSYNCHRONIZED>:389
Sent/Skipped: 3 / 9045345
Update Status: 0 Replica acquired successfully: Incremental update started
Update Started: 08/24/2016 18:16:50
Update Ended: n/a
Schedule: always in sync
SSL: SASL/GSSAPI
###

Do you see something strange in there ?
I have another environment where I have two replicated master and they are
OK.
And when I check the same command, the result is a little bit different :
###
Master: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
Replica ID: 4
Replica Root: dc=<REALM>
Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
Receiver: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
Type: master
Time Lag: 0:00:00
Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
Last Modify Time: 8/24/2016 18:16:00
Supplier: <MASTER 1 OK>:389
Sent/Skipped: 343515 / 0
Update Status: 0 Replica acquired successfully: Incremental update succeeded
Update Started: 08/24/2016 18:15:59
Update Ended: 08/24/2016 18:16:08
Schedule: always in sync
SSL: SASL/GSSAPI

Master: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
Replica ID: 3
Replica Root: dc=<REALM>
Max CSN: 57bdc887000800030000 (08/24/2016 18:17:11 8 0)
Receiver: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
Type: master
Time Lag: - 390:51:38
Max CSN: 57a8500d000400030000 (08/08/2016 11:25:33 4 0)
Last Modify Time: 8/8/2016 11:24:28
Supplier: <MASTER 2 OK>:389
Sent/Skipped: 5 / 2596073
Update Status: 0 Replica acquired successfully: Incremental update succeeded
Update Started: 08/24/2016 18:16:00
Update Ended: 08/24/2016 18:16:12
Schedule: always in sync
SSL: SASL/GSSAPI
###

Best regards.

Bahan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160824/ecc32b28/attachment.htm>

From schogan at us.ibm.com  Wed Aug 24 17:08:34 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Wed, 24 Aug 2016 10:08:34 -0700
Subject: [Freeipa-users] (no subject)
Message-ID: <OF8ADC8709.5BC4A277-ON07258019.005DCF94-07258019.005E2B2B@notes.na.collabserv.com>



Hi All,

  Would anyone be able to direct me to some docs regarding NFS automount
with IPA.  We are currently using this setup but to be specific I do not
want the priv keys to be in the users mounted home.  When I did the keygen
I took the defaults for location and it went into the exported home of the
user meaning it is mounted on any system the user logs onto which is not a
good idea.  Is there a way to set this up so the priv keys stay out of the
mounted home or since I have the keys uploaded into IPA I do not need the
key in home?




Sean Hogan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160824/6cd3d0e7/attachment.htm>

From jstephen at redhat.com  Wed Aug 24 17:19:55 2016
From: jstephen at redhat.com (Justin Stephenson)
Date: Wed, 24 Aug 2016 13:19:55 -0400
Subject: [Freeipa-users] Default gid for AD trust users
In-Reply-To: <da5d13ff-81a2-bb4b-2087-8ab9f73a306e@cora.nwra.com>
References: <da5d13ff-81a2-bb4b-2087-8ab9f73a306e@cora.nwra.com>
Message-ID: <f0ec6c0b-1f85-bbc3-2af1-26e42e91ea79@redhat.com>

Could you please explain further what you are trying to accomplish with 
an AD trust default group? I believe we are following the standard linux 
convention of creating a user private group using the ID number which 
matches the uid number for AD trust users.

Kind regards,

Justin Stephenson


On 08/23/2016 06:27 PM, Orion Poplawski wrote:
> Is there any way to control the default gid for AD trust users?  At the moment
> each user has it's own default group, e.g.:
>
> uid=22603(user at ad.domain) gid=22603(user at ad.domain)
>
> It would be nice to be able to set this to an actual group.
>
> Thanks.
>



From orion at cora.nwra.com  Wed Aug 24 17:42:26 2016
From: orion at cora.nwra.com (Orion Poplawski)
Date: Wed, 24 Aug 2016 11:42:26 -0600
Subject: [Freeipa-users] Default gid for AD trust users
In-Reply-To: <f0ec6c0b-1f85-bbc3-2af1-26e42e91ea79@redhat.com>
References: <da5d13ff-81a2-bb4b-2087-8ab9f73a306e@cora.nwra.com>
	<f0ec6c0b-1f85-bbc3-2af1-26e42e91ea79@redhat.com>
Message-ID: <ad67e089-2753-2ae6-71d7-775c2414184d@cora.nwra.com>

While that is definitely *a* convention, it's not the one we've used which
puts users by default in shared groups (nwra, visitors, etc).  For example:

uid=2941(user) gid=1991(nwra)

We may be fine changing conventions, but I'm researching whether or not we
have to.

Thanks.

On 08/24/2016 11:19 AM, Justin Stephenson wrote:
> Could you please explain further what you are trying to accomplish with an AD
> trust default group? I believe we are following the standard linux convention
> of creating a user private group using the ID number which matches the uid
> number for AD trust users.
> 
> Kind regards,
> 
> Justin Stephenson
> 
> 
> On 08/23/2016 06:27 PM, Orion Poplawski wrote:
>> Is there any way to control the default gid for AD trust users?  At the moment
>> each user has it's own default group, e.g.:
>>
>> uid=22603(user at ad.domain) gid=22603(user at ad.domain)
>>
>> It would be nice to be able to set this to an actual group.
>>
>> Thanks.
>>
> 


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com



From linov.suresh at gmail.com  Wed Aug 24 20:19:35 2016
From: linov.suresh at gmail.com (Linov Suresh)
Date: Wed, 24 Aug 2016 16:19:35 -0400
Subject: [Freeipa-users] KDC returned error string:
	NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
	<420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
Message-ID: <CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>

Look like our issue is discussed here, and *is **missing one or more
memberPrincipal*.

https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html

When I tried to add the Principal, I'm getting error,


[root at ipa01 ~]# kadmin.local
Authenticating as principal admin/admin at TELOIP.NET with password.
kadmin.local:  addprinc -randkey HTTP/ipa02.teloip.net at TELOIP.NET
WARNING: no policy specified for HTTP/ipa02.teloip.net at TELOIP.NET;
defaulting to no policy
add_principal: Principal or policy already exists while creating "HTTP/
ipa02.teloip.net at TELOIP.NET"

[root at ipa01 ~]# kadmin.local
Authenticating as principal admin/admin at TELOIP.NET with password.
kadmin.local:  addprinc -randkey ldap/ipa02.teloip.net at TELOIP.NET
WARNING: no policy specified for ldap/ipa02.teloip.net at TELOIP.NET;
defaulting to no policy
add_principal: Principal or policy already exists while creating "ldap/
ipa02.teloip.net at TELOIP.NET".

Could you please help us to fix the "*KDC returned error string:
NOT_ALLOWED_TO_DELEGATE*" error?


[root at caer ~]# kadmin.local
Authenticating as principal admin/admin at TELOIP.NET with password.
kadmin.local:  addprinc -randkey HTTP/neit.teloip.net at TELOIP.NET
WARNING: no policy specified for HTTP/neit.teloip.net at TELOIP.NET;
defaulting to no policy
add_principal: Principal or policy already exists while creating "HTTP/
neit.teloip.net at TELOIP.NET"








On Tue, Aug 16, 2016 at 7:58 AM, Martin Kosek <mkosek at redhat.com> wrote:

> On 08/16/2016 09:25 AM, Petr Spacek wrote:
> > On 15.8.2016 20:18, Linov Suresh wrote:
> >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
> >>
> >>
> >> We can only add the clients from IPA Server 01, not from IPA Server 02.
> >> When I tried to add the client from IPA Server 02, getting the error,
> >>
> >>
> >> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI
> Error:
> >> Unspecified GSS failure.  Minor code may provide more information (KDC
> >> returned error string: NOT_ALLOWED_TO_DELEGATE)
> >>
> >> SASL/GSSAPI authentication started
> >>
> >> SASL username: vpham at EXAMPLE.NET
> >>
> >> SASL SSF: 56
> >>
> >> SASL data security layer installed.
> >>
> >> ldap_modify: No such object (32)
> >>
> >>         additional info: Range Check error
> >>
> >> modifying entry "fqdn=cpe-5061747522f9.example.net
> >> ,cn=computers,cn=accounts,dc=example,dc=net"
> >>
> >>
> >> Could you please help us to fix this?
> >
> > We need to see exact steps you did before we can give you any meaningful
> advice.
> >
> > Please have a look at
> > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
> >
> > It is a very nice document which describes general bug reporting
> procedure and
> > best practices.
> >
> > We will certainly have a look but we need first see the information :-)
> >
>
> Also, using IPA on RHEL-6.4 is discouraged. This is a really old release
> and
> there are known issues (in cert renewals for example). Using at least
> RHEL-6.8
> or, even better, RHEL-7.2 is preferred and would help you avoid known
> issues
> and deficiencies (and the newer FreeIPA versions are way cooler anyway).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160824/b78f06fc/attachment.htm>

From rcritten at redhat.com  Wed Aug 24 20:32:30 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 24 Aug 2016 16:32:30 -0400
Subject: [Freeipa-users] KDC returned error string:
 NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
	<420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
	<CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>
Message-ID: <57BE045E.6020504@redhat.com>

Linov Suresh wrote:
> Look like our issue is discussed here, and *is **missing one or more
> memberPrincipal*.
>
> https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html
>
> When I tried to add the Principal, I'm getting error,

You didn't follow the instructions in the e-mail thread. The problem 
isn't a principal that doesn't exist, it is a principal not in the 
delegation list. Do the ldapsearch's and see what is missing (and you'll 
need to use -Y GSSAPI instead of -x) then add it using ldapmodify.

Only under very specific circumstances would I ever recommend using 
kadmin.local.

rob

>
>
> [root at ipa01 ~]# kadmin.local
> Authenticating as principal admin/admin at TELOIP.NET
> <mailto:admin at TELOIP.NET> with password.
> kadmin.local:  addprinc -randkey HTTP/ipa02.teloip.net at TELOIP.NET
> <mailto:ipa02.teloip.net at TELOIP.NET>
> WARNING: no policy specified for HTTP/ipa02.teloip.net at TELOIP.NET
> <mailto:ipa02.teloip.net at TELOIP.NET>; defaulting to no policy
> add_principal: Principal or policy already exists while creating
> "HTTP/ipa02.teloip.net at TELOIP.NET <mailto:ipa02.teloip.net at TELOIP.NET>"
>
> [root at ipa01 ~]# kadmin.local
> Authenticating as principal admin/admin at TELOIP.NET
> <mailto:admin at TELOIP.NET> with password.
> kadmin.local:  addprinc -randkey ldap/ipa02.teloip.net at TELOIP.NET
> <mailto:ipa02.teloip.net at TELOIP.NET>
> WARNING: no policy specified for ldap/ipa02.teloip.net at TELOIP.NET
> <mailto:ipa02.teloip.net at TELOIP.NET>; defaulting to no policy
> add_principal: Principal or policy already exists while creating
> "ldap/ipa02.teloip.net at TELOIP.NET <mailto:ipa02.teloip.net at TELOIP.NET>".
>
> Could you please help us to fix the "*KDC returned error string:
> NOT_ALLOWED_TO_DELEGATE*" error?
>
>
> [root at caer ~]# kadmin.local
> Authenticating as principal admin/admin at TELOIP.NET
> <mailto:admin at TELOIP.NET> with password.
> kadmin.local:  addprinc -randkey HTTP/neit.teloip.net at TELOIP.NET
> <mailto:neit.teloip.net at TELOIP.NET>
> WARNING: no policy specified for HTTP/neit.teloip.net at TELOIP.NET
> <mailto:neit.teloip.net at TELOIP.NET>; defaulting to no policy
> add_principal: Principal or policy already exists while creating
> "HTTP/neit.teloip.net at TELOIP.NET <mailto:neit.teloip.net at TELOIP.NET>"
>
>
>
>
>
>
> On Tue, Aug 16, 2016 at 7:58 AM, Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
>
>     On 08/16/2016 09:25 AM, Petr Spacek wrote:
>     > On 15.8.2016 20:18, Linov Suresh wrote:
>     >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
>     >>
>     >>
>     >> We can only add the clients from IPA Server 01, not from IPA Server 02.
>     >> When I tried to add the client from IPA Server 02, getting the error,
>     >>
>     >>
>     >> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
>     >> Unspecified GSS failure.  Minor code may provide more information (KDC
>     >> returned error string: NOT_ALLOWED_TO_DELEGATE)
>     >>
>     >> SASL/GSSAPI authentication started
>     >>
>     >> SASL username:vpham at EXAMPLE.NET <mailto:vpham at EXAMPLE.NET>
>     >>
>     >> SASL SSF: 56
>     >>
>     >> SASL data security layer installed.
>     >>
>     >> ldap_modify: No such object (32)
>     >>
>     >>         additional info: Range Check error
>     >>
>     >> modifying entry "fqdn=cpe-5061747522f9.example.net <http://cpe-5061747522f9.example.net>
>     >> ,cn=computers,cn=accounts,dc=example,dc=net"
>     >>
>     >>
>     >> Could you please help us to fix this?
>     >
>      > We need to see exact steps you did before we can give you any
>     meaningful advice.
>      >
>      > Please have a look at
>      > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>     <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>
>      >
>      > It is a very nice document which describes general bug reporting
>     procedure and
>      > best practices.
>      >
>      > We will certainly have a look but we need first see the
>     information :-)
>      >
>
>     Also, using IPA on RHEL-6.4 is discouraged. This is a really old
>     release and
>     there are known issues (in cert renewals for example). Using at
>     least RHEL-6.8
>     or, even better, RHEL-7.2 is preferred and would help you avoid
>     known issues
>     and deficiencies (and the newer FreeIPA versions are way cooler anyway).
>
>
>
>



From chris at node-nine.com  Wed Aug 24 21:01:23 2016
From: chris at node-nine.com (Chris Moody)
Date: Wed, 24 Aug 2016 14:01:23 -0700
Subject: [Freeipa-users] ipa trust-fetch-domains missing
Message-ID: <57BE0B23.5020004@node-nine.com>

Hello.

Wanted to first take a quick moment to thank everyone for their 
contributions on making this such a slick packaging and integration of 
components.  FreeIPA is a welcome systemthat has been needed for a LONG 
time.

I'm running into some trouble in completing my AD-trust setup.

I've followed the guide here: 
http://www.freeipa.org/page/Active_Directory_trust_setup

but am not finding the command 'ipa trust-fetch-domains "ad_domain"'.

What concerns me is the statement " With this command running 
successfuly, IPA will get information about trusted domains and will 
create all needed identity ranges for them." - does this imply that if 
this command is NOT run that the creation of the mentioned identity 
ranges does not occur?


The following command in the guide (ipa trustdomain-find "ad_domain") 
also does not exist, but what appears to be a variant of it (ipa 
trust-find) does return these results:
=====
[root at ca1-infra-ipa1 ~]# ipa trust-find
---------------
1 trust matched
---------------
   Realm name: ad.XXXXX.com
   Domain NetBIOS name: AD
   Domain Security Identifier: S-1-5-21-754923713-4108838501-2041013861
   Trust type: Active Directory domain
----------------------------
Number of entries returned 1
----------------------------
=====
[root at ca1-infra-ipa1 ~]# ipa trust-show "ad.XXXXX.com"
   Realm name: ad.XXXXX.com
   Domain NetBIOS name: AD
   Domain Security Identifier: S-1-5-21-754923713-4108838501-2041013861
   Trust direction: Two-way trust
   Trust type: Active Directory domain
[root at ca1-infra-ipa1 ~]#
=====

I'm just wanting to confirm whether or not the 'trust-fetch-domains' 
command that's listed in the guide is essential to complete the AD trust 
setup or if it's simply providing an informational output.

Thanks,
-Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160824/958a98f7/attachment.htm>

From linov.suresh at gmail.com  Wed Aug 24 21:15:20 2016
From: linov.suresh at gmail.com (Linov Suresh)
Date: Wed, 24 Aug 2016 17:15:20 -0400
Subject: [Freeipa-users] KDC returned error string:
	NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <57BE045E.6020504@redhat.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
	<420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
	<CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>
	<57BE045E.6020504@redhat.com>
Message-ID: <CALdvvBOmky03dDpgJXhHN-vpyc-Eu-UW6zHMD-A8JgdW2NcjYw@mail.gmail.com>

IPA Server 1 do not have HTTP as well as ldap principal. Just wondering how
do we add HTTP and ldap principal to the delegation list using ldapmodify.

I'm new to IPA, your help is appreciated.

On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Linov Suresh wrote:
>
>> Look like our issue is discussed here, and *is **missing one or more
>> memberPrincipal*.
>>
>> https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html
>>
>> When I tried to add the Principal, I'm getting error,
>>
>
> You didn't follow the instructions in the e-mail thread. The problem isn't
> a principal that doesn't exist, it is a principal not in the delegation
> list. Do the ldapsearch's and see what is missing (and you'll need to use
> -Y GSSAPI instead of -x) then add it using ldapmodify.
>
> Only under very specific circumstances would I ever recommend using
> kadmin.local.
>
> rob
>
>
>>
>> [root at ipa01 ~]# kadmin.local
>> Authenticating as principal admin/admin at TELOIP.NET
>> <mailto:admin at TELOIP.NET> with password.
>> kadmin.local:  addprinc -randkey HTTP/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>
>> WARNING: no policy specified for HTTP/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>; defaulting to no policy
>> add_principal: Principal or policy already exists while creating
>> "HTTP/ipa02.teloip.net at TELOIP.NET <mailto:ipa02.teloip.net at TELOIP.NET>"
>>
>> [root at ipa01 ~]# kadmin.local
>> Authenticating as principal admin/admin at TELOIP.NET
>> <mailto:admin at TELOIP.NET> with password.
>> kadmin.local:  addprinc -randkey ldap/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>
>> WARNING: no policy specified for ldap/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>; defaulting to no policy
>> add_principal: Principal or policy already exists while creating
>> "ldap/ipa02.teloip.net at TELOIP.NET <mailto:ipa02.teloip.net at TELOIP.NET>".
>>
>> Could you please help us to fix the "*KDC returned error string:
>> NOT_ALLOWED_TO_DELEGATE*" error?
>>
>>
>> [root at caer ~]# kadmin.local
>> Authenticating as principal admin/admin at TELOIP.NET
>> <mailto:admin at TELOIP.NET> with password.
>> kadmin.local:  addprinc -randkey HTTP/neit.teloip.net at TELOIP.NET
>> <mailto:neit.teloip.net at TELOIP.NET>
>> WARNING: no policy specified for HTTP/neit.teloip.net at TELOIP.NET
>> <mailto:neit.teloip.net at TELOIP.NET>; defaulting to no policy
>> add_principal: Principal or policy already exists while creating
>> "HTTP/neit.teloip.net at TELOIP.NET <mailto:neit.teloip.net at TELOIP.NET>"
>>
>>
>>
>>
>>
>>
>> On Tue, Aug 16, 2016 at 7:58 AM, Martin Kosek <mkosek at redhat.com
>> <mailto:mkosek at redhat.com>> wrote:
>>
>>     On 08/16/2016 09:25 AM, Petr Spacek wrote:
>>     > On 15.8.2016 20:18, Linov Suresh wrote:
>>     >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
>>     >>
>>     >>
>>     >> We can only add the clients from IPA Server 01, not from IPA
>> Server 02.
>>     >> When I tried to add the client from IPA Server 02, getting the
>> error,
>>     >>
>>     >>
>>     >> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI
>> Error:
>>     >> Unspecified GSS failure.  Minor code may provide more information
>> (KDC
>>     >> returned error string: NOT_ALLOWED_TO_DELEGATE)
>>     >>
>>     >> SASL/GSSAPI authentication started
>>     >>
>>     >> SASL username:vpham at EXAMPLE.NET <mailto:vpham at EXAMPLE.NET>
>>     >>
>>     >> SASL SSF: 56
>>     >>
>>     >> SASL data security layer installed.
>>     >>
>>     >> ldap_modify: No such object (32)
>>     >>
>>     >>         additional info: Range Check error
>>     >>
>>     >> modifying entry "fqdn=cpe-5061747522f9.example.net <
>> http://cpe-5061747522f9.example.net>
>>     >> ,cn=computers,cn=accounts,dc=example,dc=net"
>>     >>
>>     >>
>>     >> Could you please help us to fix this?
>>     >
>>      > We need to see exact steps you did before we can give you any
>>     meaningful advice.
>>      >
>>      > Please have a look at
>>      > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>>     <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>
>>      >
>>      > It is a very nice document which describes general bug reporting
>>     procedure and
>>      > best practices.
>>      >
>>      > We will certainly have a look but we need first see the
>>     information :-)
>>      >
>>
>>     Also, using IPA on RHEL-6.4 is discouraged. This is a really old
>>     release and
>>     there are known issues (in cert renewals for example). Using at
>>     least RHEL-6.8
>>     or, even better, RHEL-7.2 is preferred and would help you avoid
>>     known issues
>>     and deficiencies (and the newer FreeIPA versions are way cooler
>> anyway).
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160824/f51deb52/attachment.htm>

From abokovoy at redhat.com  Wed Aug 24 21:17:45 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 25 Aug 2016 00:17:45 +0300
Subject: [Freeipa-users] ipa trust-fetch-domains missing
In-Reply-To: <57BE0B23.5020004@node-nine.com>
References: <57BE0B23.5020004@node-nine.com>
Message-ID: <20160824211745.jjsokkxfjazfuf4b@redhat.com>

On Wed, 24 Aug 2016, Chris Moody wrote:
>Hello.
>
>Wanted to first take a quick moment to thank everyone for their 
>contributions on making this such a slick packaging and integration of 
>components.  FreeIPA is a welcome systemthat has been needed for a 
>LONG time.
>
>I'm running into some trouble in completing my AD-trust setup.
>
>I've followed the guide here: 
>http://www.freeipa.org/page/Active_Directory_trust_setup
>
>but am not finding the command 'ipa trust-fetch-domains "ad_domain"'.
>
>What concerns me is the statement " With this command running 
>successfuly, IPA will get information about trusted domains and will 
>create all needed identity ranges for them." - does this imply that if 
>this command is NOT run that the creation of the mentioned identity 
>ranges does not occur?
>
>
>The following command in the guide (ipa trustdomain-find "ad_domain") 
>also does not exist, but what appears to be a variant of it (ipa 
>trust-find) does return these results:
What FreeIPA version do you have? Sounds like FreeIPA 3.0.something.

In FreeIPA 3.0 support for trust to AD was only taking off. Most of
features were added in FreeIPA 3.3 and later, with FreeIPA 4.2 being
most stable.

-- 
/ Alexander Bokovoy



From ianh at brownpapertickets.com  Wed Aug 24 21:43:44 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Wed, 24 Aug 2016 14:43:44 -0700
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <57BD8876.10005@redhat.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
	<3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
	<57BC21EC.6080702@redhat.com>
	<21d57b9b-3bc7-d2a4-8143-2a7371db79ac@brownpapertickets.com>
	<57BD8876.10005@redhat.com>
Message-ID: <1e8f2980-661e-156a-6388-faa029cbe21b@brownpapertickets.com>



On 08/24/2016 04:43 AM, Ludwig Krispenz wrote:
> 
> On 08/24/2016 01:08 AM, Ian Harding wrote:
>>
>> On 08/23/2016 03:14 AM, Ludwig Krispenz wrote:
>>> On 08/23/2016 11:52 AM, Ian Harding wrote:
>>>> Ah.  I see.  I mixed those up but I see that those would have to be
>>>> consistent.
>>>>
>>>> However, I have been trying to beat some invalid RUV to death for a
>>>> long
>>>> time and I can't seem to kill them.
>>>>
>>>> For example, bellevuenfs has 9 and 16 which are invalid:
>>>>
>>>> [ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>>> "cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
>>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>>
>>>>
>>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>>> Enter LDAP Password:
>>>> nsDS5ReplicaId: 7
>>>> nsds50ruv: {replicageneration} 55c8f364000000040000
>>>> nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
>>>> 568ac3cc000000070000 57
>>>> nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
>>>> 57b10377000200140000
>>>> nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>> 57a47801000100120000
>>>> nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
>>>> 57a403860000000f0000 5
>>>> nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
>>>> 57a2dccd0000000e0000
>>>> nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
>>>> 57a422f9000000110000
>>>> nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
>>>> 57a4f20d000600130000
>>>> nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
>>>> 57a41706000000100000
>>>> nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
>>>> 570484ee000000090000 5
>>>>
>>>>
>>>> So I try to kill them like so:
>>>> [ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
>>>> ipa: WARNING: session memcached servers not running
>>>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>>>
>>>> Cleaning the wrong replica ID will cause that server to no
>>>> longer replicate so it may miss updates while the process
>>>> is running. It would need to be re-initialized to maintain
>>>> consistency. Be very careful.
>>>> Background task created to clean replication data. This may take a
>>>> while.
>>>> This may be safely interrupted with Ctrl+C
>>>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force
>>>> --cleanup
>>>> ipa: WARNING: session memcached servers not running
>>>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>>>
>>>> Cleaning the wrong replica ID will cause that server to no
>>>> longer replicate so it may miss updates while the process
>>>> is running. It would need to be re-initialized to maintain
>>>> consistency. Be very careful.
>>>> Background task created to clean replication data. This may take a
>>>> while.
>>>> This may be safely interrupted with Ctrl+C
>>>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>>>> ipa: WARNING: session memcached servers not running
>>>> CLEANALLRUV tasks
>>>> RID 16: Waiting to process all the updates from the deleted replica...
>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>
>>>> No abort CLEANALLRUV tasks running
>>>> [ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>>>> ipa: WARNING: session memcached servers not running
>>>> CLEANALLRUV tasks
>>>> RID 16: Waiting to process all the updates from the deleted replica...
>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>
>>>> and it never finishes.
>>>>
>>>> seattlenfs is the first master, that's the only place I should have to
>>>> run this command, right?
>>> right, you need to run it only on one master, but this ease of use can
>>> become the problem.
>>> The cleanallruv task is propagated to all servers in the topology and it
>>> does this based on the replication agreements it finds.
>>> A frequent cause of failure is that replication agreements still exist
>>> pointing to no longer existing servers. It is a bit tedious, but could
>>> you run the following search on ALL
>>> of your current replicas (as directory manager):
>>>
>>> ldapsearch ...... -b "cn=config" "objectclass=nsds5replicationagreement"
>>> nsds5replicahost
>>>
>>> if you find any agreement where nsds5replicahost is a host no longer
>>> existing or working, delete these agreements.
>> I have 7 FreeIPA servers, all of which have been in existence in some
>> form or another since I started.  It used to work great.  I've broken it
>> now but the hostnames and ip addresses all still exist.  I've
>> uninstalled and reinstalled them a few times which I think is the source
>> of my troubles so I tried to straighten out the RUVs and probably messed
>> that up pretty good
>>
>> Anyway, now what I THINK I have is
>>
>> seattlenfs
>> |-freeipa-sea
>>    |- freeipa-dal
>>    |- bellevuenfs
>>    |- fremontnis
>>    |- bpt-nyc1-nfs
>>    |- edinburghnfs
>>
>> Until I get this squared away I've turned off ipa services on all but
>> seattlenfs, freeipa-sea and freeipa-dal and am hoping that any password
>> changes etc. happen on seattlenfs.  I need the other two because they
>> are my DNS.  The rest I can kind of live without since they are just
>> local instances living on nfs servers.
>>
>> Here's the output from that ldap query on all the hosts:
> yes, looks like the replication agreements are fine, but the RUVs are not.
> 
> In the o=ipaca suffix, there is a reference to bellvuenis:
> 
>  [{replica 76
> ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000
> 

are the RUV in that suffix as big a problem?  There are tons of "dead"
RUV in there.

> 
> but this seems to be now bellevuenfs.
> 
> In the dc=bpt,dc=rocks replica id 9 is causing the trouble. There are
> two replicaids : 9 and 16 for bellevuenfs, and it causes replication
> failure from edinburgh to freeipa-sea. Looks like replicaid 9 is not
> present in freeipa-sea and edinburgh "thinks" it has to send changes,
> but can't position in changelog.
> 
> You had tried to cleanallruv for rid9, which seemed not to complete, but
> I don't know what the status is on all servers.
> what I would do is
> 
> check again the ruvs (the fffff.... tombstone) on all servers,
> check  if there are still active tasks, try to get rid of them, (but
> they can be stubborn), either by trying abort cleanallruv or the hard
> way, stop the server, check the dse.ldif for existing task attributes in
> the replica object and remove them.

I'm interested in this option.  Most of the servers are off now anyway,
so I can hack the dse.ldif I suppose but I'm not sure what I'm looking
at/for.

> 
> then either retry cleanallruv, but without the force option (this makes
> the task live until all servers are cleaned, but if replication does not
> work this will not happen),
> or, on each server do individual ruv cleaning (only on the server, not
> the cleanallruv task), you can have a look here:
> http://www.port389.org/docs/389ds/howto/howto-cleanruv.html
> 
>>
>> SEATTLENFS
>>
>> [root at seattlenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mappin
>>   g tree, config
>> dn:
>> cn=masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>
>>   ca,cn=mapping tree,cn=config
>> nsds5replicahost: bellevuenfs.bpt.rocks
>>
>> # masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica,
>> o\3Dipaca, mappi
>>   ng tree, config
>> dn:
>> cn=masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dip
>>
>>   aca,cn=mapping tree,cn=config
>> nsds5replicahost: bpt-nyc1-nfs.bpt.rocks
>>
>> # masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mappin
>>   g tree, config
>> dn:
>> cn=masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>
>>   ca,cn=mapping tree,cn=config
>> nsds5replicahost: freeipa-dal.bpt.rocks
>>
>> # masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mappin
>>   g tree, config
>> dn:
>> cn=masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>
>>   ca,cn=mapping tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # masterAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mapping
>>    tree, config
>> dn:
>> cn=masterAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>
>>   a,cn=mapping tree,cn=config
>> nsds5replicahost: fremontnis.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 7
>> # numEntries: 6
>>
>> FREEIPA-SEA
>>
>> [root at freeipa-sea ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTobellevuenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTobellevuenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: bellevuenfs.bpt.rocks
>>
>> # meTobpt-nyc1-nfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, con
>>   fig
>> dn:
>> cn=meTobpt-nyc1-nfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
>>
>>   ng tree,cn=config
>> nsds5replicahost: bpt-nyc1-nfs.bpt.rocks
>>
>> # meToedinburghnfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, con
>>   fig
>> dn:
>> cn=meToedinburghnfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
>>
>>   ng tree,cn=config
>> nsds5replicahost: edinburghnfs.bpt.rocks
>>
>> # meTofreeipa-dal.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-dal.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-dal.bpt.rocks
>>
>> # meTofremontnis.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, confi
>>   g
>> dn:
>> cn=meTofremontnis.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
>>
>>    tree,cn=config
>> nsds5replicahost: fremontnis.bpt.rocks
>>
>> # meToseattlenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, confi
>>   g
>> dn:
>> cn=meToseattlenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
>>
>>    tree,cn=config
>> nsds5replicahost: seattlenfs.bpt.rocks
>>
>> # cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mapping
>>    tree, config
>> dn:
>> cn=cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>
>>   a,cn=mapping tree,cn=config
>> nsds5replicahost: seattlenfs.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 8
>> # numEntries: 7
>>
>> FREEIPA-DAL
>>
>> [root at freeipa-dal ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mapping
>>    tree, config
>> dn:
>> cn=cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>
>>   a,cn=mapping tree,cn=config
>> nsds5replicahost: seattlenfs.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>> BELLEVUENFS
>>
>> [root at bellevuenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mapping
>>    tree, config
>> dn:
>> cn=cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>
>>   a,cn=mapping tree,cn=config
>> nsds5replicahost: seattlenfs.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>>
>> FREMONTNIS
>>
>> [root at fremontnis ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mapping
>>   tree, config
>> dn:
>> cn=cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipaca
>>
>>   ,cn=mapping tree,cn=config
>> nsds5replicahost: seattlenfs.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>> BPT-NYC1-NFS
>>
>> [root at bpt-nyc1-nfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mappin
>>   g tree, config
>> dn:
>> cn=cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>
>>   ca,cn=mapping tree,cn=config
>> nsds5replicahost: seattlenfs.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>> EDINBURGHNFS
>>
>> [root at edinburghnfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: objectclass=nsds5replicationagreement
>> # requesting: nsds5replicahost
>> #
>>
>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>> tree, conf
>>   ig
>> dn:
>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>
>>   g tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>> mappin
>>   g tree, config
>> dn:
>> cn=cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>
>>   ca,cn=mapping tree,cn=config
>> nsds5replicahost: freeipa-sea.bpt.rocks
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 3
>> # numEntries: 2
>>
>> Here's the errors from starting up EDINBURGHNFS to run that query.  It
>> has some familiar looking problems.
>>
>> [23/Aug/2016:23:56:35 +0100] SSL Initialization - Configured SSL version
>> range: min: TLS1.0, max: TLS1.2
>> [23/Aug/2016:23:56:35 +0100] - 389-Directory/1.3.4.0 B2016.215.1556
>> starting up
>> [23/Aug/2016:23:56:35 +0100] - WARNING: changelog: entry cache size
>> 2097152B is less than db size 12361728B; We recommend to increase the
>> entry cache size nsslapd-cachememsize.
>> [23/Aug/2016:23:56:35 +0100] schema-compat-plugin - scheduled
>> schema-compat-plugin tree scan in about 5 seconds after the server
>> startup!
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> ou=sudoers,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=bpt,dc=rocks does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
>> does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>> cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
>> does not exist
>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target cn=automember
>> rebuild membership,cn=tasks,cn=config does not exist
>> [23/Aug/2016:23:56:35 +0100] auto-membership-plugin -
>> automember_parse_regex_rule: Unable to parse regex rule (invalid regex).
>>   Error "nothing to repeat".
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 1095
>> ldap://freeipa-sea.bpt.rocks:389} 579a963c000004470000
>> 57a575a0000004470000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 81
>> ldap://seattlenfs.bpt.rocks:389} 568ac431000000510000
>> 57a4175f000500510000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 96
>> ldap://freeipa-sea.bpt.rocks:389} 55c8f3bd000000600000
>> 5799a02e000000600000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 86
>> ldap://fremontnis.bpt.rocks:389} 5685b24e000000560000
>> 5703db4b000500560000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 91
>> ldap://seattlenis.bpt.rocks:389} 567ad6180001005b0000
>> 568703740000005b0000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 97
>> ldap://freeipa-dal.bpt.rocks:389} 55c8f3ce000000610000
>> 56f4d70b000000610000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 76
>> ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000
>> 56f386180004004c0000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 71
>> ldap://bellevuenfs.bpt.rocks:389} 57048560000900470000
>> 5745722e000000470000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 66
>> ldap://bpt-nyc1-nfs.bpt.rocks:389} 5733e594000a00420000
>> 5733e5b7002f00420000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 61
>> ldap://edinburghnfs.bpt.rocks:389} 574421250000003d0000
>> 57785b420004003d0000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 1090
>> ldap://freeipa-dal.bpt.rocks:389} 57a2dd35000004420000
>> 57a2dd35000404420000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 1085
>> ldap://fremontnis.bpt.rocks:389} 57a403e60000043d0000
>> 57a403e70002043d0000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 1080
>> ldap://bellevuenfs.bpt.rocks:389} 57a41767000004380000
>> 57a41768000004380000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: for replica o=ipaca there were
>> some differences between the changelog max RUV and the database RUV.  If
>> there are obsolete elements in the database RUV, you should remove them
>> using the CLEANALLRUV task.  If they are not obsolete, you should check
>> their status to see why there are no changes from those servers in the
>> changelog.
>> [23/Aug/2016:23:56:35 +0100] set_krb5_creds - Could not get initial
>> credentials for principal [ldap/edinburghnfs.bpt.rocks at BPT.ROCKS] in
>> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
>> for requested realm)
>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>> (nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>> (nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 20
>> ldap://freeipa-sea.bpt.rocks:389} 57b10377000200140000
>> 57bb7bc9000500140000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 18
>> ldap://bpt-nyc1-nfs.bpt.rocks:389} 57a47801000100120000
>> 57b03107000100120000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 15
>> ldap://fremontnis.bpt.rocks:389} 57a403860000000f0000
>> 57b036b20002000f0000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 14
>> ldap://freeipa-dal.bpt.rocks:389} 57a2dccd0000000e0000
>> 57bb7b690005000e0000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 19
>> ldap://bellevuenfs.bpt.rocks:389} 57a4f20d000600130000
>> 57b0fa3b000100130000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 16
>> ldap://bellevuenfs.bpt.rocks:389} 57a41706000000100000
>> 57a41706000100100000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>> RUV [changelog max RUV] does not contain element [{replica 9
>> ldap://bellevuenfs.bpt.rocks:389} 570484ee000000090000
>> 579f6419000000090000] which is present in RUV [database RUV]
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: for replica dc=bpt,dc=rocks
>> there were some differences between the changelog max RUV and the
>> database RUV.  If there are obsolete elements in the database RUV, you
>> should remove them using the CLEANALLRUV task.  If they are not
>> obsolete, you should check their status to see why there are no changes
>> from those servers in the changelog.
>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>> (nsslapd-referral,
>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>> (nsslapd-referral,
>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>> [23/Aug/2016:23:56:35 +0100] schema-compat-plugin - schema-compat-plugin
>> tree scan will start in about 5 seconds!
>> [23/Aug/2016:23:56:35 +0100] - slapd started.  Listening on All
>> Interfaces port 389 for LDAP requests
>> [23/Aug/2016:23:56:35 +0100] - Listening on All Interfaces port 636 for
>> LDAPS requests
>> [23/Aug/2016:23:56:35 +0100] - Listening on
>> /var/run/slapd-BPT-ROCKS.socket for LDAPI requests
>> [23/Aug/2016:23:56:35 +0100] slapd_ldap_sasl_interactive_bind - Error:
>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>> GSS failure.  Minor code may provide more information (No Kerberos
>> credentials available)) errno 0 (Success)
>> [23/Aug/2016:23:56:35 +0100] slapi_ldap_bind - Error: could not perform
>> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
>> (Local error)
>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
>> with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>> more information (No Kerberos credentials available))
>> [23/Aug/2016:23:56:39 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
>> with GSSAPI auth resumed
>> [23/Aug/2016:23:56:40 +0100] schema-compat-plugin - Finished plugin
>> initialization.
>> [23/Aug/2016:23:56:41 +0100] agmt="cn=meTofreeipa-sea.bpt.rocks"
>> (freeipa-sea:389) - Can't locate CSN 570484ee000000090000 in the
>> changelog (DB rc=-30988). If replication stops, the consumer may need to
>> be reinitialized.
>> [23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin - changelog program -
>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): CSN
>> 570484ee000000090000 not found, we aren't as up to date, or we purged
>> [23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Data required to
>> update replica has been purged. The replica must be reinitialized.
>> [23/Aug/2016:23:56:42 +0100] NSMMReplicationPlugin -
>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Incremental
>> update failed and requires administrator action
>>
>>
>> I went around and around re-initializing from various servers last night
>> to try make these go away but it's like whackamole.
>>
>> What's the best way you can think of to put humpty dumpty back together
>> again?
>>
>> Thank you so much for your time.  Come to Tacoma and I will buy you all
>> the beer.
>>>> I'm about to burn everything down and ipa-server-install --uninstall
>>>> but
>>>> I've done that before a couple times and that seems to be what got me
>>>> into this mess...
>>>>
>>>> Thank you for your help.
>>>>
>>>>
>>>>
>>>>
>>>> On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
>>>>> looks like you are searching the nstombstone below "o=ipaca", but you
>>>>> are cleaning ruvs in "dc=bpt,dc=rocks",
>>>>>
>>>>> your attrlist_replace error refers to the bpt,rocks backend, so you
>>>>> should search the tombstone entry ther, then determine which
>>>>> replicaIDs
>>>>> to remove.
>>>>>
>>>>> Ludwig
>>>>>
>>>>> On 08/23/2016 09:20 AM, Ian Harding wrote:
>>>>>> I've followed the procedure in this thread:
>>>>>>
>>>>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>>>>>
>>>>>> and found my list of RUV that don't have an existing replica id.
>>>>>>
>>>>>> I've tried to remove them like so:
>>>>>>
>>>>>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>>>>>> Enter LDAP Password:
>>>>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>>>>>> objectclass: top
>>>>>> objectclass: extensibleObject
>>>>>> replica-base-dn: dc=bpt,dc=rocks
>>>>>> replica-id: 97
>>>>>> replica-force-cleaning: yes
>>>>>> cn: clean 97
>>>>>>
>>>>>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>>>>>
>>>>>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>>>>>> CLEANALLRUV tasks
>>>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>>> RID 96: Successfully cleaned rid(96).
>>>>>> RID 97: Successfully cleaned rid(97).
>>>>>>
>>>>>> No abort CLEANALLRUV tasks running
>>>>>>
>>>>>>
>>>>>> and yet, they are still there...
>>>>>>
>>>>>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>>>>> "cn=Directory Manager" -W -b "o=ipaca"
>>>>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>>>>
>>>>>>
>>>>>>
>>>>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>>>>> Enter LDAP Password:
>>>>>> nsDS5ReplicaId: 81
>>>>>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>>>>>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>>>>>> 568ac431000000510000 5
>>>>>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>>>>>> 57b103d400000429000
>>>>>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>>>>>> 57a4f2700000042e000
>>>>>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>>> 57a478650000043300
>>>>>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>>>>>> 57a4176700000438000
>>>>>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>>>>>> 57a403e60000043d0000
>>>>>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>>>>>> 57a2dd3500000442000
>>>>>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>>>>>> 579a963c00000447000
>>>>>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>>>>>> 55c8f3bd000000600000
>>>>>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>>>>>> 5685b24e000000560000 5
>>>>>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>>>>>> 567ad6180001005b0000 5
>>>>>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>>>>>> 55c8f3ce000000610000
>>>>>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>>>>>> 56f385eb0007004c0000
>>>>>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>>>>>> 57048560000900470000
>>>>>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>>> 5733e594000a00420000
>>>>>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>>>>>> 574421250000003d0000
>>>>>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>>>>>> 57a42390000004ab00
>>>>>>
>>>>>> What have I done wrong?
>>>>>>
>>>>>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>>>>>> updates to all its children, but their changes don't come back
>>>>>> because
>>>>>> of these errors:
>>>>>>
>>>>>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>>>>>> (nsslapd-referral,
>>>>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>>>>>
>>>>>> in effect, the replication agreements are one-way.
>>>>>>
>>>>>> Any ideas?
>>>>>>
>>>>>> - Ian
>>>>>>
> 

-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From chris at node-nine.com  Wed Aug 24 22:02:25 2016
From: chris at node-nine.com (Chris Moody)
Date: Wed, 24 Aug 2016 15:02:25 -0700
Subject: [Freeipa-users] ipa trust-fetch-domains missing
In-Reply-To: <20160824211745.jjsokkxfjazfuf4b@redhat.com>
References: <57BE0B23.5020004@node-nine.com>
	<20160824211745.jjsokkxfjazfuf4b@redhat.com>
Message-ID: <57BE1971.7000301@node-nine.com>

Yes, since we're running it on Centos6 nodes in this case, the repos 
only have IPA 3.0 available...unless you know of a better repo that has 
the 3.3 stuff available ;)

Thank you for the insight.

-Chris

On 8/24/16 2:17 PM, Alexander Bokovoy wrote:
> On Wed, 24 Aug 2016, Chris Moody wrote:
>> Hello.
>>
>> Wanted to first take a quick moment to thank everyone for their
>> contributions on making this such a slick packaging and integration of
>> components.  FreeIPA is a welcome systemthat has been needed for a
>> LONG time.
>>
>> I'm running into some trouble in completing my AD-trust setup.
>>
>> I've followed the guide here:
>> http://www.freeipa.org/page/Active_Directory_trust_setup
>>
>> but am not finding the command 'ipa trust-fetch-domains "ad_domain"'.
>>
>> What concerns me is the statement " With this command running
>> successfuly, IPA will get information about trusted domains and will
>> create all needed identity ranges for them." - does this imply that if
>> this command is NOT run that the creation of the mentioned identity
>> ranges does not occur?
>>
>>
>> The following command in the guide (ipa trustdomain-find "ad_domain")
>> also does not exist, but what appears to be a variant of it (ipa
>> trust-find) does return these results:
> What FreeIPA version do you have? Sounds like FreeIPA 3.0.something.
>
> In FreeIPA 3.0 support for trust to AD was only taking off. Most of
> features were added in FreeIPA 3.3 and later, with FreeIPA 4.2 being
> most stable.
>



From ianh at brownpapertickets.com  Wed Aug 24 23:07:51 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Wed, 24 Aug 2016 16:07:51 -0700
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
Message-ID: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>

I tried to simply uninstall and reinstall freeipa-dal and this happened.

It only had a replication agreement with freeipa-sea

[root at freeipa-dal ianh]# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and
configuration!

Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Removing IPA client configuration
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring CA
Unconfiguring named
Unconfiguring ipa-dnskeysyncd
Unconfiguring web server
Unconfiguring krb5kdc
Unconfiguring kadmin
Unconfiguring directory server
Unconfiguring ipa_memcached
Unconfiguring ipa-otpd
[root at freeipa-dal ianh]# ipa-server-install --uninstall

This is a NON REVERSIBLE operation and will delete all data and
configuration!

Are you sure you want to continue with the uninstall procedure? [no]: yes

WARNING: Failed to connect to Directory Server to find information about
replication agreements. Uninstallation will continue despite the possible
existing replication agreements.
Shutting down all IPA services
Removing IPA client configuration
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
[root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
--no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
Directory Manager (existing master) password:

The host freeipa-dal.bpt.rocks already exists on the master server.
You should remove it before proceeding:
    % ipa host-del freeipa-dal.bpt.rocks
[root at freeipa-dal ianh]#

So I tried to delete it again with --force

[root at freeipa-sea ianh]# ipa-replica-manage --force del
freeipa-dal.bpt.rocks
Directory Manager password:

'freeipa-sea.bpt.rocks' has no replication agreement for
'freeipa-dal.bpt.rocks'
[root at freeipa-sea ianh]#

Can't delete it from the master server either

[root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
disabled


Now what?  I'm running out of things that work.
-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From mareynol at redhat.com  Thu Aug 25 00:40:24 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Wed, 24 Aug 2016 20:40:24 -0400
Subject: [Freeipa-users] clean-ruv
In-Reply-To: <1e8f2980-661e-156a-6388-faa029cbe21b@brownpapertickets.com>
References: <bd41abeb-ec9f-eb41-11f6-76140c789f98@brownpapertickets.com>
	<57BC0B43.7070601@redhat.com>
	<3caa6498-b1ab-c1d1-1231-2b23a4f88130@brownpapertickets.com>
	<57BC21EC.6080702@redhat.com>
	<21d57b9b-3bc7-d2a4-8143-2a7371db79ac@brownpapertickets.com>
	<57BD8876.10005@redhat.com>
	<1e8f2980-661e-156a-6388-faa029cbe21b@brownpapertickets.com>
Message-ID: <7296b45e-152a-af9e-0999-f32bbddd87b3@redhat.com>



On 08/24/2016 05:43 PM, Ian Harding wrote:
>
> On 08/24/2016 04:43 AM, Ludwig Krispenz wrote:
>> On 08/24/2016 01:08 AM, Ian Harding wrote:
>>> On 08/23/2016 03:14 AM, Ludwig Krispenz wrote:
>>>> On 08/23/2016 11:52 AM, Ian Harding wrote:
>>>>> Ah.  I see.  I mixed those up but I see that those would have to be
>>>>> consistent.
>>>>>
>>>>> However, I have been trying to beat some invalid RUV to death for a
>>>>> long
>>>>> time and I can't seem to kill them.
>>>>>
>>>>> For example, bellevuenfs has 9 and 16 which are invalid:
>>>>>
>>>>> [ianh at seattlenfs ~]$ ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>>>> "cn=Directory Manager" -W -b "dc=bpt,dc=rocks"
>>>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>>>
>>>>>
>>>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>>>> Enter LDAP Password:
>>>>> nsDS5ReplicaId: 7
>>>>> nsds50ruv: {replicageneration} 55c8f364000000040000
>>>>> nsds50ruv: {replica 7 ldap://seattlenfs.bpt.rocks:389}
>>>>> 568ac3cc000000070000 57
>>>>> nsds50ruv: {replica 20 ldap://freeipa-sea.bpt.rocks:389}
>>>>> 57b10377000200140000
>>>>> nsds50ruv: {replica 18 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>> 57a47801000100120000
>>>>> nsds50ruv: {replica 15 ldap://fremontnis.bpt.rocks:389}
>>>>> 57a403860000000f0000 5
>>>>> nsds50ruv: {replica 14 ldap://freeipa-dal.bpt.rocks:389}
>>>>> 57a2dccd0000000e0000
>>>>> nsds50ruv: {replica 17 ldap://edinburghnfs.bpt.rocks:389}
>>>>> 57a422f9000000110000
>>>>> nsds50ruv: {replica 19 ldap://bellevuenfs.bpt.rocks:389}
>>>>> 57a4f20d000600130000
>>>>> nsds50ruv: {replica 16 ldap://bellevuenfs.bpt.rocks:389}
>>>>> 57a41706000000100000
>>>>> nsds50ruv: {replica 9 ldap://bellevuenfs.bpt.rocks:389}
>>>>> 570484ee000000090000 5
>>>>>
>>>>>
>>>>> So I try to kill them like so:
>>>>> [ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 9 --force --cleanup
>>>>> ipa: WARNING: session memcached servers not running
>>>>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>>>>
>>>>> Cleaning the wrong replica ID will cause that server to no
>>>>> longer replicate so it may miss updates while the process
>>>>> is running. It would need to be re-initialized to maintain
>>>>> consistency. Be very careful.
>>>>> Background task created to clean replication data. This may take a
>>>>> while.
>>>>> This may be safely interrupted with Ctrl+C
>>>>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage clean-ruv 16 --force
>>>>> --cleanup
>>>>> ipa: WARNING: session memcached servers not running
>>>>> Clean the Replication Update Vector for bellevuenfs.bpt.rocks:389
>>>>>
>>>>> Cleaning the wrong replica ID will cause that server to no
>>>>> longer replicate so it may miss updates while the process
>>>>> is running. It would need to be re-initialized to maintain
>>>>> consistency. Be very careful.
>>>>> Background task created to clean replication data. This may take a
>>>>> while.
>>>>> This may be safely interrupted with Ctrl+C
>>>>> ^C[ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>>>>> ipa: WARNING: session memcached servers not running
>>>>> CLEANALLRUV tasks
>>>>> RID 16: Waiting to process all the updates from the deleted replica...
>>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>>
>>>>> No abort CLEANALLRUV tasks running
>>>>> [ianh at seattlenfs ~]$ ipa-replica-manage list-clean-ruv
>>>>> ipa: WARNING: session memcached servers not running
>>>>> CLEANALLRUV tasks
>>>>> RID 16: Waiting to process all the updates from the deleted replica...
>>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>>
>>>>> and it never finishes.
>>>>>
>>>>> seattlenfs is the first master, that's the only place I should have to
>>>>> run this command, right?
>>>> right, you need to run it only on one master, but this ease of use can
>>>> become the problem.
>>>> The cleanallruv task is propagated to all servers in the topology and it
>>>> does this based on the replication agreements it finds.
>>>> A frequent cause of failure is that replication agreements still exist
>>>> pointing to no longer existing servers. It is a bit tedious, but could
>>>> you run the following search on ALL
>>>> of your current replicas (as directory manager):
>>>>
>>>> ldapsearch ...... -b "cn=config" "objectclass=nsds5replicationagreement"
>>>> nsds5replicahost
>>>>
>>>> if you find any agreement where nsds5replicahost is a host no longer
>>>> existing or working, delete these agreements.
>>> I have 7 FreeIPA servers, all of which have been in existence in some
>>> form or another since I started.  It used to work great.  I've broken it
>>> now but the hostnames and ip addresses all still exist.  I've
>>> uninstalled and reinstalled them a few times which I think is the source
>>> of my troubles so I tried to straighten out the RUVs and probably messed
>>> that up pretty good
>>>
>>> Anyway, now what I THINK I have is
>>>
>>> seattlenfs
>>> |-freeipa-sea
>>>    |- freeipa-dal
>>>    |- bellevuenfs
>>>    |- fremontnis
>>>    |- bpt-nyc1-nfs
>>>    |- edinburghnfs
>>>
>>> Until I get this squared away I've turned off ipa services on all but
>>> seattlenfs, freeipa-sea and freeipa-dal and am hoping that any password
>>> changes etc. happen on seattlenfs.  I need the other two because they
>>> are my DNS.  The rest I can kind of live without since they are just
>>> local instances living on nfs servers.
>>>
>>> Here's the output from that ldap query on all the hosts:
>> yes, looks like the replication agreements are fine, but the RUVs are not.
>>
>> In the o=ipaca suffix, there is a reference to bellvuenis:
>>
>>  [{replica 76
>> ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000
>>
> are the RUV in that suffix as big a problem?  There are tons of "dead"
> RUV in there.
>
>> but this seems to be now bellevuenfs.
>>
>> In the dc=bpt,dc=rocks replica id 9 is causing the trouble. There are
>> two replicaids : 9 and 16 for bellevuenfs, and it causes replication
>> failure from edinburgh to freeipa-sea. Looks like replicaid 9 is not
>> present in freeipa-sea and edinburgh "thinks" it has to send changes,
>> but can't position in changelog.
>>
>> You had tried to cleanallruv for rid9, which seemed not to complete, but
>> I don't know what the status is on all servers.
>> what I would do is
>>
>> check again the ruvs (the fffff.... tombstone) on all servers,
>> check  if there are still active tasks, try to get rid of them, (but
>> they can be stubborn), either by trying abort cleanallruv or the hard
>> way, stop the server, check the dse.ldif for existing task attributes in
>> the replica object and remove them.
> I'm interested in this option.  Most of the servers are off now anyway,
> so I can hack the dse.ldif I suppose but I'm not sure what I'm looking
> at/for.
This should help:

http://www.port389.org/docs/389ds/FAQ/troubleshoot-cleanallruv.html#how-to-manually-remove-a-cleanabort-task

>
>> then either retry cleanallruv, but without the force option (this makes
>> the task live until all servers are cleaned, but if replication does not
>> work this will not happen),
>> or, on each server do individual ruv cleaning (only on the server, not
>> the cleanallruv task), you can have a look here:
>> http://www.port389.org/docs/389ds/howto/howto-cleanruv.html
>>
>>> SEATTLENFS
>>>
>>> [root at seattlenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mappin
>>>   g tree, config
>>> dn:
>>> cn=masterAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>>
>>>   ca,cn=mapping tree,cn=config
>>> nsds5replicahost: bellevuenfs.bpt.rocks
>>>
>>> # masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica,
>>> o\3Dipaca, mappi
>>>   ng tree, config
>>> dn:
>>> cn=masterAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dip
>>>
>>>   aca,cn=mapping tree,cn=config
>>> nsds5replicahost: bpt-nyc1-nfs.bpt.rocks
>>>
>>> # masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mappin
>>>   g tree, config
>>> dn:
>>> cn=masterAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>>
>>>   ca,cn=mapping tree,cn=config
>>> nsds5replicahost: freeipa-dal.bpt.rocks
>>>
>>> # masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mappin
>>>   g tree, config
>>> dn:
>>> cn=masterAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>>
>>>   ca,cn=mapping tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # masterAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mapping
>>>    tree, config
>>> dn:
>>> cn=masterAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>>
>>>   a,cn=mapping tree,cn=config
>>> nsds5replicahost: fremontnis.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 7
>>> # numEntries: 6
>>>
>>> FREEIPA-SEA
>>>
>>> [root at freeipa-sea ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTobellevuenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTobellevuenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: bellevuenfs.bpt.rocks
>>>
>>> # meTobpt-nyc1-nfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, con
>>>   fig
>>> dn:
>>> cn=meTobpt-nyc1-nfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
>>>
>>>   ng tree,cn=config
>>> nsds5replicahost: bpt-nyc1-nfs.bpt.rocks
>>>
>>> # meToedinburghnfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, con
>>>   fig
>>> dn:
>>> cn=meToedinburghnfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappi
>>>
>>>   ng tree,cn=config
>>> nsds5replicahost: edinburghnfs.bpt.rocks
>>>
>>> # meTofreeipa-dal.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-dal.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-dal.bpt.rocks
>>>
>>> # meTofremontnis.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, confi
>>>   g
>>> dn:
>>> cn=meTofremontnis.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
>>>
>>>    tree,cn=config
>>> nsds5replicahost: fremontnis.bpt.rocks
>>>
>>> # meToseattlenfs.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, confi
>>>   g
>>> dn:
>>> cn=meToseattlenfs.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mapping
>>>
>>>    tree,cn=config
>>> nsds5replicahost: seattlenfs.bpt.rocks
>>>
>>> # cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mapping
>>>    tree, config
>>> dn:
>>> cn=cloneAgreement1-freeipa-sea.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>>
>>>   a,cn=mapping tree,cn=config
>>> nsds5replicahost: seattlenfs.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 8
>>> # numEntries: 7
>>>
>>> FREEIPA-DAL
>>>
>>> [root at freeipa-dal ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mapping
>>>    tree, config
>>> dn:
>>> cn=cloneAgreement1-freeipa-dal.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>>
>>>   a,cn=mapping tree,cn=config
>>> nsds5replicahost: seattlenfs.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>> BELLEVUENFS
>>>
>>> [root at bellevuenfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mapping
>>>    tree, config
>>> dn:
>>> cn=cloneAgreement1-bellevuenfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipac
>>>
>>>   a,cn=mapping tree,cn=config
>>> nsds5replicahost: seattlenfs.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>>
>>> FREMONTNIS
>>>
>>> [root at fremontnis ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mapping
>>>   tree, config
>>> dn:
>>> cn=cloneAgreement1-fremontnis.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipaca
>>>
>>>   ,cn=mapping tree,cn=config
>>> nsds5replicahost: seattlenfs.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>> BPT-NYC1-NFS
>>>
>>> [root at bpt-nyc1-nfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mappin
>>>   g tree, config
>>> dn:
>>> cn=cloneAgreement1-bpt-nyc1-nfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>>
>>>   ca,cn=mapping tree,cn=config
>>> nsds5replicahost: seattlenfs.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>> EDINBURGHNFS
>>>
>>> [root at edinburghnfs ianh]# ldapsearch -D "cn=Directory Manager" -W -b
>>> "cn=config" "objectclass=nsds5replicationagreement" nsds5replicahost
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=config> with scope subtree
>>> # filter: objectclass=nsds5replicationagreement
>>> # requesting: nsds5replicahost
>>> #
>>>
>>> # meTofreeipa-sea.bpt.rocks, replica, dc\3Dbpt\2Cdc\3Drocks, mapping
>>> tree, conf
>>>   ig
>>> dn:
>>> cn=meTofreeipa-sea.bpt.rocks,cn=replica,cn=dc\3Dbpt\2Cdc\3Drocks,cn=mappin
>>>
>>>   g tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat, replica, o\3Dipaca,
>>> mappin
>>>   g tree, config
>>> dn:
>>> cn=cloneAgreement1-edinburghnfs.bpt.rocks-pki-tomcat,cn=replica,cn=o\3Dipa
>>>
>>>   ca,cn=mapping tree,cn=config
>>> nsds5replicahost: freeipa-sea.bpt.rocks
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 3
>>> # numEntries: 2
>>>
>>> Here's the errors from starting up EDINBURGHNFS to run that query.  It
>>> has some familiar looking problems.
>>>
>>> [23/Aug/2016:23:56:35 +0100] SSL Initialization - Configured SSL version
>>> range: min: TLS1.0, max: TLS1.2
>>> [23/Aug/2016:23:56:35 +0100] - 389-Directory/1.3.4.0 B2016.215.1556
>>> starting up
>>> [23/Aug/2016:23:56:35 +0100] - WARNING: changelog: entry cache size
>>> 2097152B is less than db size 12361728B; We recommend to increase the
>>> entry cache size nsslapd-cachememsize.
>>> [23/Aug/2016:23:56:35 +0100] schema-compat-plugin - scheduled
>>> schema-compat-plugin tree scan in about 5 seconds after the server
>>> startup!
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=groups,cn=compat,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=computers,cn=compat,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=ng,cn=compat,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> ou=sudoers,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=users,cn=compat,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=ad,cn=etc,dc=bpt,dc=rocks does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
>>> does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target
>>> cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bpt,dc=rocks
>>> does not exist
>>> [23/Aug/2016:23:56:35 +0100] NSACLPlugin - The ACL target cn=automember
>>> rebuild membership,cn=tasks,cn=config does not exist
>>> [23/Aug/2016:23:56:35 +0100] auto-membership-plugin -
>>> automember_parse_regex_rule: Unable to parse regex rule (invalid regex).
>>>   Error "nothing to repeat".
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 1095
>>> ldap://freeipa-sea.bpt.rocks:389} 579a963c000004470000
>>> 57a575a0000004470000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 81
>>> ldap://seattlenfs.bpt.rocks:389} 568ac431000000510000
>>> 57a4175f000500510000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 96
>>> ldap://freeipa-sea.bpt.rocks:389} 55c8f3bd000000600000
>>> 5799a02e000000600000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 86
>>> ldap://fremontnis.bpt.rocks:389} 5685b24e000000560000
>>> 5703db4b000500560000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 91
>>> ldap://seattlenis.bpt.rocks:389} 567ad6180001005b0000
>>> 568703740000005b0000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 97
>>> ldap://freeipa-dal.bpt.rocks:389} 55c8f3ce000000610000
>>> 56f4d70b000000610000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 76
>>> ldap://bellevuenis.bpt.rocks:389} 56f385eb0007004c0000
>>> 56f386180004004c0000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 71
>>> ldap://bellevuenfs.bpt.rocks:389} 57048560000900470000
>>> 5745722e000000470000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 66
>>> ldap://bpt-nyc1-nfs.bpt.rocks:389} 5733e594000a00420000
>>> 5733e5b7002f00420000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 61
>>> ldap://edinburghnfs.bpt.rocks:389} 574421250000003d0000
>>> 57785b420004003d0000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 1090
>>> ldap://freeipa-dal.bpt.rocks:389} 57a2dd35000004420000
>>> 57a2dd35000404420000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 1085
>>> ldap://fremontnis.bpt.rocks:389} 57a403e60000043d0000
>>> 57a403e70002043d0000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 1080
>>> ldap://bellevuenfs.bpt.rocks:389} 57a41767000004380000
>>> 57a41768000004380000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
>>> replica_check_for_data_reload: Warning: for replica o=ipaca there were
>>> some differences between the changelog max RUV and the database RUV.  If
>>> there are obsolete elements in the database RUV, you should remove them
>>> using the CLEANALLRUV task.  If they are not obsolete, you should check
>>> their status to see why there are no changes from those servers in the
>>> changelog.
>>> [23/Aug/2016:23:56:35 +0100] set_krb5_creds - Could not get initial
>>> credentials for principal [ldap/edinburghnfs.bpt.rocks at BPT.ROCKS] in
>>> keytab [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC
>>> for requested realm)
>>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>>> (nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
>>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>>> (nsslapd-referral, ldap://freeipa-sea.bpt.rocks:389/o%3Dipaca) failed.
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 20
>>> ldap://freeipa-sea.bpt.rocks:389} 57b10377000200140000
>>> 57bb7bc9000500140000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 18
>>> ldap://bpt-nyc1-nfs.bpt.rocks:389} 57a47801000100120000
>>> 57b03107000100120000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 15
>>> ldap://fremontnis.bpt.rocks:389} 57a403860000000f0000
>>> 57b036b20002000f0000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 14
>>> ldap://freeipa-dal.bpt.rocks:389} 57a2dccd0000000e0000
>>> 57bb7b690005000e0000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 19
>>> ldap://bellevuenfs.bpt.rocks:389} 57a4f20d000600130000
>>> 57b0fa3b000100130000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 16
>>> ldap://bellevuenfs.bpt.rocks:389} 57a41706000000100000
>>> 57a41706000100100000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin - ruv_compare_ruv:
>>> RUV [changelog max RUV] does not contain element [{replica 9
>>> ldap://bellevuenfs.bpt.rocks:389} 570484ee000000090000
>>> 579f6419000000090000] which is present in RUV [database RUV]
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
>>> replica_check_for_data_reload: Warning: for replica dc=bpt,dc=rocks
>>> there were some differences between the changelog max RUV and the
>>> database RUV.  If there are obsolete elements in the database RUV, you
>>> should remove them using the CLEANALLRUV task.  If they are not
>>> obsolete, you should check their status to see why there are no changes
>>> from those servers in the changelog.
>>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>>> (nsslapd-referral,
>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>> [23/Aug/2016:23:56:35 +0100] attrlist_replace - attr_replace
>>> (nsslapd-referral,
>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>> [23/Aug/2016:23:56:35 +0100] schema-compat-plugin - schema-compat-plugin
>>> tree scan will start in about 5 seconds!
>>> [23/Aug/2016:23:56:35 +0100] - slapd started.  Listening on All
>>> Interfaces port 389 for LDAP requests
>>> [23/Aug/2016:23:56:35 +0100] - Listening on All Interfaces port 636 for
>>> LDAPS requests
>>> [23/Aug/2016:23:56:35 +0100] - Listening on
>>> /var/run/slapd-BPT-ROCKS.socket for LDAPI requests
>>> [23/Aug/2016:23:56:35 +0100] slapd_ldap_sasl_interactive_bind - Error:
>>> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error
>>> -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified
>>> GSS failure.  Minor code may provide more information (No Kerberos
>>> credentials available)) errno 0 (Success)
>>> [23/Aug/2016:23:56:35 +0100] slapi_ldap_bind - Error: could not perform
>>> interactive bind for id [] authentication mechanism [GSSAPI]: error -2
>>> (Local error)
>>> [23/Aug/2016:23:56:35 +0100] NSMMReplicationPlugin -
>>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
>>> with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic
>>> failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
>>> more information (No Kerberos credentials available))
>>> [23/Aug/2016:23:56:39 +0100] NSMMReplicationPlugin -
>>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Replication bind
>>> with GSSAPI auth resumed
>>> [23/Aug/2016:23:56:40 +0100] schema-compat-plugin - Finished plugin
>>> initialization.
>>> [23/Aug/2016:23:56:41 +0100] agmt="cn=meTofreeipa-sea.bpt.rocks"
>>> (freeipa-sea:389) - Can't locate CSN 570484ee000000090000 in the
>>> changelog (DB rc=-30988). If replication stops, the consumer may need to
>>> be reinitialized.
>>> [23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin - changelog program -
>>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): CSN
>>> 570484ee000000090000 not found, we aren't as up to date, or we purged
>>> [23/Aug/2016:23:56:41 +0100] NSMMReplicationPlugin -
>>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Data required to
>>> update replica has been purged. The replica must be reinitialized.
>>> [23/Aug/2016:23:56:42 +0100] NSMMReplicationPlugin -
>>> agmt="cn=meTofreeipa-sea.bpt.rocks" (freeipa-sea:389): Incremental
>>> update failed and requires administrator action
>>>
>>>
>>> I went around and around re-initializing from various servers last night
>>> to try make these go away but it's like whackamole.
>>>
>>> What's the best way you can think of to put humpty dumpty back together
>>> again?
>>>
>>> Thank you so much for your time.  Come to Tacoma and I will buy you all
>>> the beer.
>>>>> I'm about to burn everything down and ipa-server-install --uninstall
>>>>> but
>>>>> I've done that before a couple times and that seems to be what got me
>>>>> into this mess...
>>>>>
>>>>> Thank you for your help.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 08/23/2016 01:37 AM, Ludwig Krispenz wrote:
>>>>>> looks like you are searching the nstombstone below "o=ipaca", but you
>>>>>> are cleaning ruvs in "dc=bpt,dc=rocks",
>>>>>>
>>>>>> your attrlist_replace error refers to the bpt,rocks backend, so you
>>>>>> should search the tombstone entry ther, then determine which
>>>>>> replicaIDs
>>>>>> to remove.
>>>>>>
>>>>>> Ludwig
>>>>>>
>>>>>> On 08/23/2016 09:20 AM, Ian Harding wrote:
>>>>>>> I've followed the procedure in this thread:
>>>>>>>
>>>>>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00043.html
>>>>>>>
>>>>>>> and found my list of RUV that don't have an existing replica id.
>>>>>>>
>>>>>>> I've tried to remove them like so:
>>>>>>>
>>>>>>> [root at seattlenfs ianh]# ldapmodify -D "cn=directory manager" -W -a
>>>>>>> Enter LDAP Password:
>>>>>>> dn: cn=clean 97, cn=cleanallruv, cn=tasks, cn=config
>>>>>>> objectclass: top
>>>>>>> objectclass: extensibleObject
>>>>>>> replica-base-dn: dc=bpt,dc=rocks
>>>>>>> replica-id: 97
>>>>>>> replica-force-cleaning: yes
>>>>>>> cn: clean 97
>>>>>>>
>>>>>>> adding new entry "cn=clean 97, cn=cleanallruv, cn=tasks, cn=config"
>>>>>>>
>>>>>>> [root at seattlenfs ianh]# ipa-replica-manage list-clean-ruv
>>>>>>> CLEANALLRUV tasks
>>>>>>> RID 9: Waiting to process all the updates from the deleted replica...
>>>>>>> RID 96: Successfully cleaned rid(96).
>>>>>>> RID 97: Successfully cleaned rid(97).
>>>>>>>
>>>>>>> No abort CLEANALLRUV tasks running
>>>>>>>
>>>>>>>
>>>>>>> and yet, they are still there...
>>>>>>>
>>>>>>> [root at seattlenfs ianh]# ldapsearch -ZZ -h seattlenfs.bpt.rocks -D
>>>>>>> "cn=Directory Manager" -W -b "o=ipaca"
>>>>>>> "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> | grep "nsds50ruv\|nsDS5ReplicaId"
>>>>>>> Enter LDAP Password:
>>>>>>> nsDS5ReplicaId: 81
>>>>>>> nsds50ruv: {replicageneration} 55c8f3ae000000600000
>>>>>>> nsds50ruv: {replica 81 ldap://seattlenfs.bpt.rocks:389}
>>>>>>> 568ac431000000510000 5
>>>>>>> nsds50ruv: {replica 1065 ldap://freeipa-sea.bpt.rocks:389}
>>>>>>> 57b103d400000429000
>>>>>>> nsds50ruv: {replica 1070 ldap://bellevuenfs.bpt.rocks:389}
>>>>>>> 57a4f2700000042e000
>>>>>>> nsds50ruv: {replica 1075 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>>>> 57a478650000043300
>>>>>>> nsds50ruv: {replica 1080 ldap://bellevuenfs.bpt.rocks:389}
>>>>>>> 57a4176700000438000
>>>>>>> nsds50ruv: {replica 1085 ldap://fremontnis.bpt.rocks:389}
>>>>>>> 57a403e60000043d0000
>>>>>>> nsds50ruv: {replica 1090 ldap://freeipa-dal.bpt.rocks:389}
>>>>>>> 57a2dd3500000442000
>>>>>>> nsds50ruv: {replica 1095 ldap://freeipa-sea.bpt.rocks:389}
>>>>>>> 579a963c00000447000
>>>>>>> nsds50ruv: {replica 96 ldap://freeipa-sea.bpt.rocks:389}
>>>>>>> 55c8f3bd000000600000
>>>>>>> nsds50ruv: {replica 86 ldap://fremontnis.bpt.rocks:389}
>>>>>>> 5685b24e000000560000 5
>>>>>>> nsds50ruv: {replica 91 ldap://seattlenis.bpt.rocks:389}
>>>>>>> 567ad6180001005b0000 5
>>>>>>> nsds50ruv: {replica 97 ldap://freeipa-dal.bpt.rocks:389}
>>>>>>> 55c8f3ce000000610000
>>>>>>> nsds50ruv: {replica 76 ldap://bellevuenis.bpt.rocks:389}
>>>>>>> 56f385eb0007004c0000
>>>>>>> nsds50ruv: {replica 71 ldap://bellevuenfs.bpt.rocks:389}
>>>>>>> 57048560000900470000
>>>>>>> nsds50ruv: {replica 66 ldap://bpt-nyc1-nfs.bpt.rocks:389}
>>>>>>> 5733e594000a00420000
>>>>>>> nsds50ruv: {replica 61 ldap://edinburghnfs.bpt.rocks:389}
>>>>>>> 574421250000003d0000
>>>>>>> nsds50ruv: {replica 1195 ldap://edinburghnfs.bpt.rocks:389}
>>>>>>> 57a42390000004ab00
>>>>>>>
>>>>>>> What have I done wrong?
>>>>>>>
>>>>>>> The problem I am trying to solve is that seattlenfs.bpt.rocks sends
>>>>>>> updates to all its children, but their changes don't come back
>>>>>>> because
>>>>>>> of these errors:
>>>>>>>
>>>>>>> [23/Aug/2016:00:02:16 -0700] attrlist_replace - attr_replace
>>>>>>> (nsslapd-referral,
>>>>>>> ldap://seattlenfs.bpt.rocks:389/dc%3Dbpt%2Cdc%3Drocks) failed.
>>>>>>>
>>>>>>> in effect, the replication agreements are one-way.
>>>>>>>
>>>>>>> Any ideas?
>>>>>>>
>>>>>>> - Ian
>>>>>>>



From rcritten at redhat.com  Thu Aug 25 01:33:57 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 24 Aug 2016 21:33:57 -0400
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
Message-ID: <57BE4B05.7080307@redhat.com>

Ian Harding wrote:
> I tried to simply uninstall and reinstall freeipa-dal and this happened.
>
> It only had a replication agreement with freeipa-sea
>
> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>
> This is a NON REVERSIBLE operation and will delete all data and
> configuration!
>
> Are you sure you want to continue with the uninstall procedure? [no]: yes
> Shutting down all IPA services
> Removing IPA client configuration
> Unconfiguring ntpd
> Configuring certmonger to stop tracking system certificates for KRA
> Configuring certmonger to stop tracking system certificates for CA
> Unconfiguring CA
> Unconfiguring named
> Unconfiguring ipa-dnskeysyncd
> Unconfiguring web server
> Unconfiguring krb5kdc
> Unconfiguring kadmin
> Unconfiguring directory server
> Unconfiguring ipa_memcached
> Unconfiguring ipa-otpd
> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>
> This is a NON REVERSIBLE operation and will delete all data and
> configuration!
>
> Are you sure you want to continue with the uninstall procedure? [no]: yes
>
> WARNING: Failed to connect to Directory Server to find information about
> replication agreements. Uninstallation will continue despite the possible
> existing replication agreements.
> Shutting down all IPA services
> Removing IPA client configuration
> Configuring certmonger to stop tracking system certificates for KRA
> Configuring certmonger to stop tracking system certificates for CA
> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
> Directory Manager (existing master) password:
>
> The host freeipa-dal.bpt.rocks already exists on the master server.
> You should remove it before proceeding:
>      % ipa host-del freeipa-dal.bpt.rocks
> [root at freeipa-dal ianh]#
>
> So I tried to delete it again with --force
>
> [root at freeipa-sea ianh]# ipa-replica-manage --force del
> freeipa-dal.bpt.rocks
> Directory Manager password:
>
> 'freeipa-sea.bpt.rocks' has no replication agreement for
> 'freeipa-dal.bpt.rocks'
> [root at freeipa-sea ianh]#
>
> Can't delete it from the master server either
>
> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
> disabled
>
>
> Now what?  I'm running out of things that work.

Not sure what version of IPA you have but try:

# ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks

If this had a CA on it then you'll want to ensure that any replication 
agreements it had have been removed as well.

rob



From dkupka at redhat.com  Thu Aug 25 04:57:43 2016
From: dkupka at redhat.com (David Kupka)
Date: Thu, 25 Aug 2016 06:57:43 +0200
Subject: [Freeipa-users] (no subject)
In-Reply-To: <OF8ADC8709.5BC4A277-ON07258019.005DCF94-07258019.005E2B2B@notes.na.collabserv.com>
References: <OF8ADC8709.5BC4A277-ON07258019.005DCF94-07258019.005E2B2B@notes.na.collabserv.com>
Message-ID: <d6ee9a23-ae5e-ad94-563a-80cfa512bfd4@redhat.com>

On 24/08/16 19:08, Sean Hogan wrote:
>
>
> Hi All,
>
>   Would anyone be able to direct me to some docs regarding NFS automount
> with IPA.  We are currently using this setup but to be specific I do not
> want the priv keys to be in the users mounted home.  When I did the keygen
> I took the defaults for location and it went into the exported home of the
> user meaning it is mounted on any system the user logs onto which is not a
> good idea.  Is there a way to set this up so the priv keys stay out of the
> mounted home or since I have the keys uploaded into IPA I do not need the
> key in home?
>
>
>
>
> Sean Hogan
>
>
>
>
>

Hello Sean,

You can find the documentation here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#automount

But I don't understand what is wrong with the setup. AFAIU NFS, shares 
must be mounted only on machines where you (admin) have full control and 
therefore ownership and access permissions can be enforced. Then ~/.ssh 
directory must have mode 0700 and all files inside it 0600.
If you obey these rules storing ssh keys on NFS share is no less secure 
than storing them locally.

-- 
David Kupka



From ianh at brownpapertickets.com  Thu Aug 25 05:33:10 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Wed, 24 Aug 2016 22:33:10 -0700
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <57BE4B05.7080307@redhat.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
Message-ID: <55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>



On 08/24/2016 06:33 PM, Rob Crittenden wrote:
> Ian Harding wrote:
>> I tried to simply uninstall and reinstall freeipa-dal and this happened.
>>
>> It only had a replication agreement with freeipa-sea
>>
>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>
>> This is a NON REVERSIBLE operation and will delete all data and
>> configuration!
>>
>> Are you sure you want to continue with the uninstall procedure? [no]: yes
>> Shutting down all IPA services
>> Removing IPA client configuration
>> Unconfiguring ntpd
>> Configuring certmonger to stop tracking system certificates for KRA
>> Configuring certmonger to stop tracking system certificates for CA
>> Unconfiguring CA
>> Unconfiguring named
>> Unconfiguring ipa-dnskeysyncd
>> Unconfiguring web server
>> Unconfiguring krb5kdc
>> Unconfiguring kadmin
>> Unconfiguring directory server
>> Unconfiguring ipa_memcached
>> Unconfiguring ipa-otpd
>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>
>> This is a NON REVERSIBLE operation and will delete all data and
>> configuration!
>>
>> Are you sure you want to continue with the uninstall procedure? [no]: yes
>>
>> WARNING: Failed to connect to Directory Server to find information about
>> replication agreements. Uninstallation will continue despite the possible
>> existing replication agreements.
>> Shutting down all IPA services
>> Removing IPA client configuration
>> Configuring certmonger to stop tracking system certificates for KRA
>> Configuring certmonger to stop tracking system certificates for CA
>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>> Directory Manager (existing master) password:
>>
>> The host freeipa-dal.bpt.rocks already exists on the master server.
>> You should remove it before proceeding:
>>      % ipa host-del freeipa-dal.bpt.rocks
>> [root at freeipa-dal ianh]#
>>
>> So I tried to delete it again with --force
>>
>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>> freeipa-dal.bpt.rocks
>> Directory Manager password:
>>
>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>> 'freeipa-dal.bpt.rocks'
>> [root at freeipa-sea ianh]#
>>
>> Can't delete it from the master server either
>>
>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>> disabled
>>
>>
>> Now what?  I'm running out of things that work.
> 
> Not sure what version of IPA you have but try:
> 
> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
> 
> If this had a CA on it then you'll want to ensure that any replication
> agreements it had have been removed as well.
> 
> rob
> 

It turns out I'm not smart enough to untangle this mess.

Is there any way to kind of start over?  I managed to delete and
recreate a couple replicas but the problems (obsolete ruv as far as I
can tell) carry on with the new replicas.  They won't even replicate
back to the master they were created from.

Basically, is there a way to do a fresh install of FreeIPA server, and
do a dump/restore of data from my existing messed up install?

Thanks!
-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From bahanw042014 at gmail.com  Thu Aug 25 06:34:12 2016
From: bahanw042014 at gmail.com (bahan w)
Date: Thu, 25 Aug 2016 08:34:12 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtubLtSM1xZOdbHbmwomDJr-hoaZVrxa9G50G1DNv5Qq34Ng@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
	<265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
	<CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
	<CAMJtubLtSM1xZOdbHbmwomDJr-hoaZVrxa9G50G1DNv5Qq34Ng@mail.gmail.com>
Message-ID: <CAMJtubKy-xA60=dQ0aON73cfr-7m6hgZC2p1uiR-bKQWMnFOHA@mail.gmail.com>

Le 24 ao?t 2016 18:42, "bahan w" <bahanw042014 at gmail.com> a ?crit :

> Hey guys.
>
> I rechecked and in fact I also have the same message on the multi master
> setup with one master unsynchronized :
> ###
> Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Replica ID: 4
> Replica Root: dc=<REALM>
> Max CSN: 57bdcd36000100040000 (08/24/2016 18:37:10 1 0)
> Receiver: <MASTER UNSYNC>:389 ldap://<MASTER UNSYNC>:389/
> Type: master
> Time Lag: 0:00:00
> Max CSN: 57bdcd36000100040000 (08/24/2016 18:37:10 1 0)
> Last Modify Time: 8/24/2016 18:36:32
> Supplier: <MASTER OK>:389
> Sent/Skipped: 182110 / 1054
> Update Status: 0 Replica acquired successfully: Incremental update
> succeeded
> Update Started: 08/24/2016 18:36:32
> Update Ended: 08/24/2016 18:36:34
> Schedule: always in sync
> SSL: SASL/GSSAPI
>
> Master: <MASTER UNSYNC>:389 ldap://<MASTER UNSYNC>:389/
> Replica ID: 3
> Replica Root: dc=<REALM>
> Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
> Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Type: master
> Time Lag: - 0:22:29
> Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
> Last Modify Time: 8/24/2016 17:07:34
> Supplier: <MASTER UNSYNC>:389
> Sent/Skipped: 3 / 9048655
> Update Status: 0 Replica acquired successfully: Incremental update
> succeeded
> Update Started: 08/24/2016 18:36:33
> Update Ended: 08/24/2016 18:36:34
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> So even the synchronization looks good no ?
>
> And even with that, this master really is unsynchronized and don't have
> all the users the other master has.
>
> Best regards.
>
> Bahan
>
> On Wed, Aug 24, 2016 at 6:33 PM, bahan w <bahanw042014 at gmail.com> wrote:
>
>> Hey guys.
>>
>> I performed it :
>> ###
>> # /usr/bin/repl-monitor.pl -f /tmp/checkconf -s
>> Directory Server Replication Status (Version 1.1)
>>
>> Time: Wed Aug 24 2016 18:16:50
>>
>> Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
>> Replica ID: 4
>> Replica Root: dc=<REALM>
>> Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
>> Receiver: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
>> Type: master
>> Time Lag: 0:00:00
>> Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
>> Last Modify Time: 8/24/2016 18:16:50
>> Supplier: <MASTER OK>:389
>> Sent/Skipped: 179031 / 1037
>> Update Status: 0 Replica acquired successfully: Incremental update started
>> Update Started: 08/24/2016 18:16:50
>> Update Ended: n/a
>> Schedule: always in sync
>> SSL: SASL/GSSAPI
>>
>> Master: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
>> Replica ID: 3
>> Replica Root: dc=<REALM>
>> Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
>> Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
>> Type: master
>> Time Lag: - 0:22:29
>> Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
>> Last Modify Time: 8/24/2016 17:07:34
>> Supplier: <MASTER UNSYNCHRONIZED>:389
>> Sent/Skipped: 3 / 9045345
>> Update Status: 0 Replica acquired successfully: Incremental update started
>> Update Started: 08/24/2016 18:16:50
>> Update Ended: n/a
>> Schedule: always in sync
>> SSL: SASL/GSSAPI
>> ###
>>
>> Do you see something strange in there ?
>> I have another environment where I have two replicated master and they
>> are OK.
>> And when I check the same command, the result is a little bit different :
>> ###
>> Master: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
>> Replica ID: 4
>> Replica Root: dc=<REALM>
>> Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
>> Receiver: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
>> Type: master
>> Time Lag: 0:00:00
>> Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
>> Last Modify Time: 8/24/2016 18:16:00
>> Supplier: <MASTER 1 OK>:389
>> Sent/Skipped: 343515 / 0
>> Update Status: 0 Replica acquired successfully: Incremental update
>> succeeded
>> Update Started: 08/24/2016 18:15:59
>> Update Ended: 08/24/2016 18:16:08
>> Schedule: always in sync
>> SSL: SASL/GSSAPI
>>
>> Master: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
>> Replica ID: 3
>> Replica Root: dc=<REALM>
>> Max CSN: 57bdc887000800030000 (08/24/2016 18:17:11 8 0)
>> Receiver: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
>> Type: master
>> Time Lag: - 390:51:38
>> Max CSN: 57a8500d000400030000 (08/08/2016 11:25:33 4 0)
>> Last Modify Time: 8/8/2016 11:24:28
>> Supplier: <MASTER 2 OK>:389
>> Sent/Skipped: 5 / 2596073
>> Update Status: 0 Replica acquired successfully: Incremental update
>> succeeded
>> Update Started: 08/24/2016 18:16:00
>> Update Ended: 08/24/2016 18:16:12
>> Schedule: always in sync
>> SSL: SASL/GSSAPI
>> ###
>>
>> Best regards.
>>
>> Bahan
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/b03cda5c/attachment.htm>

From th at casalogic.dk  Thu Aug 25 06:42:28 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 25 Aug 2016 08:42:28 +0200 (CEST)
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <20160824075009.rj73yous3ptypj54@hendrix>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
Message-ID: <1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>

Yes and no....

Have tried setting it to both true and false, but doesn't make a huge difference.

Current result with "use_fully_qualified_names = false"

LDAP search from sssd_sudo.log shows SSSD finding a sudo rule...

(Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=drextrha at net.dr.dk)(sudoUser=#1349938498)
.......
(sudoUser=%domain_users)(sudoUser=+*)))]
(Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [drextrha at net.dr.dk]

SSSD cache shows the sudo rule:

# ldbsearch -H /var/lib/sss/db/cache_linux.dr.dk.ldb -b cn=sysdb '(objectClass=sudoRule)'
asq: Unable to register control with rootdse!
# record 1
dn: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
cn: guffe
dataExpireTimestamp: 1472110940
entryUSN: 325878
name: guffe
objectClass: sudoRule
originalDN: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
sudoCommand: /usr/bin/cat /var/log/messages
sudoHost: ALL
sudoRunAsGroup: ALL
sudoRunAsUser: ALL
sudoUser: %domain_users
distinguishedName: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb

But still sudo debug log says:

Aug 25 08:29:55 sudo[2392] -> user_in_group @ ./pwutil.c:940
Aug 25 08:29:55 sudo[2392] -> sudo_get_grlist @ ./pwutil.c:877
Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:277 := 0x7f877f45d1d0
Aug 25 08:29:55 sudo[2392] <- sudo_get_grlist @ ./pwutil.c:930 := 0x7f877f45d348
Aug 25 08:29:55 sudo[2392] -> sudo_getgrnam @ ./pwutil.c:719
Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:280 := (nil)
Aug 25 08:29:55 sudo[2392] -> make_gritem @ ./pwutil.c:474
Aug 25 08:29:55 sudo[2392] <- make_gritem @ ./pwutil.c:524 := 0x7f877f44ef20
Aug 25 08:29:55 sudo[2392] -> rbinsert @ ./redblack.c:181
Aug 25 08:29:55 sudo[2392] <- rbinsert @ ./redblack.c:261 := (nil)
Aug 25 08:29:55 sudo[2392] <- sudo_getgrnam @ ./pwutil.c:745 := 0x7f877f44ef38
Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref @ ./pwutil.c:816
Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref_item @ ./pwutil.c:805
Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref_item @ ./pwutil.c:810
Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref @ ./pwutil.c:818
Aug 25 08:29:55 sudo[2392] <- user_in_group @ ./pwutil.c:1010 := false


I'm quite lost on how to debug further on this.....

----- On Aug 24, 2016, at 9:50 AM, Jakub Hrozek jhrozek at redhat.com wrote:

> On Tue, Aug 23, 2016 at 03:17:48PM +0200, Troels Hansen wrote:
>> Running RHEL 7.2:
>> 
>> ipa-client-4.2.0-15.el7_2.18
>> sssd-ipa-1.13.0-40.el7_2.12.x86_64
>> ipa-server-4.2.0-15.el7_2.18.x86_64
>> 
>> I have a sudo rule where I try to give sudo access based on a AD group.
>> 
>> # groups drextrha at net.dr.dk
>> drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk
>> 
>> I'm member of the group domain_users via AD.
>> 
>> SUDO rule in LDAP:
>> 
>> # guffe, sudoers, linux.dr.dk
>> dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
>> sudoUser: %domain_users
>> sudoRunAsGroup: ALL
>> objectClass: sudoRole
>> objectClass: top
>> sudoCommand: /usr/bin/cat /var/log/messages
>> sudoRunAsUser: ALL
>> sudoHost: ALL
>> cn: guffe
> 
> domain_users != domain_users at linux.dr.dk
> 
> I'm also curious why sssd qualifies the IPA group name (domain_users is
> an IPA group name right?)
> 
> do you set use_fully_qualified_names=true by chance in the config file?
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From jhrozek at redhat.com  Thu Aug 25 07:23:14 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 25 Aug 2016 09:23:14 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160825072314.ezkrshqxamrnddgj@hendrix>

On Thu, Aug 25, 2016 at 08:42:28AM +0200, Troels Hansen wrote:
> Yes and no....
> 
> Have tried setting it to both true and false, but doesn't make a huge difference.
> 
> Current result with "use_fully_qualified_names = false"
> 
> LDAP search from sssd_sudo.log shows SSSD finding a sudo rule...
> 
> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=drextrha at net.dr.dk)(sudoUser=#1349938498)
> .......
> (sudoUser=%domain_users)(sudoUser=+*)))]
> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [drextrha at net.dr.dk]

Does the sudo log indicate that the rule is the one you'd expect?
Because I don't see sudo looking for domain_users below. Can you attach
the complete logs?

> 
> SSSD cache shows the sudo rule:
> 
> # ldbsearch -H /var/lib/sss/db/cache_linux.dr.dk.ldb -b cn=sysdb '(objectClass=sudoRule)'
> asq: Unable to register control with rootdse!
> # record 1
> dn: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
> cn: guffe
> dataExpireTimestamp: 1472110940
> entryUSN: 325878
> name: guffe
> objectClass: sudoRule
> originalDN: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
> sudoCommand: /usr/bin/cat /var/log/messages
> sudoHost: ALL
> sudoRunAsGroup: ALL
> sudoRunAsUser: ALL
> sudoUser: %domain_users
> distinguishedName: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
> 
> But still sudo debug log says:
> 
> Aug 25 08:29:55 sudo[2392] -> user_in_group @ ./pwutil.c:940
> Aug 25 08:29:55 sudo[2392] -> sudo_get_grlist @ ./pwutil.c:877
> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:277 := 0x7f877f45d1d0
> Aug 25 08:29:55 sudo[2392] <- sudo_get_grlist @ ./pwutil.c:930 := 0x7f877f45d348
> Aug 25 08:29:55 sudo[2392] -> sudo_getgrnam @ ./pwutil.c:719
> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:280 := (nil)
> Aug 25 08:29:55 sudo[2392] -> make_gritem @ ./pwutil.c:474
> Aug 25 08:29:55 sudo[2392] <- make_gritem @ ./pwutil.c:524 := 0x7f877f44ef20
> Aug 25 08:29:55 sudo[2392] -> rbinsert @ ./redblack.c:181
> Aug 25 08:29:55 sudo[2392] <- rbinsert @ ./redblack.c:261 := (nil)
> Aug 25 08:29:55 sudo[2392] <- sudo_getgrnam @ ./pwutil.c:745 := 0x7f877f44ef38
> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref @ ./pwutil.c:816
> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref_item @ ./pwutil.c:805
> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref_item @ ./pwutil.c:810
> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref @ ./pwutil.c:818
> Aug 25 08:29:55 sudo[2392] <- user_in_group @ ./pwutil.c:1010 := false
> 
> 
> I'm quite lost on how to debug further on this.....
> 
> ----- On Aug 24, 2016, at 9:50 AM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
> > On Tue, Aug 23, 2016 at 03:17:48PM +0200, Troels Hansen wrote:
> >> Running RHEL 7.2:
> >> 
> >> ipa-client-4.2.0-15.el7_2.18
> >> sssd-ipa-1.13.0-40.el7_2.12.x86_64
> >> ipa-server-4.2.0-15.el7_2.18.x86_64
> >> 
> >> I have a sudo rule where I try to give sudo access based on a AD group.
> >> 
> >> # groups drextrha at net.dr.dk
> >> drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk
> >> 
> >> I'm member of the group domain_users via AD.
> >> 
> >> SUDO rule in LDAP:
> >> 
> >> # guffe, sudoers, linux.dr.dk
> >> dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
> >> sudoUser: %domain_users
> >> sudoRunAsGroup: ALL
> >> objectClass: sudoRole
> >> objectClass: top
> >> sudoCommand: /usr/bin/cat /var/log/messages
> >> sudoRunAsUser: ALL
> >> sudoHost: ALL
> >> cn: guffe
> > 
> > domain_users != domain_users at linux.dr.dk
> > 
> > I'm also curious why sssd qualifies the IPA group name (domain_users is
> > an IPA group name right?)
> > 
> > do you set use_fully_qualified_names=true by chance in the config file?
> > 
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> 
> -- 
> Med venlig hilsen 
> 
> Troels Hansen 
> 
> Systemkonsulent 
> 
> Casalogic A/S 
> 
> 
> T (+45) 70 20 10 63 
> 
> M (+45) 22 43 71 57 
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From th at casalogic.dk  Thu Aug 25 07:24:34 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 25 Aug 2016 09:24:34 +0200 (CEST)
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
Message-ID: <1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>

Hmm, sometimes the man page actually helps....

It seems setting "default_domain_suffix" to allow users to log in, without the domain part changes use_fully_qualified_names default to true, without the option of setting it false.....

So, we have two options:
- Have users always use their full login including domain
- Setting default_domain_suffix to help the users and efficiently break SUDO?

Can this be true?


----- On Aug 25, 2016, at 8:42 AM, Troels Hansen th at casalogic.dk wrote:

> Yes and no....
> 
> Have tried setting it to both true and false, but doesn't make a huge
> difference.
> 
> Current result with "use_fully_qualified_names = false"
> 
> LDAP search from sssd_sudo.log shows SSSD finding a sudo rule...
> 
> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> (0x0200): Searching sysdb with
> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=drextrha at net.dr.dk)(sudoUser=#1349938498)
> .......
> (sudoUser=%domain_users)(sudoUser=+*)))]
> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
> rules with higher-wins logic
> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> (0x0400): Returning 1 rules for [drextrha at net.dr.dk]
> 
> SSSD cache shows the sudo rule:
> 
> # ldbsearch -H /var/lib/sss/db/cache_linux.dr.dk.ldb -b cn=sysdb
> '(objectClass=sudoRule)'
> asq: Unable to register control with rootdse!
> # record 1
> dn: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
> cn: guffe
> dataExpireTimestamp: 1472110940
> entryUSN: 325878
> name: guffe
> objectClass: sudoRule
> originalDN: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
> sudoCommand: /usr/bin/cat /var/log/messages
> sudoHost: ALL
> sudoRunAsGroup: ALL
> sudoRunAsUser: ALL
> sudoUser: %domain_users
> distinguishedName: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
> 
> But still sudo debug log says:
> 
> Aug 25 08:29:55 sudo[2392] -> user_in_group @ ./pwutil.c:940
> Aug 25 08:29:55 sudo[2392] -> sudo_get_grlist @ ./pwutil.c:877
> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:277 := 0x7f877f45d1d0
> Aug 25 08:29:55 sudo[2392] <- sudo_get_grlist @ ./pwutil.c:930 := 0x7f877f45d348
> Aug 25 08:29:55 sudo[2392] -> sudo_getgrnam @ ./pwutil.c:719
> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:280 := (nil)
> Aug 25 08:29:55 sudo[2392] -> make_gritem @ ./pwutil.c:474
> Aug 25 08:29:55 sudo[2392] <- make_gritem @ ./pwutil.c:524 := 0x7f877f44ef20
> Aug 25 08:29:55 sudo[2392] -> rbinsert @ ./redblack.c:181
> Aug 25 08:29:55 sudo[2392] <- rbinsert @ ./redblack.c:261 := (nil)
> Aug 25 08:29:55 sudo[2392] <- sudo_getgrnam @ ./pwutil.c:745 := 0x7f877f44ef38
> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref @ ./pwutil.c:816
> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref_item @ ./pwutil.c:805
> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref_item @ ./pwutil.c:810
> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref @ ./pwutil.c:818
> Aug 25 08:29:55 sudo[2392] <- user_in_group @ ./pwutil.c:1010 := false
> 
> 
> I'm quite lost on how to debug further on this.....
> 
> ----- On Aug 24, 2016, at 9:50 AM, Jakub Hrozek jhrozek at redhat.com wrote:
> 
>> On Tue, Aug 23, 2016 at 03:17:48PM +0200, Troels Hansen wrote:
>>> Running RHEL 7.2:
>>> 
>>> ipa-client-4.2.0-15.el7_2.18
>>> sssd-ipa-1.13.0-40.el7_2.12.x86_64
>>> ipa-server-4.2.0-15.el7_2.18.x86_64
>>> 
>>> I have a sudo rule where I try to give sudo access based on a AD group.
>>> 
>>> # groups drextrha at net.dr.dk
>>> drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk
>>> 
>>> I'm member of the group domain_users via AD.
>>> 
>>> SUDO rule in LDAP:
>>> 
>>> # guffe, sudoers, linux.dr.dk
>>> dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
>>> sudoUser: %domain_users
>>> sudoRunAsGroup: ALL
>>> objectClass: sudoRole
>>> objectClass: top
>>> sudoCommand: /usr/bin/cat /var/log/messages
>>> sudoRunAsUser: ALL
>>> sudoHost: ALL
>>> cn: guffe
>> 
>> domain_users != domain_users at linux.dr.dk
>> 
>> I'm also curious why sssd qualifies the IPA group name (domain_users is
>> an IPA group name right?)
>> 
>> do you set use_fully_qualified_names=true by chance in the config file?
>> 
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> --
> Med venlig hilsen
> 
> Troels Hansen
> 
> Systemkonsulent
> 
> Casalogic A/S
> 
> 
> T (+45) 70 20 10 63
> 
> M (+45) 22 43 71 57
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
> meget mere.
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From lkrispen at redhat.com  Thu Aug 25 08:01:30 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Thu, 25 Aug 2016 10:01:30 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
	<265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
	<CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
Message-ID: <57BEA5DA.8080002@redhat.com>

The replication agreements to the "unsync" master says that update has 
started, so it looks like replication connection is active.
You need to check the access and error logs of bot sides and check if 
tehre is replication traffic

On 08/24/2016 06:33 PM, bahan w wrote:
> Hey guys.
>
> I performed it :
> ###
> # /usr/bin/repl-monitor.pl <http://repl-monitor.pl> -f /tmp/checkconf -s
> Directory Server Replication Status (Version 1.1)
>
> Time: Wed Aug 24 2016 18:16:50
>
> Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Replica ID: 4
> Replica Root: dc=<REALM>
> Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
> Receiver: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
> Type: master
> Time Lag: 0:00:00
> Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
> Last Modify Time: 8/24/2016 18:16:50
> Supplier: <MASTER OK>:389
> Sent/Skipped: 179031 / 1037
> Update Status: 0 Replica acquired successfully: Incremental update started
> Update Started: 08/24/2016 18:16:50
> Update Ended: n/a
> Schedule: always in sync
> SSL: SASL/GSSAPI
>
> Master: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
> Replica ID: 3
> Replica Root: dc=<REALM>
> Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
> Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Type: master
> Time Lag: - 0:22:29
> Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
> Last Modify Time: 8/24/2016 17:07:34
> Supplier: <MASTER UNSYNCHRONIZED>:389
> Sent/Skipped: 3 / 9045345
> Update Status: 0 Replica acquired successfully: Incremental update started
> Update Started: 08/24/2016 18:16:50
> Update Ended: n/a
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> Do you see something strange in there ?
> I have another environment where I have two replicated master and they 
> are OK.
> And when I check the same command, the result is a little bit different :
> ###
> Master: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
> Replica ID: 4
> Replica Root: dc=<REALM>
> Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
> Receiver: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
> Type: master
> Time Lag: 0:00:00
> Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
> Last Modify Time: 8/24/2016 18:16:00
> Supplier: <MASTER 1 OK>:389
> Sent/Skipped: 343515 / 0
> Update Status: 0 Replica acquired successfully: Incremental update 
> succeeded
> Update Started: 08/24/2016 18:15:59
> Update Ended: 08/24/2016 18:16:08
> Schedule: always in sync
> SSL: SASL/GSSAPI
>
> Master: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
> Replica ID: 3
> Replica Root: dc=<REALM>
> Max CSN: 57bdc887000800030000 (08/24/2016 18:17:11 8 0)
> Receiver: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
> Type: master
> Time Lag: - 390:51:38
> Max CSN: 57a8500d000400030000 (08/08/2016 11:25:33 4 0)
> Last Modify Time: 8/8/2016 11:24:28
> Supplier: <MASTER 2 OK>:389
> Sent/Skipped: 5 / 2596073
> Update Status: 0 Replica acquired successfully: Incremental update 
> succeeded
> Update Started: 08/24/2016 18:16:00
> Update Ended: 08/24/2016 18:16:12
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> Best regards.
>
> Bahan

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/dde0bde5/attachment.htm>

From th at casalogic.dk  Thu Aug 25 08:05:36 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 25 Aug 2016 10:05:36 +0200 (CEST)
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
Message-ID: <260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>

Hmm, seems waiting for RHEL 7.3 and SSSD 1.14 will solve this problem....

https://fedorahosted.org/sssd/ticket/2919

Am I correct?

----- On Aug 25, 2016, at 9:24 AM, Troels Hansen th at casalogic.dk wrote:

> Hmm, sometimes the man page actually helps....
> 
> It seems setting "default_domain_suffix" to allow users to log in, without the
> domain part changes use_fully_qualified_names default to true, without the
> option of setting it false.....
> 
> So, we have two options:
> - Have users always use their full login including domain
> - Setting default_domain_suffix to help the users and efficiently break SUDO?
> 
> Can this be true?
> 
> 
> ----- On Aug 25, 2016, at 8:42 AM, Troels Hansen th at casalogic.dk wrote:
> 
>> Yes and no....
>> 
>> Have tried setting it to both true and false, but doesn't make a huge
>> difference.
>> 
>> Current result with "use_fully_qualified_names = false"
>> 
>> LDAP search from sssd_sudo.log shows SSSD finding a sudo rule...
>> 
>> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
>> (0x0200): Searching sysdb with
>> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=drextrha at net.dr.dk)(sudoUser=#1349938498)
>> .......
>> (sudoUser=%domain_users)(sudoUser=+*)))]
>> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
>> rules with higher-wins logic
>> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
>> (0x0400): Returning 1 rules for [drextrha at net.dr.dk]
>> 
>> SSSD cache shows the sudo rule:
>> 
>> # ldbsearch -H /var/lib/sss/db/cache_linux.dr.dk.ldb -b cn=sysdb
>> '(objectClass=sudoRule)'
>> asq: Unable to register control with rootdse!
>> # record 1
>> dn: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
>> cn: guffe
>> dataExpireTimestamp: 1472110940
>> entryUSN: 325878
>> name: guffe
>> objectClass: sudoRule
>> originalDN: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
>> sudoCommand: /usr/bin/cat /var/log/messages
>> sudoHost: ALL
>> sudoRunAsGroup: ALL
>> sudoRunAsUser: ALL
>> sudoUser: %domain_users
>> distinguishedName: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
>> 
>> But still sudo debug log says:
>> 
>> Aug 25 08:29:55 sudo[2392] -> user_in_group @ ./pwutil.c:940
>> Aug 25 08:29:55 sudo[2392] -> sudo_get_grlist @ ./pwutil.c:877
>> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
>> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:277 := 0x7f877f45d1d0
>> Aug 25 08:29:55 sudo[2392] <- sudo_get_grlist @ ./pwutil.c:930 := 0x7f877f45d348
>> Aug 25 08:29:55 sudo[2392] -> sudo_getgrnam @ ./pwutil.c:719
>> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
>> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:280 := (nil)
>> Aug 25 08:29:55 sudo[2392] -> make_gritem @ ./pwutil.c:474
>> Aug 25 08:29:55 sudo[2392] <- make_gritem @ ./pwutil.c:524 := 0x7f877f44ef20
>> Aug 25 08:29:55 sudo[2392] -> rbinsert @ ./redblack.c:181
>> Aug 25 08:29:55 sudo[2392] <- rbinsert @ ./redblack.c:261 := (nil)
>> Aug 25 08:29:55 sudo[2392] <- sudo_getgrnam @ ./pwutil.c:745 := 0x7f877f44ef38
>> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref @ ./pwutil.c:816
>> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref_item @ ./pwutil.c:805
>> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref_item @ ./pwutil.c:810
>> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref @ ./pwutil.c:818
>> Aug 25 08:29:55 sudo[2392] <- user_in_group @ ./pwutil.c:1010 := false
>> 
>> 
>> I'm quite lost on how to debug further on this.....
>> 
>> ----- On Aug 24, 2016, at 9:50 AM, Jakub Hrozek jhrozek at redhat.com wrote:
>> 
>>> On Tue, Aug 23, 2016 at 03:17:48PM +0200, Troels Hansen wrote:
>>>> Running RHEL 7.2:
>>>> 
>>>> ipa-client-4.2.0-15.el7_2.18
>>>> sssd-ipa-1.13.0-40.el7_2.12.x86_64
>>>> ipa-server-4.2.0-15.el7_2.18.x86_64
>>>> 
>>>> I have a sudo rule where I try to give sudo access based on a AD group.
>>>> 
>>>> # groups drextrha at net.dr.dk
>>>> drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk
>>>> 
>>>> I'm member of the group domain_users via AD.
>>>> 
>>>> SUDO rule in LDAP:
>>>> 
>>>> # guffe, sudoers, linux.dr.dk
>>>> dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
>>>> sudoUser: %domain_users
>>>> sudoRunAsGroup: ALL
>>>> objectClass: sudoRole
>>>> objectClass: top
>>>> sudoCommand: /usr/bin/cat /var/log/messages
>>>> sudoRunAsUser: ALL
>>>> sudoHost: ALL
>>>> cn: guffe
>>> 
>>> domain_users != domain_users at linux.dr.dk
>>> 
>>> I'm also curious why sssd qualifies the IPA group name (domain_users is
>>> an IPA group name right?)
>>> 
>>> do you set use_fully_qualified_names=true by chance in the config file?
>>> 
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>> 
>> --
>> Med venlig hilsen
>> 
>> Troels Hansen
>> 
>> Systemkonsulent
>> 
>> Casalogic A/S
>> 
>> 
>> T (+45) 70 20 10 63
>> 
>> M (+45) 22 43 71 57
>> 
>> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
>> meget mere.
>> 
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> --
> Med venlig hilsen
> 
> Troels Hansen
> 
> Systemkonsulent
> 
> Casalogic A/S
> 
> 
> T (+45) 70 20 10 63
> 
> M (+45) 22 43 71 57
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
> meget mere.
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From lkrispen at redhat.com  Thu Aug 25 08:14:23 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Thu, 25 Aug 2016 10:14:23 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
	<265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
	<CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
Message-ID: <57BEA8DF.7070006@redhat.com>

I just noticed that you have many skipped entries, Sent/Skipped: 3 / 9045345

that could be an effect of fractional replication which  reiterates the 
same sequence of changes. This is fixed in recent releases, but looks 
like your on RHEL 6.6

Ludwig

On 08/24/2016 06:33 PM, bahan w wrote:
> Hey guys.
>
> I performed it :
> ###
> # /usr/bin/repl-monitor.pl <http://repl-monitor.pl> -f /tmp/checkconf -s
> Directory Server Replication Status (Version 1.1)
>
> Time: Wed Aug 24 2016 18:16:50
>
> Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Replica ID: 4
> Replica Root: dc=<REALM>
> Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
> Receiver: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
> Type: master
> Time Lag: 0:00:00
> Max CSN: 57bdc897000300040000 (08/24/2016 18:17:27 3 0)
> Last Modify Time: 8/24/2016 18:16:50
> Supplier: <MASTER OK>:389
> Sent/Skipped: 179031 / 1037
> Update Status: 0 Replica acquired successfully: Incremental update started
> Update Started: 08/24/2016 18:16:50
> Update Ended: n/a
> Schedule: always in sync
> SSL: SASL/GSSAPI
>
> Master: <MASTER UNSYNCHRONIZED>:389 ldap://<MASTER UNSYNCHRONIZED>:389/
> Replica ID: 3
> Replica Root: dc=<REALM>
> Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
> Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Type: master
> Time Lag: - 0:22:29
> Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
> Last Modify Time: 8/24/2016 17:07:34
> Supplier: <MASTER UNSYNCHRONIZED>:389
> Sent/Skipped: 3 / 9045345
> Update Status: 0 Replica acquired successfully: Incremental update started
> Update Started: 08/24/2016 18:16:50
> Update Ended: n/a
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> Do you see something strange in there ?
> I have another environment where I have two replicated master and they 
> are OK.
> And when I check the same command, the result is a little bit different :
> ###
> Master: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
> Replica ID: 4
> Replica Root: dc=<REALM>
> Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
> Receiver: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
> Type: master
> Time Lag: 0:00:00
> Max CSN: 57bdc88d000300040000 (08/24/2016 18:17:17 3 0)
> Last Modify Time: 8/24/2016 18:16:00
> Supplier: <MASTER 1 OK>:389
> Sent/Skipped: 343515 / 0
> Update Status: 0 Replica acquired successfully: Incremental update 
> succeeded
> Update Started: 08/24/2016 18:15:59
> Update Ended: 08/24/2016 18:16:08
> Schedule: always in sync
> SSL: SASL/GSSAPI
>
> Master: <MASTER 2 OK>:389 ldap://<MASTER 2 OK>:389/
> Replica ID: 3
> Replica Root: dc=<REALM>
> Max CSN: 57bdc887000800030000 (08/24/2016 18:17:11 8 0)
> Receiver: <MASTER 1 OK>:389 ldap://<MASTER 1 OK>:389/
> Type: master
> Time Lag: - 390:51:38
> Max CSN: 57a8500d000400030000 (08/08/2016 11:25:33 4 0)
> Last Modify Time: 8/8/2016 11:24:28
> Supplier: <MASTER 2 OK>:389
> Sent/Skipped: 5 / 2596073
> Update Status: 0 Replica acquired successfully: Incremental update 
> succeeded
> Update Started: 08/24/2016 18:16:00
> Update Ended: 08/24/2016 18:16:12
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> Best regards.
>
> Bahan

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/2e5b9d5a/attachment.htm>

From rakesh.rajasekharan at gmail.com  Thu Aug 25 08:15:26 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Thu, 25 Aug 2016 13:45:26 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
Message-ID: <CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>

All of the troubleshooting seems fine.


However, Running libconv.pl gives me this output

----- Recommendations -----

 1.  You have unindexed components, this can be caused from a search on an
unindexed attribute, or your returned results exceeded the
allidsthreshold.  Unindexed components are not recommended. To refuse
unindexed searches, switch 'nsslapd-require-index' to 'on' under your
database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config).

 2.  You have a significant difference between binds and unbinds.  You may
want to investigate this difference.


I feel, this could be a pointer to things going slow.. and IPA hanging. I
think i now have something that I can try and nail down this issue.

On a sidenote, I was earlier running openldap and migrated over to Freeipa,

Thanks
Rakesh



On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek <pspacek at redhat.com> wrote:

> On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
> > I think thers something seriously wrong with my system
> >
> > not able to run any  IPA commands
> >
> > klist
> > Ticket cache: KEYRING:persistent:0:0
> > Default principal: admin at XYZ.COM
> >
> > Valid starting       Expires              Service principal
> > 2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/XYZ.COM at XYZ.COM
> >
> >
> > [root at prod-ipa-master-1a :~] ipactl status
> > Directory Service: RUNNING
> > krb5kdc Service: RUNNING
> > kadmin Service: RUNNING
> > ipa_memcached Service: RUNNING
> > httpd Service: RUNNING
> > pki-tomcatd Service: RUNNING
> > ipa-otpd Service: RUNNING
> > ipa: INFO: The ipactl command was successful
> >
> >
> >
> > [root at prod-ipa-master :~] ipa user-find p-testuser
> > ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may
> > provide more information', 851968)/("Cannot contact any KDC for realm '
> > XYZ.COM'", -1765328228)
> >
>
> This is weird because the server seems to be up.
>
> Please follow
> http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>
> Petr^2 Spacek
>
> >
> >
> > Thanks
> >
> > Rakesh
> >
> > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
> > rakesh.rajasekharan at gmail.com> wrote:
> >
> >> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
> >>
> >> But, the hang is still there. though I dont see the sigfault now
> >>
> >>
> >>
> >>
> >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
> >> rakesh.rajasekharan at gmail.com> wrote:
> >>
> >>> My disk was getting filled too fast
> >>>
> >>> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
> >>>
> >>> Is there a way to make the logging less verbose
> >>>
> >>>
> >>>
> >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com>
> wrote:
> >>>
> >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
> >>>>> I was able to fix that may be temporarily... when i checked the
> >>>> network..
> >>>>> there was another process that was running and consuming a lot of
> >>>> network (
> >>>>> i have no idea who did that. I need to seriously start restricting
> >>>> people
> >>>>> access to this machine )
> >>>>>
> >>>>> after killing that perfomance improved drastically
> >>>>>
> >>>>> But now, suddenly I started experiencing the same hang.
> >>>>>
> >>>>> This time , I gert the following error when checked dmesg
> >>>>>
> >>>>> [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
> >>>>> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
> >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port
> 88.
> >>>>> Sending cookies.  Check SNMP counters.
> >>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
> >>>>> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
> >>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
> >>>>> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
> >>>>
> >>>> Okay, this one is serious. The LDAP server crashed.
> >>>>
> >>>> 1. Make sure all your packages are up-to-date.
> >>>>
> >>>> Please see
> >>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
> >>>> ebugging-crashes
> >>>> for further instructions how to debug this.
> >>>>
> >>>> Petr^2 Spacek
> >>>>
> >>>>>
> >>>>> and in /var/log/dirsrv/example-com/errors
> >>>>>
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291138 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291139 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291140 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291141 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291142 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291143 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291144 (rc: 32)
> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3291145 (rc: 32)
> >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
> >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord:
> >>>> could
> >>>>> not delete change record 3292734 (rc: 51)
> >>>>>
> >>>>>
> >>>>> Can  i do something about this error.. I treid to restart ipa a
> couple
> >>>> of
> >>>>> time but that did not help
> >>>>>
> >>>>> Thanks
> >>>>> Rakesh
> >>>>>
> >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
> >>>> wrote:
> >>>>>
> >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
> >>>>>>> I am running my set up on AWS cloud, and entropy is low at around
> >>>> 180 .
> >>>>>>>
> >>>>>>> I plan to increase it bu installing haveged . But, would low
> entropy
> >>>> by
> >>>>>> any
> >>>>>>> chance cause this issue of intermittent hang .
> >>>>>>> Also, the hang is mostly observed when registering around 20
> clients
> >>>>>>> together
> >>>>>>
> >>>>>> Possibly, I'm not sure. If you want to dig into this, I would do
> this:
> >>>>>> 1. look what process hangs on client (using pstree command or so)
> >>>>>> $ pstree
> >>>>>>
> >>>>>> 2. look to what server and port is the hanging client connected to
> >>>>>> $ lsof -p <PID of the hanging process>
> >>>>>>
> >>>>>> 3. jump to server and see what process is bound to the target port
> >>>>>> $ netstat -pn
> >>>>>>
> >>>>>> 4. see where the process if hanging
> >>>>>> $ strace -p <PID of the hanging process>
> >>>>>>
> >>>>>> I hope it helps.
> >>>>>>
> >>>>>> Petr^2 Spacek
> >>>>>>
> >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
> >>>>>>> rakesh.rajasekharan at gmail.com> wrote:
> >>>>>>>
> >>>>>>>> yes there seems to be something thats worrying.. I have faced this
> >>>> today
> >>>>>>>> as well.
> >>>>>>>> There are few hosts around 280 odd left and when i try adding them
> >>>> to
> >>>>>> IPA
> >>>>>>>> , the slowness begins..
> >>>>>>>>
> >>>>>>>> all the ipa commands like ipa user-find.. etc becomes very slow in
> >>>>>>>> responding.
> >>>>>>>>
> >>>>>>>> the SYNC_RECV are not many though just around 80-90 and today that
> >>>> was
> >>>>>>>> around 20 only
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I have for now increased tcp_max_syn_backlog to 5000.
> >>>>>>>> For now the slowness seems to have gone.. but I will do a try
> >>>> adding the
> >>>>>>>> clients again tomorrow and see how it goes
> >>>>>>>>
> >>>>>>>> Thanks
> >>>>>>>> Rakesh
> >>>>>>>>
> >>>>>>>> The issues
> >>>>>>>>
> >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <pspacek at redhat.com
> >
> >>>>>> wrote:
> >>>>>>>>
> >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
> >>>>>>>>>> Hi
> >>>>>>>>>>
> >>>>>>>>>> I am migrating to freeipa from openldap and have around 4000
> >>>> clients
> >>>>>>>>>>
> >>>>>>>>>> I had openned a another thread on that, but chose to start a new
> >>>> one
> >>>>>>>>> here
> >>>>>>>>>> as its a separate issue
> >>>>>>>>>>
> >>>>>>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif
> >>>> file
> >>>>>>>>>>
> >>>>>>>>>> cat nsslapd-modify.ldif
> >>>>>>>>>> dn: cn=config
> >>>>>>>>>> changetype: modify
> >>>>>>>>>> replace: nsslapd-maxdescriptors
> >>>>>>>>>> nsslapd-maxdescriptors: 17000
> >>>>>>>>>>
> >>>>>>>>>> and running the ldapmodify command
> >>>>>>>>>>
> >>>>>>>>>> I have now started moving clients running an openldap to Freeipa
> >>>> and
> >>>>>>>>> have
> >>>>>>>>>> today moved close to 2000 clients
> >>>>>>>>>>
> >>>>>>>>>> However, I have noticed that IPA hangs intermittently.
> >>>>>>>>>>
> >>>>>>>>>> running a kinit admin returns the below error
> >>>>>>>>>> kinit: Generic error (see e-text) while getting initial
> >>>> credentials
> >>>>>>>>>>
> >>>>>>>>>> from the /var/log/messages, I see this entry
> >>>>>>>>>>
> >>>>>>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP:
> >>>> request_sock_TCP:
> >>>>>>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
> >>>>>> counters.
> >>>>>>>>>
> >>>>>>>>> I would be worried about this message. Maybe kernel/firewall is
> >>>> doing
> >>>>>>>>> something fishy behind your back and blocking some connections or
> >>>> so.
> >>>>>>>>>
> >>>>>>>>> Petr^2 Spacek
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session
> >>>> 4885
> >>>>>> of
> >>>>>>>>>> user root.
> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting Session
> >>>> 4885
> >>>>>> of
> >>>>>>>>>> user root.
> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session
> >>>> 4886
> >>>>>> of
> >>>>>>>>>> user root.
> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting Session
> >>>> 4886
> >>>>>> of
> >>>>>>>>>> user root.
> >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]:
> ansible-command
> >>>>>>>>> Invoked
> >>>>>>>>>> with creates=None executable=None shell=True args= removes=None
> >>>>>>>>> warn=True
> >>>>>>>>>> chdir=None
> >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
> >>>> Unspecified
> >>>>>>>>> GSS
> >>>>>>>>>> failure.  Minor code may provide more information (KDC returned
> >>>> error
> >>>>>>>>>> string: PROCESS_TGS)
> >>>>>>>>>>
> >>>>>>>>>> Could it be possible that its due to the initial load of adding
> >>>> the
> >>>>>>>>> clients
> >>>>>>>>>> or is there something else that I need to take care of.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/7419978c/attachment.htm>

From jhrozek at redhat.com  Thu Aug 25 08:32:40 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 25 Aug 2016 10:32:40 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160825083240.dwyldjgigvbgs4ut@hendrix>

On Thu, Aug 25, 2016 at 09:24:34AM +0200, Troels Hansen wrote:
> Hmm, sometimes the man page actually helps....
> 
> It seems setting "default_domain_suffix" to allow users to log in, without the domain part changes use_fully_qualified_names default to true, without the option of setting it false.....
> 
> So, we have two options:
> - Have users always use their full login including domain
> - Setting default_domain_suffix to help the users and efficiently break SUDO?
> 
> Can this be true?

Yes, sudo together with default_domain_suffix only works with 1.14+



From jhrozek at redhat.com  Thu Aug 25 08:32:53 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 25 Aug 2016 10:32:53 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
	<260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160825083253.vqvywxhbpgicme3h@hendrix>

yes.

On Thu, Aug 25, 2016 at 10:05:36AM +0200, Troels Hansen wrote:
> Hmm, seems waiting for RHEL 7.3 and SSSD 1.14 will solve this problem....
> 
> https://fedorahosted.org/sssd/ticket/2919
> 
> Am I correct?
> 
> ----- On Aug 25, 2016, at 9:24 AM, Troels Hansen th at casalogic.dk wrote:
> 
> > Hmm, sometimes the man page actually helps....
> > 
> > It seems setting "default_domain_suffix" to allow users to log in, without the
> > domain part changes use_fully_qualified_names default to true, without the
> > option of setting it false.....
> > 
> > So, we have two options:
> > - Have users always use their full login including domain
> > - Setting default_domain_suffix to help the users and efficiently break SUDO?
> > 
> > Can this be true?
> > 
> > 
> > ----- On Aug 25, 2016, at 8:42 AM, Troels Hansen th at casalogic.dk wrote:
> > 
> >> Yes and no....
> >> 
> >> Have tried setting it to both true and false, but doesn't make a huge
> >> difference.
> >> 
> >> Current result with "use_fully_qualified_names = false"
> >> 
> >> LDAP search from sssd_sudo.log shows SSSD finding a sudo rule...
> >> 
> >> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
> >> (0x0200): Searching sysdb with
> >> [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=drextrha at net.dr.dk)(sudoUser=#1349938498)
> >> .......
> >> (sudoUser=%domain_users)(sudoUser=+*)))]
> >> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting
> >> rules with higher-wins logic
> >> (Thu Aug 25 08:15:27 2016) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
> >> (0x0400): Returning 1 rules for [drextrha at net.dr.dk]
> >> 
> >> SSSD cache shows the sudo rule:
> >> 
> >> # ldbsearch -H /var/lib/sss/db/cache_linux.dr.dk.ldb -b cn=sysdb
> >> '(objectClass=sudoRule)'
> >> asq: Unable to register control with rootdse!
> >> # record 1
> >> dn: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
> >> cn: guffe
> >> dataExpireTimestamp: 1472110940
> >> entryUSN: 325878
> >> name: guffe
> >> objectClass: sudoRule
> >> originalDN: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
> >> sudoCommand: /usr/bin/cat /var/log/messages
> >> sudoHost: ALL
> >> sudoRunAsGroup: ALL
> >> sudoRunAsUser: ALL
> >> sudoUser: %domain_users
> >> distinguishedName: name=guffe,cn=sudorules,cn=custom,cn=linux.dr.dk,cn=sysdb
> >> 
> >> But still sudo debug log says:
> >> 
> >> Aug 25 08:29:55 sudo[2392] -> user_in_group @ ./pwutil.c:940
> >> Aug 25 08:29:55 sudo[2392] -> sudo_get_grlist @ ./pwutil.c:877
> >> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
> >> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:277 := 0x7f877f45d1d0
> >> Aug 25 08:29:55 sudo[2392] <- sudo_get_grlist @ ./pwutil.c:930 := 0x7f877f45d348
> >> Aug 25 08:29:55 sudo[2392] -> sudo_getgrnam @ ./pwutil.c:719
> >> Aug 25 08:29:55 sudo[2392] -> rbfind @ ./redblack.c:273
> >> Aug 25 08:29:55 sudo[2392] <- rbfind @ ./redblack.c:280 := (nil)
> >> Aug 25 08:29:55 sudo[2392] -> make_gritem @ ./pwutil.c:474
> >> Aug 25 08:29:55 sudo[2392] <- make_gritem @ ./pwutil.c:524 := 0x7f877f44ef20
> >> Aug 25 08:29:55 sudo[2392] -> rbinsert @ ./redblack.c:181
> >> Aug 25 08:29:55 sudo[2392] <- rbinsert @ ./redblack.c:261 := (nil)
> >> Aug 25 08:29:55 sudo[2392] <- sudo_getgrnam @ ./pwutil.c:745 := 0x7f877f44ef38
> >> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref @ ./pwutil.c:816
> >> Aug 25 08:29:55 sudo[2392] -> sudo_grlist_delref_item @ ./pwutil.c:805
> >> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref_item @ ./pwutil.c:810
> >> Aug 25 08:29:55 sudo[2392] <- sudo_grlist_delref @ ./pwutil.c:818
> >> Aug 25 08:29:55 sudo[2392] <- user_in_group @ ./pwutil.c:1010 := false
> >> 
> >> 
> >> I'm quite lost on how to debug further on this.....
> >> 
> >> ----- On Aug 24, 2016, at 9:50 AM, Jakub Hrozek jhrozek at redhat.com wrote:
> >> 
> >>> On Tue, Aug 23, 2016 at 03:17:48PM +0200, Troels Hansen wrote:
> >>>> Running RHEL 7.2:
> >>>> 
> >>>> ipa-client-4.2.0-15.el7_2.18
> >>>> sssd-ipa-1.13.0-40.el7_2.12.x86_64
> >>>> ipa-server-4.2.0-15.el7_2.18.x86_64
> >>>> 
> >>>> I have a sudo rule where I try to give sudo access based on a AD group.
> >>>> 
> >>>> # groups drextrha at net.dr.dk
> >>>> drextrha at net.dr.dk : drextrha at net.dr.dk ............... domain_users at linux.dr.dk
> >>>> 
> >>>> I'm member of the group domain_users via AD.
> >>>> 
> >>>> SUDO rule in LDAP:
> >>>> 
> >>>> # guffe, sudoers, linux.dr.dk
> >>>> dn: cn=guffe,ou=sudoers,dc=linux,dc=dr,dc=dk
> >>>> sudoUser: %domain_users
> >>>> sudoRunAsGroup: ALL
> >>>> objectClass: sudoRole
> >>>> objectClass: top
> >>>> sudoCommand: /usr/bin/cat /var/log/messages
> >>>> sudoRunAsUser: ALL
> >>>> sudoHost: ALL
> >>>> cn: guffe
> >>> 
> >>> domain_users != domain_users at linux.dr.dk
> >>> 
> >>> I'm also curious why sssd qualifies the IPA group name (domain_users is
> >>> an IPA group name right?)
> >>> 
> >>> do you set use_fully_qualified_names=true by chance in the config file?
> >>> 
> >>> --
> >>> Manage your subscription for the Freeipa-users mailing list:
> >>> https://www.redhat.com/mailman/listinfo/freeipa-users
> >>> Go to http://freeipa.org for more info on the project
> >> 
> >> --
> >> Med venlig hilsen
> >> 
> >> Troels Hansen
> >> 
> >> Systemkonsulent
> >> 
> >> Casalogic A/S
> >> 
> >> 
> >> T (+45) 70 20 10 63
> >> 
> >> M (+45) 22 43 71 57
> >> 
> >> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
> >> meget mere.
> >> 
> >> --
> >> Manage your subscription for the Freeipa-users mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
> >> Go to http://freeipa.org for more info on the project
> > 
> > --
> > Med venlig hilsen
> > 
> > Troels Hansen
> > 
> > Systemkonsulent
> > 
> > Casalogic A/S
> > 
> > 
> > T (+45) 70 20 10 63
> > 
> > M (+45) 22 43 71 57
> > 
> > Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
> > meget mere.
> > 
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> 
> -- 
> Med venlig hilsen 
> 
> Troels Hansen 
> 
> Systemkonsulent 
> 
> Casalogic A/S 
> 
> 
> T (+45) 70 20 10 63 
> 
> M (+45) 22 43 71 57 
> 
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From lslebodn at redhat.com  Thu Aug 25 08:48:21 2016
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Thu, 25 Aug 2016 10:48:21 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
	<260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160825084820.GB30315@10.4.128.1>

On (25/08/16 10:05), Troels Hansen wrote:
>Hmm, seems waiting for RHEL 7.3 and SSSD 1.14 will solve this problem....
>
>https://fedorahosted.org/sssd/ticket/2919
>
Meanwhile, you can test upstream version
https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-14/

LS



From tbordaz at redhat.com  Thu Aug 25 08:47:39 2016
From: tbordaz at redhat.com (thierry bordaz)
Date: Thu, 25 Aug 2016 10:47:39 +0200
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
	<CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
Message-ID: <57BEB0AB.2090506@redhat.com>



On 08/25/2016 10:15 AM, Rakesh Rajasekharan wrote:
> All of the troubleshooting seems fine.
>
>
> However, Running libconv.pl <http://libconv.pl> gives me this output
>
> ----- Recommendations -----
>
>  1.  You have unindexed components, this can be caused from a search 
> on an unindexed attribute, or your returned results exceeded the 
> allidsthreshold.  Unindexed components are not recommended. To refuse 
> unindexed searches, switch 'nsslapd-require-index' to 'on' under your 
> database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config).
>
>  2.  You have a significant difference between binds and unbinds.  You 
> may want to investigate this difference.
>
>
> I feel, this could be a pointer to things going slow.. and IPA 
> hanging. I think i now have something that I can try and nail down 
> this issue.
>
> On a sidenote, I was earlier running openldap and migrated over to 
> Freeipa,
>
> Thanks
> Rakesh
>
>
>
> On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek <pspacek at redhat.com 
> <mailto:pspacek at redhat.com>> wrote:
>
>     On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
>     > I think thers something seriously wrong with my system
>     >
>     > not able to run any  IPA commands
>     >
>     > klist
>     > Ticket cache: KEYRING:persistent:0:0
>     > Default principal: admin at XYZ.COM <mailto:admin at XYZ.COM>
>     >
>     > Valid starting       Expires              Service principal
>     > 2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/XYZ.COM at XYZ.COM
>     <mailto:XYZ.COM at XYZ.COM>
>     >
>     >
>     > [root at prod-ipa-master-1a :~] ipactl status
>     > Directory Service: RUNNING
>     > krb5kdc Service: RUNNING
>     > kadmin Service: RUNNING
>     > ipa_memcached Service: RUNNING
>     > httpd Service: RUNNING
>     > pki-tomcatd Service: RUNNING
>     > ipa-otpd Service: RUNNING
>     > ipa: INFO: The ipactl command was successful
>     >
>     >
>     >
>     > [root at prod-ipa-master :~] ipa user-find p-testuser
>     > ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor
>     code may
>     > provide more information', 851968)/("Cannot contact any KDC for
>     realm '
>     > XYZ.COM <http://XYZ.COM>'", -1765328228)
>

Hi Rakesh,

    Having a reproducible test case would you rerun the command above.
    During its processing you may monitor DS process load (top). If it
    is high, you may get some pstacks of it.
    Also would you attach the part of DS access logs taken during the
    command.

    regards
    thierry

>     >
>
>     This is weird because the server seems to be up.
>
>     Please follow
>     http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>     <http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos>
>
>     Petr^2 Spacek
>
>     >
>     >
>     > Thanks
>     >
>     > Rakesh
>     >
>     > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
>     > rakesh.rajasekharan at gmail.com
>     <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>     >
>     >> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
>     >>
>     >> But, the hang is still there. though I dont see the sigfault now
>     >>
>     >>
>     >>
>     >>
>     >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
>     >> rakesh.rajasekharan at gmail.com
>     <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>     >>
>     >>> My disk was getting filled too fast
>     >>>
>     >>> logs under /var/log/dirsrv was coming around 5 gb quickly
>     filling up
>     >>>
>     >>> Is there a way to make the logging less verbose
>     >>>
>     >>>
>     >>>
>     >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek
>     <pspacek at redhat.com <mailto:pspacek at redhat.com>> wrote:
>     >>>
>     >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>     >>>>> I was able to fix that may be temporarily... when i checked the
>     >>>> network..
>     >>>>> there was another process that was running and consuming a
>     lot of
>     >>>> network (
>     >>>>> i have no idea who did that. I need to seriously start
>     restricting
>     >>>> people
>     >>>>> access to this machine )
>     >>>>>
>     >>>>> after killing that perfomance improved drastically
>     >>>>>
>     >>>>> But now, suddenly I started experiencing the same hang.
>     >>>>>
>     >>>>> This time , I gert the following error when checked dmesg
>     >>>>>
>     >>>>> [  301.236976] ns-slapd[3124]: segfault at 0 ip
>     00007f1de416951c sp
>     >>>>> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>     >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding
>     on port 88.
>     >>>>> Sending cookies.  Check SNMP counters.
>     >>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip
>     00007f533d82251c sp
>     >>>>> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>     >>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip
>     00007f6231eb951c sp
>     >>>>> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>     >>>>
>     >>>> Okay, this one is serious. The LDAP server crashed.
>     >>>>
>     >>>> 1. Make sure all your packages are up-to-date.
>     >>>>
>     >>>> Please see
>     >>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>     <http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d>
>     >>>> ebugging-crashes
>     >>>> for further instructions how to debug this.
>     >>>>
>     >>>> Petr^2 Spacek
>     >>>>
>     >>>>>
>     >>>>> and in /var/log/dirsrv/example-com/errors
>     >>>>>
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291138 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291139 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291140 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291141 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291142 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291143 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291144 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3291145 (rc: 32)
>     >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>     >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin -
>     delete_changerecord:
>     >>>> could
>     >>>>> not delete change record 3292734 (rc: 51)
>     >>>>>
>     >>>>>
>     >>>>> Can  i do something about this error.. I treid to restart
>     ipa a couple
>     >>>> of
>     >>>>> time but that did not help
>     >>>>>
>     >>>>> Thanks
>     >>>>> Rakesh
>     >>>>>
>     >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek
>     <pspacek at redhat.com <mailto:pspacek at redhat.com>>
>     >>>> wrote:
>     >>>>>
>     >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>     >>>>>>> I am running my set up on AWS cloud, and entropy is low at
>     around
>     >>>> 180 .
>     >>>>>>>
>     >>>>>>> I plan to increase it bu installing haveged . But, would
>     low entropy
>     >>>> by
>     >>>>>> any
>     >>>>>>> chance cause this issue of intermittent hang .
>     >>>>>>> Also, the hang is mostly observed when registering around
>     20 clients
>     >>>>>>> together
>     >>>>>>
>     >>>>>> Possibly, I'm not sure. If you want to dig into this, I
>     would do this:
>     >>>>>> 1. look what process hangs on client (using pstree command
>     or so)
>     >>>>>> $ pstree
>     >>>>>>
>     >>>>>> 2. look to what server and port is the hanging client
>     connected to
>     >>>>>> $ lsof -p <PID of the hanging process>
>     >>>>>>
>     >>>>>> 3. jump to server and see what process is bound to the
>     target port
>     >>>>>> $ netstat -pn
>     >>>>>>
>     >>>>>> 4. see where the process if hanging
>     >>>>>> $ strace -p <PID of the hanging process>
>     >>>>>>
>     >>>>>> I hope it helps.
>     >>>>>>
>     >>>>>> Petr^2 Spacek
>     >>>>>>
>     >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>     >>>>>>> rakesh.rajasekharan at gmail.com
>     <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>     >>>>>>>
>     >>>>>>>> yes there seems to be something thats worrying.. I have
>     faced this
>     >>>> today
>     >>>>>>>> as well.
>     >>>>>>>> There are few hosts around 280 odd left and when i try
>     adding them
>     >>>> to
>     >>>>>> IPA
>     >>>>>>>> , the slowness begins..
>     >>>>>>>>
>     >>>>>>>> all the ipa commands like ipa user-find.. etc becomes
>     very slow in
>     >>>>>>>> responding.
>     >>>>>>>>
>     >>>>>>>> the SYNC_RECV are not many though just around 80-90 and
>     today that
>     >>>> was
>     >>>>>>>> around 20 only
>     >>>>>>>>
>     >>>>>>>>
>     >>>>>>>> I have for now increased tcp_max_syn_backlog to 5000.
>     >>>>>>>> For now the slowness seems to have gone.. but I will do a try
>     >>>> adding the
>     >>>>>>>> clients again tomorrow and see how it goes
>     >>>>>>>>
>     >>>>>>>> Thanks
>     >>>>>>>> Rakesh
>     >>>>>>>>
>     >>>>>>>> The issues
>     >>>>>>>>
>     >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek
>     <pspacek at redhat.com <mailto:pspacek at redhat.com>>
>     >>>>>> wrote:
>     >>>>>>>>
>     >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>     >>>>>>>>>> Hi
>     >>>>>>>>>>
>     >>>>>>>>>> I am migrating to freeipa from openldap and have around
>     4000
>     >>>> clients
>     >>>>>>>>>>
>     >>>>>>>>>> I had openned a another thread on that, but chose to
>     start a new
>     >>>> one
>     >>>>>>>>> here
>     >>>>>>>>>> as its a separate issue
>     >>>>>>>>>>
>     >>>>>>>>>> I was able to change the nssslapd-maxdescriptors adding
>     an ldif
>     >>>> file
>     >>>>>>>>>>
>     >>>>>>>>>> cat nsslapd-modify.ldif
>     >>>>>>>>>> dn: cn=config
>     >>>>>>>>>> changetype: modify
>     >>>>>>>>>> replace: nsslapd-maxdescriptors
>     >>>>>>>>>> nsslapd-maxdescriptors: 17000
>     >>>>>>>>>>
>     >>>>>>>>>> and running the ldapmodify command
>     >>>>>>>>>>
>     >>>>>>>>>> I have now started moving clients running an openldap
>     to Freeipa
>     >>>> and
>     >>>>>>>>> have
>     >>>>>>>>>> today moved close to 2000 clients
>     >>>>>>>>>>
>     >>>>>>>>>> However, I have noticed that IPA hangs intermittently.
>     >>>>>>>>>>
>     >>>>>>>>>> running a kinit admin returns the below error
>     >>>>>>>>>> kinit: Generic error (see e-text) while getting initial
>     >>>> credentials
>     >>>>>>>>>>
>     >>>>>>>>>> from the /var/log/messages, I see this entry
>     >>>>>>>>>>
>     >>>>>>>>>> prod-ipa-master-int kernel: [104090.315801] TCP:
>     >>>> request_sock_TCP:
>     >>>>>>>>>> Possible SYN flooding on port 88. Sending cookies. 
>     Check SNMP
>     >>>>>> counters.
>     >>>>>>>>>
>     >>>>>>>>> I would be worried about this message. Maybe
>     kernel/firewall is
>     >>>> doing
>     >>>>>>>>> something fishy behind your back and blocking some
>     connections or
>     >>>> so.
>     >>>>>>>>>
>     >>>>>>>>> Petr^2 Spacek
>     >>>>>>>>>
>     >>>>>>>>>
>     >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started
>     Session
>     >>>> 4885
>     >>>>>> of
>     >>>>>>>>>> user root.
>     >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]:
>     Starting Session
>     >>>> 4885
>     >>>>>> of
>     >>>>>>>>>> user root.
>     >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started
>     Session
>     >>>> 4886
>     >>>>>> of
>     >>>>>>>>>> user root.
>     >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]:
>     Starting Session
>     >>>> 4886
>     >>>>>> of
>     >>>>>>>>>> user root.
>     >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]:
>     ansible-command
>     >>>>>>>>> Invoked
>     >>>>>>>>>> with creates=None executable=None shell=True args=
>     removes=None
>     >>>>>>>>> warn=True
>     >>>>>>>>>> chdir=None
>     >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>     >>>> Unspecified
>     >>>>>>>>> GSS
>     >>>>>>>>>> failure.  Minor code may provide more information (KDC
>     returned
>     >>>> error
>     >>>>>>>>>> string: PROCESS_TGS)
>     >>>>>>>>>>
>     >>>>>>>>>> Could it be possible that its due to the initial load
>     of adding
>     >>>> the
>     >>>>>>>>> clients
>     >>>>>>>>>> or is there something else that I need to take care of.
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/7a38b25e/attachment.htm>

From th at casalogic.dk  Thu Aug 25 09:30:52 2016
From: th at casalogic.dk (Troels Hansen)
Date: Thu, 25 Aug 2016 11:30:52 +0200 (CEST)
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <20160825084820.GB30315@10.4.128.1>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
	<260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
	<20160825084820.GB30315@10.4.128.1>
Message-ID: <1042341051.13710.1472117452652.JavaMail.zimbra@casalogic.dk>

Hmm, adding the CentOS SSSD 1.14 copr repo and running yum upgrade, getting a version 1.14.1, clean cache DB (complaing about cache being old version), I can getent users, but log log in for no obvious reason (system error in secure.log).

Downgrading to official RHEL 7.2 SSSD-1.13 restores logging in. 

----- On Aug 25, 2016, at 10:48 AM, Lukas Slebodnik lslebodn at redhat.com wrote:

> On (25/08/16 10:05), Troels Hansen wrote:
>>Hmm, seems waiting for RHEL 7.3 and SSSD 1.14 will solve this problem....
>>
>>https://fedorahosted.org/sssd/ticket/2919
>>
> Meanwhile, you can test upstream version
> https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-14/
> 
> LS

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.



From jhrozek at redhat.com  Thu Aug 25 09:50:43 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 25 Aug 2016 11:50:43 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <1042341051.13710.1472117452652.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
	<260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
	<20160825084820.GB30315@10.4.128.1>
	<1042341051.13710.1472117452652.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160825095043.b3vxi5ezw33kk5ti@hendrix>

On Thu, Aug 25, 2016 at 11:30:52AM +0200, Troels Hansen wrote:
> Hmm, adding the CentOS SSSD 1.14 copr repo and running yum upgrade, getting a version 1.14.1, clean cache DB (complaing about cache being old version), I can getent users, but log log in for no obvious reason (system error in secure.log).
> 
> Downgrading to official RHEL 7.2 SSSD-1.13 restores logging in. 

Please send some logs..



From bahanw042014 at gmail.com  Thu Aug 25 14:41:51 2016
From: bahanw042014 at gmail.com (bahan w)
Date: Thu, 25 Aug 2016 16:41:51 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <57BEA8DF.7070006@redhat.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
	<265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
	<CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
	<57BEA8DF.7070006@redhat.com>
Message-ID: <CAMJtub+H2RewDB_vef17J9=3bthWs98=h-Ytm+xxiJNTUXjJ_w@mail.gmail.com>

Hello everyone.

Could you explain to me about this field Sent/Skipped please ?

I checked the doc and found this :
###

Sent/Skipped :

The number of changes that were sent from the supplier and the number
skipped in the replication update. The numbers are kept in suppliers?
memory only and are cleared if the supplier is restarted.
###

If I check the first part :
###
Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
Replica ID: 4
Replica Root: dc=<REALM>
Max CSN: 57bdcd36000100040000 (08/24/2016 18:37:10 1 0)
Receiver: <MASTER UNSYNC>:389 ldap://<MASTER UNSYNC>:389/
Type: master
Time Lag: 0:00:00
Max CSN: 57bdcd36000100040000 (08/24/2016 18:37:10 1 0)
Last Modify Time: 8/24/2016 18:36:32
Supplier: <MASTER OK>:389
Sent/Skipped: 182110 / 1054
Update Status: 0 Replica acquired successfully: Incremental update succeeded
Update Started: 08/24/2016 18:36:32
Update Ended: 08/24/2016 18:36:34
Schedule: always in sync
SSL: SASL/GSSAPI
###

This is the replication from the MASTER OK (the supplier) to the MASTER
UNSYNC (the receiver), right ?
So, the MASTER OK sent 182110 changes.
And in addition to these 182110 changes, 1054 changes were sent to the
MASTER UNSYNC but skipped by the MASTER UNSYNC, right ?
Why are they skipped ?

In the other side, if I take the second part :
###
Master: <MASTER UNSYNC>:389 ldap://<MASTER UNSYNC>:389/
Replica ID: 3
Replica Root: dc=<REALM>
Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
Type: master
Time Lag: - 0:22:29
Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
Last Modify Time: 8/24/2016 17:07:34
Supplier: <MASTER UNSYNC>:389
Sent/Skipped: 3 / 9048655
Update Status: 0 Replica acquired successfully: Incremental update succeeded
Update Started: 08/24/2016 18:36:33
Update Ended: 08/24/2016 18:36:34
Schedule: always in sync
SSL: SASL/GSSAPI
###

The supplier is the MASTER UNSYNC and the receiver is the MASTER OK.
In this case I have only 3 changes sent.
And in addition to these 3 changes, 9 048 655 changes were sent but skipped
on the MASTER OK, right ?

I ask these questions just to be sure I understand right the return of the
pl script.


Best regards.

Bahan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/cd22256b/attachment.htm>

From rene.trippen at gmail.com  Thu Aug 25 15:24:16 2016
From: rene.trippen at gmail.com (Rene Trippen)
Date: Thu, 25 Aug 2016 17:24:16 +0200
Subject: [Freeipa-users] Migrate users with password from one IPA to another
Message-ID: <CAOXtQj=RT+8yZMgWxkXY-hWHmQqt-D-2ef8rH3qTqfiY7aUc-A@mail.gmail.com>

Hi,

I`ve got an IPA with a broken CA infrastructure (don`t know what happened,
but new clients cannot be registered)
It is even not possible to setup a new replica.
So, I wanted to setup a new IPA Server with new CA, and I want to move all
users with their passwords to the new IPA instance.
I`ve tried with 'ipa migrate-ds'

ipa migrate-ds --continue --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
--group-overwrite-gid --with-compat ldap://<ldapserver>

The output is OK
=======
Passwords have been migrated in pre-hashed format.
IPA is unable to generate Kerberos keys unless provided
with clear text passwords. All migrated users need to
login at https://your.domain/ipa/migration/ before they
can use their Kerberos accounts.
========

But  the ipa/migration website is not working for me.
Anyway, is there a way to export the users with passwords? I think I have
to export some kerberos specific stuff from the old IPA?

Best regards,
Rene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/09804e89/attachment.htm>

From lkrispen at redhat.com  Thu Aug 25 16:09:18 2016
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Thu, 25 Aug 2016 18:09:18 +0200
Subject: [Freeipa-users] Two masters and one of them is desynchronized
In-Reply-To: <CAMJtub+H2RewDB_vef17J9=3bthWs98=h-Ytm+xxiJNTUXjJ_w@mail.gmail.com>
References: <CAMJtubJ7+bXS7CxMRWQ6zWVYWjJkS3N_fEb9WE3cVNz=u0beSA@mail.gmail.com>
	<CAMJtubLcsrem20vJ-TH838Ro05_x-1QBhnvNKYkgZuKegd8Mow@mail.gmail.com>
	<CAMJtubLG-e7epOV90cSFp=+nhG2BEjsmqu6jTGnoptWeCWyeDg@mail.gmail.com>
	<CAMJtub+ixbUoivV+q_wGQpUx5DxOmsBVkPZB2a_dUKGH8xKnrQ@mail.gmail.com>
	<CAMJtub+_Qi+gHU7mxW2-8h4qVdes26bZUbhaoDs8LzvTLsFh8g@mail.gmail.com>
	<1cadf7af-0064-8c34-6a47-2942c642b004@redhat.com>
	<CAMJtubJSuEAzD-nkxZ0hKX-h8QqqES3eU9KHdfT6pgU_1eySBw@mail.gmail.com>
	<CAMJtubJ0jcYp6vmegBKncrk+odkoCaDGLhk+hZ1-RvToY80pNw@mail.gmail.com>
	<265b4281-f53a-1340-42f2-87e26cfe5aad@redhat.com>
	<CAMJtub+hW+2pOBdqz1BANM4yXBfx0-70DVhS7_wgMV0_ZOCK-A@mail.gmail.com>
	<57BEA8DF.7070006@redhat.com>
	<CAMJtub+H2RewDB_vef17J9=3bthWs98=h-Ytm+xxiJNTUXjJ_w@mail.gmail.com>
Message-ID: <57BF182E.7030608@redhat.com>


On 08/25/2016 04:41 PM, bahan w wrote:
>
> Hello everyone.
>
> Could you explain to me about this field Sent/Skipped please ?
if replication is enabled all changes on a server are logged into the 
changelog -changes coming from clients and internal changes (eg mmeberof 
update, passwordpolocy updates, lstlogin time ...).
In the replication agreement you can configure attributes for which 
changes are not replicated (keep them local) - and IPA uses this feature 
eg for krblastlogintime.

Looking at the replication traffic your monitoring shows, I think most 
of the "real" updates are going to one server and most of the clients 
triggering internal updates are going to the other. This makes 
replciation in one direction "normal" and in the other fractional. The 
problem with fractional is that the determined staring point for a 
replciation session can b every far behind and it again and again 
iterates over the same changes until finally an update which is not 
skipped is found.

There are some options to improve this:
- upgarde to a newer version, teh DS will automatically generate updates 
to a "keep alive" entry, so that the sequences of skipped changes get 
much smaller
- do it yourself by regularily applying a dummy update on the 
problematic server which will be replicated
- check configuration if writing the internal mods can be avoided, I 
think there is an option not to log krblastlogin

>
> I checked the doc and found this :
> ###
>
> Sent/Skipped :
>
> 	
>
> The number of changes that were sent from the supplier and the number 
> skipped in the replication update. The numbers are kept in suppliers? 
> memory only and are cleared if the supplier is restarted.
>
> ###
>
> If I check the first part :
> ###
> Master: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Replica ID: 4
> Replica Root: dc=<REALM>
> Max CSN: 57bdcd36000100040000 (08/24/2016 18:37:10 1 0)
> Receiver: <MASTER UNSYNC>:389 ldap://<MASTER UNSYNC>:389/
> Type: master
> Time Lag: 0:00:00
> Max CSN: 57bdcd36000100040000 (08/24/2016 18:37:10 1 0)
> Last Modify Time: 8/24/2016 18:36:32
> Supplier: <MASTER OK>:389
> Sent/Skipped: 182110 / 1054
> Update Status: 0 Replica acquired successfully: Incremental update 
> succeeded
> Update Started: 08/24/2016 18:36:32
> Update Ended: 08/24/2016 18:36:34
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> This is the replication from the MASTER OK (the supplier) to the 
> MASTER UNSYNC (the receiver), right ?
> So, the MASTER OK sent 182110 changes.
> And in addition to these 182110 changes, 1054 changes were sent to the 
> MASTER UNSYNC but skipped by the MASTER UNSYNC, right ?
> Why are they skipped ?
>
> In the other side, if I take the second part :
> ###
> Master: <MASTER UNSYNC>:389 ldap://<MASTER UNSYNC>:389/
> Replica ID: 3
> Replica Root: dc=<REALM>
> Max CSN: 57bdbda1000000030000 (08/24/2016 17:30:41)
> Receiver: <MASTER OK>:389 ldap://<MASTER OK>:389/
> Type: master
> Time Lag: - 0:22:29
> Max CSN: 57bdb85c000000030000 (08/24/2016 17:08:12)
> Last Modify Time: 8/24/2016 17:07:34
> Supplier: <MASTER UNSYNC>:389
> Sent/Skipped: 3 / 9048655
> Update Status: 0 Replica acquired successfully: Incremental update 
> succeeded
> Update Started: 08/24/2016 18:36:33
> Update Ended: 08/24/2016 18:36:34
> Schedule: always in sync
> SSL: SASL/GSSAPI
> ###
>
> The supplier is the MASTER UNSYNC and the receiver is the MASTER OK.
> In this case I have only 3 changes sent.
> And in addition to these 3 changes, 9 048 655 changes were sent but 
> skipped on the MASTER OK, right ?
>
> I ask these questions just to be sure I understand right the return of 
> the pl script.
>
>
> Best regards.
>
> Bahan

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/901224eb/attachment.htm>

From nharrington at i-neda.com  Thu Aug 25 16:11:29 2016
From: nharrington at i-neda.com (Neal Harrington | i-Neda Ltd)
Date: Thu, 25 Aug 2016 16:11:29 +0000
Subject: [Freeipa-users] Slow logins with multi site replication
In-Reply-To: <mailman.18734.1470138748.3910.freeipa-users@redhat.com>
References: <mailman.18734.1470138748.3910.freeipa-users@redhat.com>
Message-ID: <HE1PR0601MB21080891D356C0985B7668848DED0@HE1PR0601MB2108.eurprd06.prod.outlook.com>

> > Hi,

> >
> > I am experiencing slow logins and sudo authentication for servers joined to my FreeIPA domain. I have been following the other recent thread on slow logins and believe my issue is different.
> >
> > I have replication setup with 2 FreeIPA servers at each of 3 sites. The replication is working well and I am able to login correctly on client servers with correct sudo permissions etc. Logins seem to take a long time however. There seems to be some kind of DNS/connection timeout issues, see the example below where the client times out on the auth01 server, then retries and connects. I have also seen it switch to an alternate IPA server on timeout. Total delay in this example is about 10 seconds however it can take longer (approx 30 seconds). It is worth mentioning that client servers in each site cannot connect to IPA servers is a different site - however in the example below the auth01 IPA server is in the same site as the client server. I'm not sure if there is any way to make the IPA clients site aware so they prefer to log in to a local server?
> >
> >
> > On the IPA servers themselves there is no noticeable delay and once I have authenticated with sudo once, subsequent attempts in the same login are also near instant. I have not been able to find any reason for this delay in any logs (which probably just means I'm not looking in the right place).
> >
> >
> > DNS servers are running on each IPA server and responding well whenever I have tested.
> >
> >
> > IPA Servers: CentOS 7.2.1511 running IPA 4.2.0 (from standard CentOS repo)
> >
> > Client servers: Ubuntu 14.04 running IPA 3.3.4 (From standard Ubuntu repo)
> >
> >
> > Any comments or suggestions greatly appreciated.
> >
> >
> > Thanks,
> >
> > Neal.
> >
> >
> > Example sssd log for a "sudo -l" attempt.
> >
> > (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_child_timeout]
> > (0x0040): Timeout for child [7430] reached. In case KDC is distant or
> > network is slow you may consider increasing value of krb5_auth_timeout.
> > (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_auth_done] (0x0020):
> > child timed out!
>
> These debug messages seem to be telling you what the problem is. Have
> you tried how long does it take to kinit (preferably with
> KRB5_TRACE=/dev/stderr prepended) ?

Hi Jakub,

Thanks for your response and sorry for my delay in replying. kinit takes between 2 and 25 seconds to complete - the KRB5_TRACE option shows it trying a random auth server, timing out and trying another random server until it picks a local server which then completes almost immediately. This seems to confirm that the problem is simply the server tries to authenticate against a FreeIPA server that is unreachable and times out causing the randomly slow logins. Given 6 auth servers with only 2 on each site there is a ~ 10% chance of hitting 3 bad servers in a row before login succeeds - if each takes 20 seconds that would explain the random login times of a few sec - 1 minute.

If I enter the local kdc servers manually in the realm section of krb5.conf then ssh logins always happen in < 2sec - however I would prefer to avoid the manual step of configuring and updating this (planning to expand out to a few hundred servers over 4-5 sites). Manually setting these is likely to lead to mistakes and it just feels inelegant compared to DNS SRV records.

I have seen https://www.freeipa.org/page/V4/DNS_Location_Mechanism which looks good but is a proposal from 2013 with no indications that it has actually been developed. I was also very interested by https://www.freeipa.org/page/Howto/IPA_locations which would be perfect - except the "ipa location-add" commands do not seem to be recognised by my FreeIPA installs.

Am I missing a better way to handle the case of multiple locations with clients in Location A being unable to authenticate against FreeIPA servers at location B?

Any suggestions greatly appreciated.

Thanks,
Neal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/a8e3a541/attachment.htm>

From rcritten at redhat.com  Thu Aug 25 17:41:58 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 25 Aug 2016 13:41:58 -0400
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
	<55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
Message-ID: <57BF2DE6.3080102@redhat.com>

Ian Harding wrote:
>
>
> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>> Ian Harding wrote:
>>> I tried to simply uninstall and reinstall freeipa-dal and this happened.
>>>
>>> It only had a replication agreement with freeipa-sea
>>>
>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>
>>> This is a NON REVERSIBLE operation and will delete all data and
>>> configuration!
>>>
>>> Are you sure you want to continue with the uninstall procedure? [no]: yes
>>> Shutting down all IPA services
>>> Removing IPA client configuration
>>> Unconfiguring ntpd
>>> Configuring certmonger to stop tracking system certificates for KRA
>>> Configuring certmonger to stop tracking system certificates for CA
>>> Unconfiguring CA
>>> Unconfiguring named
>>> Unconfiguring ipa-dnskeysyncd
>>> Unconfiguring web server
>>> Unconfiguring krb5kdc
>>> Unconfiguring kadmin
>>> Unconfiguring directory server
>>> Unconfiguring ipa_memcached
>>> Unconfiguring ipa-otpd
>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>
>>> This is a NON REVERSIBLE operation and will delete all data and
>>> configuration!
>>>
>>> Are you sure you want to continue with the uninstall procedure? [no]: yes
>>>
>>> WARNING: Failed to connect to Directory Server to find information about
>>> replication agreements. Uninstallation will continue despite the possible
>>> existing replication agreements.
>>> Shutting down all IPA services
>>> Removing IPA client configuration
>>> Configuring certmonger to stop tracking system certificates for KRA
>>> Configuring certmonger to stop tracking system certificates for CA
>>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>> Directory Manager (existing master) password:
>>>
>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>> You should remove it before proceeding:
>>>       % ipa host-del freeipa-dal.bpt.rocks
>>> [root at freeipa-dal ianh]#
>>>
>>> So I tried to delete it again with --force
>>>
>>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>>> freeipa-dal.bpt.rocks
>>> Directory Manager password:
>>>
>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>> 'freeipa-dal.bpt.rocks'
>>> [root at freeipa-sea ianh]#
>>>
>>> Can't delete it from the master server either
>>>
>>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>> disabled
>>>
>>>
>>> Now what?  I'm running out of things that work.
>>
>> Not sure what version of IPA you have but try:
>>
>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>
>> If this had a CA on it then you'll want to ensure that any replication
>> agreements it had have been removed as well.
>>
>> rob
>>
>
> It turns out I'm not smart enough to untangle this mess.
>
> Is there any way to kind of start over?  I managed to delete and
> recreate a couple replicas but the problems (obsolete ruv as far as I
> can tell) carry on with the new replicas.  They won't even replicate
> back to the master they were created from.

Once you have the right version of 389-ds then then cleanruv tasks work 
a lot better. What version are you running now?

> Basically, is there a way to do a fresh install of FreeIPA server, and
> do a dump/restore of data from my existing messed up install?

Not really, no. You can migrate IPA to IPA but only users and groups and 
you lose private groups for existing users (they become regular POSIX 
groups).

rob



From rcritten at redhat.com  Thu Aug 25 17:44:44 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 25 Aug 2016 13:44:44 -0400
Subject: [Freeipa-users] Migrate users with password from one IPA to
 another
In-Reply-To: <CAOXtQj=RT+8yZMgWxkXY-hWHmQqt-D-2ef8rH3qTqfiY7aUc-A@mail.gmail.com>
References: <CAOXtQj=RT+8yZMgWxkXY-hWHmQqt-D-2ef8rH3qTqfiY7aUc-A@mail.gmail.com>
Message-ID: <57BF2E8C.80800@redhat.com>

Rene Trippen wrote:
> Hi,
>
> I`ve got an IPA with a broken CA infrastructure (don`t know what
> happened, but new clients cannot be registered)
> It is even not possible to setup a new replica.

It may be fairly straightforward to getting the CA back up. How is it 
broken?

> So, I wanted to setup a new IPA Server with new CA, and I want to move
> all users with their passwords to the new IPA instance.
> I`ve tried with 'ipa migrate-ds'
>
> ipa migrate-ds --continue --bind-dn="cn=Directory Manager"
> --user-container=cn=users,cn=accounts
> --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
> --group-overwrite-gid --with-compat ldap://<ldapserver>
>
> The output is OK
> =======
> Passwords have been migrated in pre-hashed format.
> IPA is unable to generate Kerberos keys unless provided
> with clear text passwords. All migrated users need to
> login at https://your.domain/ipa/migration/ before they
> can use their Kerberos accounts.
> ========
>
> But  the ipa/migration website is not working for me.
> Anyway, is there a way to export the users with passwords? I think I
> have to export some kerberos specific stuff from the old IPA?

The log file /var/log/httpd/error_log may have details on what isn't 
working.

The way to export users with passwords is the method you've already 
tried. To not have to change a password at all would require the same 
Kerberos master key and these are generated randomly at install time.

rob



From jgoddard at emerlyn.com  Thu Aug 25 18:01:24 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 25 Aug 2016 14:01:24 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<CA+No-6Ey704zdsAovTiC9rrVcpkkk_bjChhRoebpcavR44hQBA@mail.gmail.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
	<CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
	<4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
Message-ID: <CA+No-6GBJwQP2nut-=MfgOozfb7i2iF=eFtdBu3_TUuwMiqdxg@mail.gmail.com>

I'm still hoping someone can offer additional help. I see in the apt
term.log these errors when downloading the freeipa-client package. Could
this be the problem?

Creating SSSD system user & group...
adduser: Warning: The home directory `/var/lib/sss' does not belong to the
user you are currently creating.
Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing
complain mode
Warning failed to create cache: usr.sbin.sssd
Job for sssd.service failed because the control process exited with error
code. See "systemctl status sssd.service" and "journalctl -xe" for details.
sssd.service couldn't start.
Setting up sssd-ad-common (1.13.4-1ubuntu1) ...
Setting up sssd-krb5-common (1.13.4-1ubuntu1) ...
Setting up sssd-ad (1.13.4-1ubuntu1) ...
Setting up sssd-ipa (1.13.4-1ubuntu1) ...
Setting up sssd-krb5 (1.13.4-1ubuntu1) ...
Setting up sssd-ldap (1.13.4-1ubuntu1) ...
Setting up sssd-proxy (1.13.4-1ubuntu1) ...
Setting up sssd (1.13.4-1ubuntu1) ...
Setting up freeipa-client (4.3.1-0ubuntu1) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for dbus (1.10.6-1ubuntu3) ...
Log ended: 2016-08-25  13:49:53


On Sun, Aug 14, 2016 at 2:16 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> Hi Pavel, can you help us with this thread?
>
> > On 12 Aug 2016, at 21:57, Jeff Goddard <jgoddard at emerlyn.com> wrote:
> >
> >
> >
> > On Fri, Aug 12, 2016 at 3:53 PM, Justin Stephenson <jstephen at redhat.com>
> wrote:
> > In the CentOS/RHEL 7 version of sssd, a NIS netgroup is created
> automatically in the IPA compat tree under 'cn=ng,cn=compat,$suffix'
> because sudo has no understanding of hostgroups.
> >
> > You should be able to query this on a client with
> >       # getent netgroup office
> >
> > This should return nisNetgroupTriple for each host in the hostgroup
> >      (ipa-client-1.example.com,-,example.com) (ipa-client-2.example.com
> ,-,example.com)
> >
> > I would check this in your environment between working and non-working
> systems.
> > I believe in later versions of sssd they added IPA sudo schema support
> to eliminate the need for the compat tree so this could be related to the
> issue if newer ubuntu clients are not working but CentOS is working.
> >
> > What version of sssd are you running?
> > Kind regards,
> >
> > Justin Stephenson
> > On 08/12/2016 02:35 PM, Jeff Goddard wrote:
> >> I made the edit as suggested - removing nis and just leaving sss -
> restarted sssd and then re-tried. I also tried with files sss. Still
> getting the same result.
> >>
> >> Thanks,
> >>
> >> Jeff
> > The query returns the expect results:
> >
> >  getent netgroup office
> > office                (docker-dev-01.internal.emerlyn.com,-,internal.
> emerlyn.com) (docker-dev-02.internal.emerlyn.com,-,internal.emerlyn.com) (
> docker-dev-03.internal.emerlyn.com,-,internal.emerlyn.com) [more hosts]
> >
> > sssd version is 1.13.4
> >
> > Jeff
> >
> >
> >
>
>


Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/9713c196/attachment.htm>

From ianh at brownpapertickets.com  Thu Aug 25 18:04:47 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Thu, 25 Aug 2016 11:04:47 -0700
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <57BF2DE6.3080102@redhat.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
	<55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
	<57BF2DE6.3080102@redhat.com>
Message-ID: <44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>



On 08/25/2016 10:41 AM, Rob Crittenden wrote:
> Ian Harding wrote:
>>
>>
>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>> Ian Harding wrote:
>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>> happened.
>>>>
>>>> It only had a replication agreement with freeipa-sea
>>>>
>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>
>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>> configuration!
>>>>
>>>> Are you sure you want to continue with the uninstall procedure?
>>>> [no]: yes
>>>> Shutting down all IPA services
>>>> Removing IPA client configuration
>>>> Unconfiguring ntpd
>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>> Configuring certmonger to stop tracking system certificates for CA
>>>> Unconfiguring CA
>>>> Unconfiguring named
>>>> Unconfiguring ipa-dnskeysyncd
>>>> Unconfiguring web server
>>>> Unconfiguring krb5kdc
>>>> Unconfiguring kadmin
>>>> Unconfiguring directory server
>>>> Unconfiguring ipa_memcached
>>>> Unconfiguring ipa-otpd
>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>
>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>> configuration!
>>>>
>>>> Are you sure you want to continue with the uninstall procedure?
>>>> [no]: yes
>>>>
>>>> WARNING: Failed to connect to Directory Server to find information
>>>> about
>>>> replication agreements. Uninstallation will continue despite the
>>>> possible
>>>> existing replication agreements.
>>>> Shutting down all IPA services
>>>> Removing IPA client configuration
>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>> Configuring certmonger to stop tracking system certificates for CA
>>>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>> Directory Manager (existing master) password:
>>>>
>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>> You should remove it before proceeding:
>>>>       % ipa host-del freeipa-dal.bpt.rocks
>>>> [root at freeipa-dal ianh]#
>>>>
>>>> So I tried to delete it again with --force
>>>>
>>>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>>>> freeipa-dal.bpt.rocks
>>>> Directory Manager password:
>>>>
>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>> 'freeipa-dal.bpt.rocks'
>>>> [root at freeipa-sea ianh]#
>>>>
>>>> Can't delete it from the master server either
>>>>
>>>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>> disabled
>>>>
>>>>
>>>> Now what?  I'm running out of things that work.
>>>
>>> Not sure what version of IPA you have but try:
>>>
>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>
>>> If this had a CA on it then you'll want to ensure that any replication
>>> agreements it had have been removed as well.
>>>
>>> rob
>>>
>>
>> It turns out I'm not smart enough to untangle this mess.
>>
>> Is there any way to kind of start over?  I managed to delete and
>> recreate a couple replicas but the problems (obsolete ruv as far as I
>> can tell) carry on with the new replicas.  They won't even replicate
>> back to the master they were created from.
> 
> Once you have the right version of 389-ds then then cleanruv tasks work
> a lot better. What version are you running now?

1.3.4.0.  It's handcuffed to my CentOS 7 so I don't want to update it
outside the CentOS ecosystem.  What's the downside of upgrading it from
source or an RPM for a different flavor of RedHat derived Linux?

I'm a one-man band but I'd be interested in hearing a pitch from someone
who is super smart on this stuff for a working consulting gig and maybe
ongoing support.  Who would I talk to at RedHat about coming in from the
cold for full on corporate support?

Thanks!

> 
>> Basically, is there a way to do a fresh install of FreeIPA server, and
>> do a dump/restore of data from my existing messed up install?
> 
> Not really, no. You can migrate IPA to IPA but only users and groups and
> you lose private groups for existing users (they become regular POSIX
> groups).
> 
> rob
> 

-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From linov.suresh at gmail.com  Thu Aug 25 19:38:49 2016
From: linov.suresh at gmail.com (Linov Suresh)
Date: Thu, 25 Aug 2016 15:38:49 -0400
Subject: [Freeipa-users] KDC returned error string:
	NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <57BE045E.6020504@redhat.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
	<420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
	<CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>
	<57BE045E.6020504@redhat.com>
Message-ID: <CALdvvBOBz2U=Riqaf6W5XPHkvzOQQ1_B_FwJCieSBhzX7iRDMw@mail.gmail.com>

I ran  ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02  is
missing on both master and replica servers. Do we need to add IPA server 2,
ipa02 on both master and replica?

*[root at ipa01 ~]# ldapsearch -Y GSSAPI -H ldap://ipa01.teloip.net
<http://ipa01.teloip.net> -b "cn=s4u2proxy,cn=etc,dc=teloip,dc=net"*
SASL/GSSAPI authentication started
SASL username: admin at TELOIP.NET
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# s4u2proxy, etc, teloip.net
dn: cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: nsContainer
objectClass: top
cn: s4u2proxy

# ipa-http-delegation, s4u2proxy, etc, teloip.net
dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: ipaKrb5DelegationACL
objectClass: groupOfPrincipals
objectClass: top
ipaAllowedTarget:
cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
ipaAllowedTarget:
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
*memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
<ipa01.teloip.net at TELOIP.NET>*
cn: ipa-http-delegation

# ipa-cifs-delegation-targets, s4u2proxy, etc, teloip.net
dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: groupOfPrincipals
objectClass: top
cn: ipa-cifs-delegation-targets

# ipa-ldap-delegation-targets, s4u2proxy, etc, teloip.net
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: groupOfPrincipals
objectClass: top
*memberPrincipal: ldap/ipa01.teloip.net at TELOIP.NET
<ipa01.teloip.net at TELOIP.NET>*
cn: ipa-ldap-delegation-targets

# search result
search: 4
result: 0 Success

# numResponses: 5
# numEntries: 4
[root at ipa01 ~]#

*[root at ipa02 ~]# ldapsearch -Y GSSAPI -H ldap://ipa02.teloip.net
<http://ipa02.teloip.net> -b "cn=s4u2proxy,cn=etc,dc=teloip,dc=net"*
SASL/GSSAPI authentication started
SASL username: admin at TELOIP.NET
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# s4u2proxy, etc, teloip.net
dn: cn=s4u2proxy,cn=etc,dc=teloip,dc=net
cn: s4u2proxy
objectClass: nsContainer
objectClass: top

# ipa-http-delegation, s4u2proxy, etc, teloip.net
dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
cn: ipa-http-delegation
*memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
<ipa01.teloip.net at TELOIP.NET>*
ipaAllowedTarget:
cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
ipaAllowedTarget:
cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
objectClass: ipaKrb5DelegationACL
objectClass: groupOfPrincipals
objectClass: top

# ipa-cifs-delegation-targets, s4u2proxy, etc, teloip.net
dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
cn: ipa-cifs-delegation-targets
objectClass: groupOfPrincipals
objectClass: top

# ipa-ldap-delegation-targets, s4u2proxy, etc, teloip.net
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
cn: ipa-ldap-delegation-targets
*memberPrincipal: ldap/ipa01.teloip.net at TELOIP.NET
<ipa01.teloip.net at TELOIP.NET>*
objectClass: groupOfPrincipals
objectClass: top

# search result
search: 4
result: 0 Success

# numResponses: 5
# numEntries: 4
[root at ipa02 ~]#

Appreciate your help,

Linov Suresh.




On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Linov Suresh wrote:
>
>> Look like our issue is discussed here, and *is **missing one or more
>> memberPrincipal*.
>>
>> https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html
>>
>> When I tried to add the Principal, I'm getting error,
>>
>
> You didn't follow the instructions in the e-mail thread. The problem isn't
> a principal that doesn't exist, it is a principal not in the delegation
> list. Do the ldapsearch's and see what is missing (and you'll need to use
> -Y GSSAPI instead of -x) then add it using ldapmodify.
>
> Only under very specific circumstances would I ever recommend using
> kadmin.local.
>
> rob
>
>
>>
>> [root at ipa01 ~]# kadmin.local
>> Authenticating as principal admin/admin at TELOIP.NET
>> <mailto:admin at TELOIP.NET> with password.
>> kadmin.local:  addprinc -randkey HTTP/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>
>> WARNING: no policy specified for HTTP/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>; defaulting to no policy
>> add_principal: Principal or policy already exists while creating
>> "HTTP/ipa02.teloip.net at TELOIP.NET <mailto:ipa02.teloip.net at TELOIP.NET>"
>>
>> [root at ipa01 ~]# kadmin.local
>> Authenticating as principal admin/admin at TELOIP.NET
>> <mailto:admin at TELOIP.NET> with password.
>> kadmin.local:  addprinc -randkey ldap/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>
>> WARNING: no policy specified for ldap/ipa02.teloip.net at TELOIP.NET
>> <mailto:ipa02.teloip.net at TELOIP.NET>; defaulting to no policy
>> add_principal: Principal or policy already exists while creating
>> "ldap/ipa02.teloip.net at TELOIP.NET <mailto:ipa02.teloip.net at TELOIP.NET>".
>>
>> Could you please help us to fix the "*KDC returned error string:
>> NOT_ALLOWED_TO_DELEGATE*" error?
>>
>>
>> [root at caer ~]# kadmin.local
>> Authenticating as principal admin/admin at TELOIP.NET
>> <mailto:admin at TELOIP.NET> with password.
>> kadmin.local:  addprinc -randkey HTTP/neit.teloip.net at TELOIP.NET
>> <mailto:neit.teloip.net at TELOIP.NET>
>> WARNING: no policy specified for HTTP/neit.teloip.net at TELOIP.NET
>> <mailto:neit.teloip.net at TELOIP.NET>; defaulting to no policy
>> add_principal: Principal or policy already exists while creating
>> "HTTP/neit.teloip.net at TELOIP.NET <mailto:neit.teloip.net at TELOIP.NET>"
>>
>>
>>
>>
>>
>>
>> On Tue, Aug 16, 2016 at 7:58 AM, Martin Kosek <mkosek at redhat.com
>> <mailto:mkosek at redhat.com>> wrote:
>>
>>     On 08/16/2016 09:25 AM, Petr Spacek wrote:
>>     > On 15.8.2016 20:18, Linov Suresh wrote:
>>     >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
>>     >>
>>     >>
>>     >> We can only add the clients from IPA Server 01, not from IPA
>> Server 02.
>>     >> When I tried to add the client from IPA Server 02, getting the
>> error,
>>     >>
>>     >>
>>     >> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI
>> Error:
>>     >> Unspecified GSS failure.  Minor code may provide more information
>> (KDC
>>     >> returned error string: NOT_ALLOWED_TO_DELEGATE)
>>     >>
>>     >> SASL/GSSAPI authentication started
>>     >>
>>     >> SASL username:vpham at EXAMPLE.NET <mailto:vpham at EXAMPLE.NET>
>>     >>
>>     >> SASL SSF: 56
>>     >>
>>     >> SASL data security layer installed.
>>     >>
>>     >> ldap_modify: No such object (32)
>>     >>
>>     >>         additional info: Range Check error
>>     >>
>>     >> modifying entry "fqdn=cpe-5061747522f9.example.net <
>> http://cpe-5061747522f9.example.net>
>>     >> ,cn=computers,cn=accounts,dc=example,dc=net"
>>     >>
>>     >>
>>     >> Could you please help us to fix this?
>>     >
>>      > We need to see exact steps you did before we can give you any
>>     meaningful advice.
>>      >
>>      > Please have a look at
>>      > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>>     <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>
>>      >
>>      > It is a very nice document which describes general bug reporting
>>     procedure and
>>      > best practices.
>>      >
>>      > We will certainly have a look but we need first see the
>>     information :-)
>>      >
>>
>>     Also, using IPA on RHEL-6.4 is discouraged. This is a really old
>>     release and
>>     there are known issues (in cert renewals for example). Using at
>>     least RHEL-6.8
>>     or, even better, RHEL-7.2 is preferred and would help you avoid
>>     known issues
>>     and deficiencies (and the newer FreeIPA versions are way cooler
>> anyway).
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/3dc78c4a/attachment.htm>

From rcritten at redhat.com  Thu Aug 25 19:49:09 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 25 Aug 2016 15:49:09 -0400
Subject: [Freeipa-users] KDC returned error string:
 NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <CALdvvBOBz2U=Riqaf6W5XPHkvzOQQ1_B_FwJCieSBhzX7iRDMw@mail.gmail.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
	<420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
	<CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>
	<57BE045E.6020504@redhat.com>
	<CALdvvBOBz2U=Riqaf6W5XPHkvzOQQ1_B_FwJCieSBhzX7iRDMw@mail.gmail.com>
Message-ID: <57BF4BB5.2030407@redhat.com>

Linov Suresh wrote:
> I ran  ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02
>   is missing on both master and replica servers. Do we need to add IPA
> server 2, ipa02 on both master and replica?

No, it should replicate. I find it very strange that these are missing. 
I wonder what else wasn't setup when the replica was created.

In any case, this will add the entries:

# ldapmodify -Y GSSAPI
dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
changetype: modify
add: memberPrincipal
memberPrincipal: HTTP/ipa02.teloip.net at TELOIP.NET

^D

# ldapmodify -Y GSAPI
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
hangetype: modify
add: memberPrincipal
memberPrincipal: ldap/ipa02.teloip.net at TELOIP.NET

^D

rob
>
> *[root at ipa01 ~]# ldapsearch -Y GSSAPI -H ldap://ipa01.teloip.net
> <http://ipa01.teloip.net> -b "cn=s4u2proxy,cn=etc,dc=teloip,dc=net"*
> SASL/GSSAPI authentication started
> SASL username: admin at TELOIP.NET <mailto:admin at TELOIP.NET>
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base <cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # s4u2proxy, etc, teloip.net <http://teloip.net>
> dn: cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> objectClass: nsContainer
> objectClass: top
> cn: s4u2proxy
>
> # ipa-http-delegation, s4u2proxy, etc, teloip.net <http://teloip.net>
> dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> objectClass: ipaKrb5DelegationACL
> objectClass: groupOfPrincipals
> objectClass: top
> ipaAllowedTarget:
> cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> ipaAllowedTarget:
> cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> *memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
> <mailto:ipa01.teloip.net at TELOIP.NET>*
> cn: ipa-http-delegation
>
> # ipa-cifs-delegation-targets, s4u2proxy, etc, teloip.net
> <http://teloip.net>
> dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> objectClass: groupOfPrincipals
> objectClass: top
> cn: ipa-cifs-delegation-targets
>
> # ipa-ldap-delegation-targets, s4u2proxy, etc, teloip.net
> <http://teloip.net>
> dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> objectClass: groupOfPrincipals
> objectClass: top
> *memberPrincipal: ldap/ipa01.teloip.net at TELOIP.NET
> <mailto:ipa01.teloip.net at TELOIP.NET>*
> cn: ipa-ldap-delegation-targets
>
> # search result
> search: 4
> result: 0 Success
>
> # numResponses: 5
> # numEntries: 4
> [root at ipa01 ~]#
>
> *[root at ipa02 ~]# ldapsearch -Y GSSAPI -H ldap://ipa02.teloip.net
> <http://ipa02.teloip.net> -b "cn=s4u2proxy,cn=etc,dc=teloip,dc=net"*
> SASL/GSSAPI authentication started
> SASL username: admin at TELOIP.NET <mailto:admin at TELOIP.NET>
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base <cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # s4u2proxy, etc, teloip.net <http://teloip.net>
> dn: cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> cn: s4u2proxy
> objectClass: nsContainer
> objectClass: top
>
> # ipa-http-delegation, s4u2proxy, etc, teloip.net <http://teloip.net>
> dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> cn: ipa-http-delegation
> *memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
> <mailto:ipa01.teloip.net at TELOIP.NET>*
> ipaAllowedTarget:
> cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> ipaAllowedTarget:
> cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> objectClass: ipaKrb5DelegationACL
> objectClass: groupOfPrincipals
> objectClass: top
>
> # ipa-cifs-delegation-targets, s4u2proxy, etc, teloip.net
> <http://teloip.net>
> dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> cn: ipa-cifs-delegation-targets
> objectClass: groupOfPrincipals
> objectClass: top
>
> # ipa-ldap-delegation-targets, s4u2proxy, etc, teloip.net
> <http://teloip.net>
> dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> cn: ipa-ldap-delegation-targets
> *memberPrincipal: ldap/ipa01.teloip.net at TELOIP.NET
> <mailto:ipa01.teloip.net at TELOIP.NET>*
> objectClass: groupOfPrincipals
> objectClass: top
>
> # search result
> search: 4
> result: 0 Success
>
> # numResponses: 5
> # numEntries: 4
> [root at ipa02 ~]#
>
> Appreciate your help,
>
> Linov Suresh.
>
>
>
> On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Linov Suresh wrote:
>
>         Look like our issue is discussed here, and *is **missing one or more
>         memberPrincipal*.
>
>         https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html
>         <https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html>
>
>         When I tried to add the Principal, I'm getting error,
>
>
>     You didn't follow the instructions in the e-mail thread. The problem
>     isn't a principal that doesn't exist, it is a principal not in the
>     delegation list. Do the ldapsearch's and see what is missing (and
>     you'll need to use -Y GSSAPI instead of -x) then add it using
>     ldapmodify.
>
>     Only under very specific circumstances would I ever recommend using
>     kadmin.local.
>
>     rob
>
>
>
>         [root at ipa01 ~]# kadmin.local
>         Authenticating as principal admin/admin at TELOIP.NET
>         <mailto:admin at TELOIP.NET>
>         <mailto:admin at TELOIP.NET <mailto:admin at TELOIP.NET>> with password.
>         kadmin.local:  addprinc -randkey
>         HTTP/ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>
>         <mailto:ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>>
>         WARNING: no policy specified for
>         HTTP/ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>
>         <mailto:ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>>; defaulting to no policy
>         add_principal: Principal or policy already exists while creating
>         "HTTP/ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>
>         <mailto:ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>>"
>
>         [root at ipa01 ~]# kadmin.local
>         Authenticating as principal admin/admin at TELOIP.NET
>         <mailto:admin at TELOIP.NET>
>         <mailto:admin at TELOIP.NET <mailto:admin at TELOIP.NET>> with password.
>         kadmin.local:  addprinc -randkey
>         ldap/ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>
>         <mailto:ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>>
>         WARNING: no policy specified for
>         ldap/ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>
>         <mailto:ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>>; defaulting to no policy
>         add_principal: Principal or policy already exists while creating
>         "ldap/ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>
>         <mailto:ipa02.teloip.net at TELOIP.NET
>         <mailto:ipa02.teloip.net at TELOIP.NET>>".
>
>         Could you please help us to fix the "*KDC returned error string:
>         NOT_ALLOWED_TO_DELEGATE*" error?
>
>
>         [root at caer ~]# kadmin.local
>         Authenticating as principal admin/admin at TELOIP.NET
>         <mailto:admin at TELOIP.NET>
>         <mailto:admin at TELOIP.NET <mailto:admin at TELOIP.NET>> with password.
>         kadmin.local:  addprinc -randkey HTTP/neit.teloip.net at TELOIP.NET
>         <mailto:neit.teloip.net at TELOIP.NET>
>         <mailto:neit.teloip.net at TELOIP.NET
>         <mailto:neit.teloip.net at TELOIP.NET>>
>         WARNING: no policy specified for HTTP/neit.teloip.net at TELOIP.NET
>         <mailto:neit.teloip.net at TELOIP.NET>
>         <mailto:neit.teloip.net at TELOIP.NET
>         <mailto:neit.teloip.net at TELOIP.NET>>; defaulting to no policy
>         add_principal: Principal or policy already exists while creating
>         "HTTP/neit.teloip.net at TELOIP.NET
>         <mailto:neit.teloip.net at TELOIP.NET>
>         <mailto:neit.teloip.net at TELOIP.NET
>         <mailto:neit.teloip.net at TELOIP.NET>>"
>
>
>
>
>
>
>         On Tue, Aug 16, 2016 at 7:58 AM, Martin Kosek <mkosek at redhat.com
>         <mailto:mkosek at redhat.com>
>         <mailto:mkosek at redhat.com <mailto:mkosek at redhat.com>>> wrote:
>
>              On 08/16/2016 09:25 AM, Petr Spacek wrote:
>              > On 15.8.2016 20:18, Linov Suresh wrote:
>              >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
>              >>
>              >>
>              >> We can only add the clients from IPA Server 01, not from
>         IPA Server 02.
>              >> When I tried to add the client from IPA Server 02,
>         getting the error,
>              >>
>              >>
>              >> ipa: ERROR: Insufficient access: SASL(-1): generic
>         failure: GSSAPI Error:
>              >> Unspecified GSS failure.  Minor code may provide more
>         information (KDC
>              >> returned error string: NOT_ALLOWED_TO_DELEGATE)
>              >>
>              >> SASL/GSSAPI authentication started
>              >>
>              >> SASL username:vpham at EXAMPLE.NET
>         <mailto:username%3Avpham at EXAMPLE.NET> <mailto:vpham at EXAMPLE.NET
>         <mailto:vpham at EXAMPLE.NET>>
>              >>
>              >> SASL SSF: 56
>              >>
>              >> SASL data security layer installed.
>              >>
>              >> ldap_modify: No such object (32)
>              >>
>              >>         additional info: Range Check error
>              >>
>              >> modifying entry "fqdn=cpe-5061747522f9.example.net
>         <http://cpe-5061747522f9.example.net>
>         <http://cpe-5061747522f9.example.net
>         <http://cpe-5061747522f9.example.net>>
>              >> ,cn=computers,cn=accounts,dc=example,dc=net"
>              >>
>              >>
>              >> Could you please help us to fix this?
>              >
>               > We need to see exact steps you did before we can give
>         you any
>              meaningful advice.
>               >
>               > Please have a look at
>               > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>         <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>
>              <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>         <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>>
>               >
>               > It is a very nice document which describes general bug
>         reporting
>              procedure and
>               > best practices.
>               >
>               > We will certainly have a look but we need first see the
>              information :-)
>               >
>
>              Also, using IPA on RHEL-6.4 is discouraged. This is a
>         really old
>              release and
>              there are known issues (in cert renewals for example). Using at
>              least RHEL-6.8
>              or, even better, RHEL-7.2 is preferred and would help you avoid
>              known issues
>              and deficiencies (and the newer FreeIPA versions are way
>         cooler anyway).
>
>
>
>
>
>



From dsullivan2 at bsd.uchicago.edu  Thu Aug 25 18:30:22 2016
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [AAA])
Date: Thu, 25 Aug 2016 18:30:22 +0000
Subject: [Freeipa-users] Questions about 1.14 software bugs
Message-ID: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>

Hi, 

I feel like I?ve been warned at least twice that sssd 1.14 has some known regressions that make it unstable.  We?re in the process of rolling it out to our production environment (we can?t use 1.13 due to another issue); so far it seems pretty stable, although if possible I?d like any sort of highly informed advisement if it is really stupid or insane to move forward with 1.14.  Specifically, we are implementing 1.14.0-3.el6.

Similarly, is it safe to say that this is a comprehensive list of known issues or are there identified problems that aren?t documented in this report?

https://fedorahosted.org/sssd/report/2

Any advise or recommendation that an expert in sssd 1.14 could provide would be appreciated (as I said before so far it seems pretty stable).

Best,

Dan Sullivan

********************************************************************************
This e-mail is intended only for the use of the individual or entity to which
it is addressed and may contain information that is privileged and confidential.
If the reader of this e-mail message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this
communication is prohibited. If you have received this e-mail in error, please 
notify the sender and destroy all copies of the transmittal. 

Thank you
University of Chicago Medicine and Biological Sciences 
********************************************************************************



From linov.suresh at gmail.com  Thu Aug 25 20:14:58 2016
From: linov.suresh at gmail.com (Linov Suresh)
Date: Thu, 25 Aug 2016 16:14:58 -0400
Subject: [Freeipa-users] KDC returned error string:
	NOT_ALLOWED_TO_DELEGATE
In-Reply-To: <57BF4BB5.2030407@redhat.com>
References: <CALdvvBMnHqmhSiwM=d5Ytkg-0qCJckj_vyy4AX_CxQFS3A6=Mw@mail.gmail.com>
	<646a296b-fef9-973c-fc81-c0175be09efd@redhat.com>
	<420ec5e1-8b44-17a4-6a56-f71a4809872e@redhat.com>
	<CALdvvBMvBopHNjsTBiWVZcU07f94i3iz672Ubsim5y3Pt3UTvQ@mail.gmail.com>
	<57BE045E.6020504@redhat.com>
	<CALdvvBOBz2U=Riqaf6W5XPHkvzOQQ1_B_FwJCieSBhzX7iRDMw@mail.gmail.com>
	<57BF4BB5.2030407@redhat.com>
Message-ID: <CALdvvBOkCceg12_fgT7=rruDp-SARiZZZhfkv3y=L3c=-bvjNA@mail.gmail.com>

Great! That worked.
Thank you so much Rob. Your help is highly appreciated.

On Thu, Aug 25, 2016 at 3:49 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Linov Suresh wrote:
>
>> I ran  ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02
>>   is missing on both master and replica servers. Do we need to add IPA
>> server 2, ipa02 on both master and replica?
>>
>
> No, it should replicate. I find it very strange that these are missing. I
> wonder what else wasn't setup when the replica was created.
>
> In any case, this will add the entries:
>
> # ldapmodify -Y GSSAPI
> dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> changetype: modify
> add: memberPrincipal
> memberPrincipal: HTTP/ipa02.teloip.net at TELOIP.NET
>
> ^D
>
> # ldapmodify -Y GSAPI
> dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
> hangetype: modify
> add: memberPrincipal
> memberPrincipal: ldap/ipa02.teloip.net at TELOIP.NET
>
> ^D
>
> rob
>
>>
>> *[root at ipa01 ~]# ldapsearch -Y GSSAPI -H ldap://ipa01.teloip.net
>> <http://ipa01.teloip.net> -b "cn=s4u2proxy,cn=etc,dc=teloip,dc=net"*
>> SASL/GSSAPI authentication started
>> SASL username: admin at TELOIP.NET <mailto:admin at TELOIP.NET>
>> SASL SSF: 56
>> SASL data security layer installed.
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # s4u2proxy, etc, teloip.net <http://teloip.net>
>> dn: cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> objectClass: nsContainer
>> objectClass: top
>> cn: s4u2proxy
>>
>> # ipa-http-delegation, s4u2proxy, etc, teloip.net <http://teloip.net>
>> dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> objectClass: ipaKrb5DelegationACL
>> objectClass: groupOfPrincipals
>> objectClass: top
>> ipaAllowedTarget:
>> cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> ipaAllowedTarget:
>> cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> *memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
>> <mailto:ipa01.teloip.net at TELOIP.NET>*
>> cn: ipa-http-delegation
>>
>> # ipa-cifs-delegation-targets, s4u2proxy, etc, teloip.net
>> <http://teloip.net>
>> dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> objectClass: groupOfPrincipals
>> objectClass: top
>> cn: ipa-cifs-delegation-targets
>>
>> # ipa-ldap-delegation-targets, s4u2proxy, etc, teloip.net
>> <http://teloip.net>
>> dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> objectClass: groupOfPrincipals
>> objectClass: top
>> *memberPrincipal: ldap/ipa01.teloip.net at TELOIP.NET
>> <mailto:ipa01.teloip.net at TELOIP.NET>*
>> cn: ipa-ldap-delegation-targets
>>
>> # search result
>> search: 4
>> result: 0 Success
>>
>> # numResponses: 5
>> # numEntries: 4
>> [root at ipa01 ~]#
>>
>> *[root at ipa02 ~]# ldapsearch -Y GSSAPI -H ldap://ipa02.teloip.net
>> <http://ipa02.teloip.net> -b "cn=s4u2proxy,cn=etc,dc=teloip,dc=net"*
>> SASL/GSSAPI authentication started
>> SASL username: admin at TELOIP.NET <mailto:admin at TELOIP.NET>
>> SASL SSF: 56
>> SASL data security layer installed.
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=s4u2proxy,cn=etc,dc=teloip,dc=net> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # s4u2proxy, etc, teloip.net <http://teloip.net>
>> dn: cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> cn: s4u2proxy
>> objectClass: nsContainer
>> objectClass: top
>>
>> # ipa-http-delegation, s4u2proxy, etc, teloip.net <http://teloip.net>
>> dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> cn: ipa-http-delegation
>> *memberPrincipal: HTTP/ipa01.teloip.net at TELOIP.NET
>> <mailto:ipa01.teloip.net at TELOIP.NET>*
>> ipaAllowedTarget:
>> cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> ipaAllowedTarget:
>> cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> objectClass: ipaKrb5DelegationACL
>> objectClass: groupOfPrincipals
>> objectClass: top
>>
>> # ipa-cifs-delegation-targets, s4u2proxy, etc, teloip.net
>> <http://teloip.net>
>> dn: cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> cn: ipa-cifs-delegation-targets
>> objectClass: groupOfPrincipals
>> objectClass: top
>>
>> # ipa-ldap-delegation-targets, s4u2proxy, etc, teloip.net
>> <http://teloip.net>
>> dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=teloip,dc=net
>> cn: ipa-ldap-delegation-targets
>> *memberPrincipal: ldap/ipa01.teloip.net at TELOIP.NET
>> <mailto:ipa01.teloip.net at TELOIP.NET>*
>> objectClass: groupOfPrincipals
>> objectClass: top
>>
>> # search result
>> search: 4
>> result: 0 Success
>>
>> # numResponses: 5
>> # numEntries: 4
>> [root at ipa02 ~]#
>>
>> Appreciate your help,
>>
>> Linov Suresh.
>>
>>
>>
>> On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>     Linov Suresh wrote:
>>
>>         Look like our issue is discussed here, and *is **missing one or
>> more
>>         memberPrincipal*.
>>
>>         https://www.redhat.com/archives/freeipa-users/2013-April/
>> msg00228.html
>>         <https://www.redhat.com/archives/freeipa-users/2013-April/
>> msg00228.html>
>>
>>         When I tried to add the Principal, I'm getting error,
>>
>>
>>     You didn't follow the instructions in the e-mail thread. The problem
>>     isn't a principal that doesn't exist, it is a principal not in the
>>     delegation list. Do the ldapsearch's and see what is missing (and
>>     you'll need to use -Y GSSAPI instead of -x) then add it using
>>     ldapmodify.
>>
>>     Only under very specific circumstances would I ever recommend using
>>     kadmin.local.
>>
>>     rob
>>
>>
>>
>>         [root at ipa01 ~]# kadmin.local
>>         Authenticating as principal admin/admin at TELOIP.NET
>>         <mailto:admin at TELOIP.NET>
>>         <mailto:admin at TELOIP.NET <mailto:admin at TELOIP.NET>> with
>> password.
>>         kadmin.local:  addprinc -randkey
>>         HTTP/ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>
>>         <mailto:ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>>
>>         WARNING: no policy specified for
>>         HTTP/ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>
>>         <mailto:ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>>; defaulting to no policy
>>         add_principal: Principal or policy already exists while creating
>>         "HTTP/ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>
>>         <mailto:ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>>"
>>
>>         [root at ipa01 ~]# kadmin.local
>>         Authenticating as principal admin/admin at TELOIP.NET
>>         <mailto:admin at TELOIP.NET>
>>         <mailto:admin at TELOIP.NET <mailto:admin at TELOIP.NET>> with
>> password.
>>         kadmin.local:  addprinc -randkey
>>         ldap/ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>
>>         <mailto:ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>>
>>         WARNING: no policy specified for
>>         ldap/ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>
>>         <mailto:ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>>; defaulting to no policy
>>         add_principal: Principal or policy already exists while creating
>>         "ldap/ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>
>>         <mailto:ipa02.teloip.net at TELOIP.NET
>>         <mailto:ipa02.teloip.net at TELOIP.NET>>".
>>
>>         Could you please help us to fix the "*KDC returned error string:
>>         NOT_ALLOWED_TO_DELEGATE*" error?
>>
>>
>>         [root at caer ~]# kadmin.local
>>         Authenticating as principal admin/admin at TELOIP.NET
>>         <mailto:admin at TELOIP.NET>
>>         <mailto:admin at TELOIP.NET <mailto:admin at TELOIP.NET>> with
>> password.
>>         kadmin.local:  addprinc -randkey HTTP/neit.teloip.net at TELOIP.NET
>>         <mailto:neit.teloip.net at TELOIP.NET>
>>         <mailto:neit.teloip.net at TELOIP.NET
>>         <mailto:neit.teloip.net at TELOIP.NET>>
>>         WARNING: no policy specified for HTTP/neit.teloip.net at TELOIP.NET
>>         <mailto:neit.teloip.net at TELOIP.NET>
>>         <mailto:neit.teloip.net at TELOIP.NET
>>         <mailto:neit.teloip.net at TELOIP.NET>>; defaulting to no policy
>>         add_principal: Principal or policy already exists while creating
>>         "HTTP/neit.teloip.net at TELOIP.NET
>>         <mailto:neit.teloip.net at TELOIP.NET>
>>         <mailto:neit.teloip.net at TELOIP.NET
>>         <mailto:neit.teloip.net at TELOIP.NET>>"
>>
>>
>>
>>
>>
>>
>>         On Tue, Aug 16, 2016 at 7:58 AM, Martin Kosek <mkosek at redhat.com
>>         <mailto:mkosek at redhat.com>
>>         <mailto:mkosek at redhat.com <mailto:mkosek at redhat.com>>> wrote:
>>
>>              On 08/16/2016 09:25 AM, Petr Spacek wrote:
>>              > On 15.8.2016 20:18, Linov Suresh wrote:
>>              >> We have IPA replica set up in RHEL 6.4 and is FreeIPA
>> 3.0.0
>>              >>
>>              >>
>>              >> We can only add the clients from IPA Server 01, not from
>>         IPA Server 02.
>>              >> When I tried to add the client from IPA Server 02,
>>         getting the error,
>>              >>
>>              >>
>>              >> ipa: ERROR: Insufficient access: SASL(-1): generic
>>         failure: GSSAPI Error:
>>              >> Unspecified GSS failure.  Minor code may provide more
>>         information (KDC
>>              >> returned error string: NOT_ALLOWED_TO_DELEGATE)
>>              >>
>>              >> SASL/GSSAPI authentication started
>>              >>
>>              >> SASL username:vpham at EXAMPLE.NET
>>         <mailto:username%3Avpham at EXAMPLE.NET> <mailto:vpham at EXAMPLE.NET
>>         <mailto:vpham at EXAMPLE.NET>>
>>              >>
>>              >> SASL SSF: 56
>>              >>
>>              >> SASL data security layer installed.
>>              >>
>>              >> ldap_modify: No such object (32)
>>              >>
>>              >>         additional info: Range Check error
>>              >>
>>              >> modifying entry "fqdn=cpe-5061747522f9.example.net
>>         <http://cpe-5061747522f9.example.net>
>>         <http://cpe-5061747522f9.example.net
>>
>>         <http://cpe-5061747522f9.example.net>>
>>              >> ,cn=computers,cn=accounts,dc=example,dc=net"
>>              >>
>>              >>
>>              >> Could you please help us to fix this?
>>              >
>>               > We need to see exact steps you did before we can give
>>         you any
>>              meaningful advice.
>>               >
>>               > Please have a look at
>>               > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>>         <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>
>>              <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>>         <http://www.chiark.greenend.org.uk/~sgtatham/bugs.html>>
>>               >
>>               > It is a very nice document which describes general bug
>>         reporting
>>              procedure and
>>               > best practices.
>>               >
>>               > We will certainly have a look but we need first see the
>>              information :-)
>>               >
>>
>>              Also, using IPA on RHEL-6.4 is discouraged. This is a
>>         really old
>>              release and
>>              there are known issues (in cert renewals for example). Using
>> at
>>              least RHEL-6.8
>>              or, even better, RHEL-7.2 is preferred and would help you
>> avoid
>>              known issues
>>              and deficiencies (and the newer FreeIPA versions are way
>>         cooler anyway).
>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/2dbe8790/attachment.htm>

From lslebodn at redhat.com  Thu Aug 25 20:27:08 2016
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Thu, 25 Aug 2016 22:27:08 +0200
Subject: [Freeipa-users] Questions about 1.14 software bugs
In-Reply-To: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>
References: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>
Message-ID: <20160825202708.GB5700@10.4.128.1>

On (25/08/16 18:30), Sullivan, Daniel [AAA] wrote:
>Hi, 
>
>I feel like I?ve been warned at least twice that sssd 1.14 has some known regressions that make it unstable.  We?re in the process of rolling it out to our production environment (we can?t use 1.13 due to another issue); so far it seems pretty stable, although if possible I?d like any sort of highly informed advisement if it is really stupid or insane to move forward with 1.14.  Specifically, we are implementing 1.14.0-3.el6.
>
May I know what is a blocker for using default version of sssd(1.13) in el6?
It is a stable version ready for production.

>Similarly, is it safe to say that this is a comprehensive list of known issues or are there identified problems that aren?t documented in this report?
>
>https://fedorahosted.org/sssd/report/2
>
https://fedorahosted.org/sssd/report/3 would be better
and look directly into the bucket "SSSD 1.14.2"

>Any advise or recommendation that an expert in sssd 1.14 could provide would be appreciated (as I said before so far it seems pretty stable).
>
We fixed many bugs in 1.14.1 and copr repository was updated
https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-14/
I would say it si 99% ready for production.

We will appreciate testing. And in case of any bugs, I can release
new version in copr immediately after fixing bug in upstream.

LS



From jhrozek at redhat.com  Thu Aug 25 20:30:48 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 25 Aug 2016 22:30:48 +0200
Subject: [Freeipa-users] Slow logins with multi site replication
In-Reply-To: <HE1PR0601MB21080891D356C0985B7668848DED0@HE1PR0601MB2108.eurprd06.prod.outlook.com>
References: <mailman.18734.1470138748.3910.freeipa-users@redhat.com>
	<HE1PR0601MB21080891D356C0985B7668848DED0@HE1PR0601MB2108.eurprd06.prod.outlook.com>
Message-ID: <20160825203048.pubqy2kbrhnoxkam@hendrix>

On Thu, Aug 25, 2016 at 04:11:29PM +0000, Neal Harrington | i-Neda Ltd wrote:
> > > Hi,
> 
> > >
> > > I am experiencing slow logins and sudo authentication for servers joined to my FreeIPA domain. I have been following the other recent thread on slow logins and believe my issue is different.
> > >
> > > I have replication setup with 2 FreeIPA servers at each of 3 sites. The replication is working well and I am able to login correctly on client servers with correct sudo permissions etc. Logins seem to take a long time however. There seems to be some kind of DNS/connection timeout issues, see the example below where the client times out on the auth01 server, then retries and connects. I have also seen it switch to an alternate IPA server on timeout. Total delay in this example is about 10 seconds however it can take longer (approx 30 seconds). It is worth mentioning that client servers in each site cannot connect to IPA servers is a different site - however in the example below the auth01 IPA server is in the same site as the client server. I'm not sure if there is any way to make the IPA clients site aware so they prefer to log in to a local server?
> > >
> > >
> > > On the IPA servers themselves there is no noticeable delay and once I have authenticated with sudo once, subsequent attempts in the same login are also near instant. I have not been able to find any reason for this delay in any logs (which probably just means I'm not looking in the right place).
> > >
> > >
> > > DNS servers are running on each IPA server and responding well whenever I have tested.
> > >
> > >
> > > IPA Servers: CentOS 7.2.1511 running IPA 4.2.0 (from standard CentOS repo)
> > >
> > > Client servers: Ubuntu 14.04 running IPA 3.3.4 (From standard Ubuntu repo)
> > >
> > >
> > > Any comments or suggestions greatly appreciated.
> > >
> > >
> > > Thanks,
> > >
> > > Neal.
> > >
> > >
> > > Example sssd log for a "sudo -l" attempt.
> > >
> > > (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_child_timeout]
> > > (0x0040): Timeout for child [7430] reached. In case KDC is distant or
> > > network is slow you may consider increasing value of krb5_auth_timeout.
> > > (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_auth_done] (0x0020):
> > > child timed out!
> >
> > These debug messages seem to be telling you what the problem is. Have
> > you tried how long does it take to kinit (preferably with
> > KRB5_TRACE=/dev/stderr prepended) ?
> 
> Hi Jakub,
> 
> Thanks for your response and sorry for my delay in replying. kinit takes between 2 and 25 seconds to complete - the KRB5_TRACE option shows it trying a random auth server, timing out and trying another random server until it picks a local server which then completes almost immediately. This seems to confirm that the problem is simply the server tries to authenticate against a FreeIPA server that is unreachable and times out causing the randomly slow logins. Given 6 auth servers with only 2 on each site there is a ~ 10% chance of hitting 3 bad servers in a row before login succeeds - if each takes 20 seconds that would explain the random login times of a few sec - 1 minute.
> 
> If I enter the local kdc servers manually in the realm section of krb5.conf then ssh logins always happen in < 2sec - however I would prefer to avoid the manual step of configuring and updating this (planning to expand out to a few hundred servers over 4-5 sites). Manually setting these is likely to lead to mistakes and it just feels inelegant compared to DNS SRV records.
> 
> I have seen https://www.freeipa.org/page/V4/DNS_Location_Mechanism which looks good but is a proposal from 2013 with no indications that it has actually been developed. I was also very interested by https://www.freeipa.org/page/Howto/IPA_locations which would be perfect - except the "ipa location-add" commands do not seem to be recognised by my FreeIPA installs.
> 
> Am I missing a better way to handle the case of multiple locations with clients in Location A being unable to authenticate against FreeIPA servers at location B?
> 
> Any suggestions greatly appreciated.
> 
> Thanks,
> Neal.
> 

Petr Spacek (CC) has been working lately in this area, but frankly I
don't know what the status is or what a recommendation for current
versions might be..



From jhrozek at redhat.com  Thu Aug 25 20:39:16 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 25 Aug 2016 22:39:16 +0200
Subject: [Freeipa-users] Questions about 1.14 software bugs
In-Reply-To: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>
References: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>
Message-ID: <20160825203916.ex4oqsy2cl4fubev@hendrix>

On Thu, Aug 25, 2016 at 06:30:22PM +0000, Sullivan, Daniel [AAA] wrote:
> Hi, 
> 
> I feel like I?ve been warned at least twice that sssd 1.14 has some known regressions that make it unstable.  We?re in the process of rolling it out to our production environment (we can?t use 1.13 due to another issue); so far it seems pretty stable, although if possible I?d like any sort of highly informed advisement if it is really stupid or insane to move forward with 1.14.  Specifically, we are implementing 1.14.0-3.el6.
> 

It's gotten better in the last couple of weeks :)

> Similarly, is it safe to say that this is a comprehensive list of known issues or are there identified problems that aren?t documented in this report?
> 
> https://fedorahosted.org/sssd/report/2

In upstream we don't tag regressions vs. other bugs in any other way
than tagging the regressions as 'critical' or 'blocker' in trac.

Since you are rolling out 1.14 on el6, you're already on your own I
guess, so you might as well choose to run 1.14.1 which was released
quite recently.

The most notable known bug you might be interested in since you are running
IPA-AD trusts is:
    https://fedorahosted.org/sssd/ticket/3127



From lslebodn at redhat.com  Thu Aug 25 20:41:53 2016
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Thu, 25 Aug 2016 22:41:53 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <1042341051.13710.1472117452652.JavaMail.zimbra@casalogic.dk>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
	<260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
	<20160825084820.GB30315@10.4.128.1>
	<1042341051.13710.1472117452652.JavaMail.zimbra@casalogic.dk>
Message-ID: <20160825204152.GA6360@10.4.128.1>

On (25/08/16 11:30), Troels Hansen wrote:
>Hmm, adding the CentOS SSSD 1.14 copr repo and running yum upgrade,
>getting a version 1.14.1, clean cache DB (complaing about cache being
>old version),
Upgrade to 1.14.1 should not require puring sssd cache.
If you are able to reproduce then please provide steps.
Or file a sssd bug https://fedorahosted.org/sssd/newticket

>I can getent users, but log log in for no obvious reason (system error in secure.log).
>
system error sounds bad. Please provide log files with
high debug level in domain section sssd.conf

https://fedorahosted.org/sssd/wiki/Troubleshooting#SSSDdebuglogs

LS



From dsullivan2 at bsd.uchicago.edu  Thu Aug 25 21:51:01 2016
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [AAA])
Date: Thu, 25 Aug 2016 21:51:01 +0000
Subject: [Freeipa-users] Questions about 1.14 software bugs
In-Reply-To: <20160825203916.ex4oqsy2cl4fubev@hendrix>
References: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>
	<20160825203916.ex4oqsy2cl4fubev@hendrix>
Message-ID: <7ACF8B46-9CFC-4EE9-BD4A-5A5E7DD49CBE@bsd.uchicago.edu>

Jakub,

Thank you for responding.  We?ll have to talk about upgrading to 1.14.1 internally.  I appreciate your time, this is the sort of information I was looking for. 

Best,

Dan
  
> On Aug 25, 2016, at 3:39 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> 
> On Thu, Aug 25, 2016 at 06:30:22PM +0000, Sullivan, Daniel [AAA] wrote:
>> Hi, 
>> 
>> I feel like I?ve been warned at least twice that sssd 1.14 has some known regressions that make it unstable.  We?re in the process of rolling it out to our production environment (we can?t use 1.13 due to another issue); so far it seems pretty stable, although if possible I?d like any sort of highly informed advisement if it is really stupid or insane to move forward with 1.14.  Specifically, we are implementing 1.14.0-3.el6.
>> 
> 
> It's gotten better in the last couple of weeks :)
> 
>> Similarly, is it safe to say that this is a comprehensive list of known issues or are there identified problems that aren?t documented in this report?
>> 
>> https://fedorahosted.org/sssd/report/2
> 
> In upstream we don't tag regressions vs. other bugs in any other way
> than tagging the regressions as 'critical' or 'blocker' in trac.
> 
> Since you are rolling out 1.14 on el6, you're already on your own I
> guess, so you might as well choose to run 1.14.1 which was released
> quite recently.
> 
> The most notable known bug you might be interested in since you are running
> IPA-AD trusts is:
>    https://fedorahosted.org/sssd/ticket/3127
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


********************************************************************************
This e-mail is intended only for the use of the individual or entity to which
it is addressed and may contain information that is privileged and confidential.
If the reader of this e-mail message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this
communication is prohibited. If you have received this e-mail in error, please 
notify the sender and destroy all copies of the transmittal. 

Thank you
University of Chicago Medicine and Biological Sciences 
********************************************************************************



From mareynol at redhat.com  Thu Aug 25 22:10:30 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Thu, 25 Aug 2016 18:10:30 -0400
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
	<55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
	<57BF2DE6.3080102@redhat.com>
	<44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>
Message-ID: <95a007f3-acf3-4688-db9e-4be4b6f3e3c6@redhat.com>



On 08/25/2016 02:04 PM, Ian Harding wrote:
>
> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>> Ian Harding wrote:
>>>
>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>>> Ian Harding wrote:
>>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>>> happened.
>>>>>
>>>>> It only had a replication agreement with freeipa-sea
>>>>>
>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>
>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>> configuration!
>>>>>
>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>> [no]: yes
>>>>> Shutting down all IPA services
>>>>> Removing IPA client configuration
>>>>> Unconfiguring ntpd
>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>> Unconfiguring CA
>>>>> Unconfiguring named
>>>>> Unconfiguring ipa-dnskeysyncd
>>>>> Unconfiguring web server
>>>>> Unconfiguring krb5kdc
>>>>> Unconfiguring kadmin
>>>>> Unconfiguring directory server
>>>>> Unconfiguring ipa_memcached
>>>>> Unconfiguring ipa-otpd
>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>
>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>> configuration!
>>>>>
>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>> [no]: yes
>>>>>
>>>>> WARNING: Failed to connect to Directory Server to find information
>>>>> about
>>>>> replication agreements. Uninstallation will continue despite the
>>>>> possible
>>>>> existing replication agreements.
>>>>> Shutting down all IPA services
>>>>> Removing IPA client configuration
>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>>> Directory Manager (existing master) password:
>>>>>
>>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>>> You should remove it before proceeding:
>>>>>       % ipa host-del freeipa-dal.bpt.rocks
>>>>> [root at freeipa-dal ianh]#
>>>>>
>>>>> So I tried to delete it again with --force
>>>>>
>>>>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>>>>> freeipa-dal.bpt.rocks
>>>>> Directory Manager password:
>>>>>
>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>>> 'freeipa-dal.bpt.rocks'
>>>>> [root at freeipa-sea ianh]#
>>>>>
>>>>> Can't delete it from the master server either
>>>>>
>>>>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>>> disabled
>>>>>
>>>>>
>>>>> Now what?  I'm running out of things that work.
>>>> Not sure what version of IPA you have but try:
>>>>
>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>>
>>>> If this had a CA on it then you'll want to ensure that any replication
>>>> agreements it had have been removed as well.
>>>>
>>>> rob
>>>>
>>> It turns out I'm not smart enough to untangle this mess.
>>>
>>> Is there any way to kind of start over?  I managed to delete and
>>> recreate a couple replicas but the problems (obsolete ruv as far as I
>>> can tell) carry on with the new replicas.  They won't even replicate
>>> back to the master they were created from.
>> Once you have the right version of 389-ds then then cleanruv tasks work
>> a lot better. What version are you running now?
> 1.3.4.0. 
Ian,

Can you the exact version please?  rpm -qa | grep 389-ds-base

Thanks,
Mark
>  It's handcuffed to my CentOS 7 so I don't want to update it
> outside the CentOS ecosystem.  What's the downside of upgrading it from
> source or an RPM for a different flavor of RedHat derived Linux?
>
> I'm a one-man band but I'd be interested in hearing a pitch from someone
> who is super smart on this stuff for a working consulting gig and maybe
> ongoing support.  Who would I talk to at RedHat about coming in from the
> cold for full on corporate support?
>
> Thanks!
>
>>> Basically, is there a way to do a fresh install of FreeIPA server, and
>>> do a dump/restore of data from my existing messed up install?
>> Not really, no. You can migrate IPA to IPA but only users and groups and
>> you lose private groups for existing users (they become regular POSIX
>> groups).
>>
>> rob
>>



From iain at shihad.org  Thu Aug 25 22:19:03 2016
From: iain at shihad.org (Iain M Conochie)
Date: Thu, 25 Aug 2016 23:19:03 +0100
Subject: [Freeipa-users] (no subject)
In-Reply-To: <OF8ADC8709.5BC4A277-ON07258019.005DCF94-07258019.005E2B2B@notes.na.collabserv.com>
References: <OF8ADC8709.5BC4A277-ON07258019.005DCF94-07258019.005E2B2B@notes.na.collabserv.com>
Message-ID: <57BF6ED7.1050308@shihad.org>



On 24/08/16 18:08, Sean Hogan wrote:
>
> Hi All,
>
> Would anyone be able to direct me to some docs regarding NFS automount 
> with IPA. We are currently using this setup but to be specific I do 
> not want the priv keys to be in the users mounted home. When I did the 
> keygen I took the defaults for location and it went into the exported 
> home of the user meaning it is mounted on any system the user logs 
> onto which is not a good idea. Is there a way to set this up so the 
> priv keys stay out of the mounted home or since I have the keys 
> uploaded into IPA I do not need the key in home?
>
The key that is uploaded into IPA is the public key, not the private key.

You still need a private key on the local server the user is logging into.

Cheers

Iain
>
>
>
>
>
> Sean Hogan
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/5f427c03/attachment.htm>

From dsullivan2 at bsd.uchicago.edu  Thu Aug 25 21:25:19 2016
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [AAA])
Date: Thu, 25 Aug 2016 21:25:19 +0000
Subject: [Freeipa-users] Questions about 1.14 software bugs
In-Reply-To: <20160825202708.GB5700@10.4.128.1>
References: <ED331F8B-7A0E-422C-95CF-07D9F3C9036D@bsd.uchicago.edu>
	<20160825202708.GB5700@10.4.128.1>
Message-ID: <7884C282-380C-4B2B-8EB2-64E58BE01C8E@bsd.uchicago.edu>

Lukas,

Thank you for responding.  This particular issue was the one that was preventing us from using sssd 1.13 on RHEL 6.8.

https://www.redhat.com/archives/freeipa-users/2016-July/msg00163.html

Basically no matter what I did HBAC seemed to randomly break on some systems. The systems were deployed from the same template, and from what I could tell had consistent configurations, all packages updated,  etc.  I honestly probably spent a week on this and upgrading to 1.14 was a very last resort.  It immediately fixed the problem in all cases.

We will discuss 1.14.1 internally and would be happy to provide any feedback on identified issues.

Dan



> On Aug 25, 2016, at 3:27 PM, Lukas Slebodnik <lslebodn at redhat.com> wrote:
> 
> On (25/08/16 18:30), Sullivan, Daniel [AAA] wrote:
>> Hi, 
>> 
>> I feel like I?ve been warned at least twice that sssd 1.14 has some known regressions that make it unstable.  We?re in the process of rolling it out to our production environment (we can?t use 1.13 due to another issue); so far it seems pretty stable, although if possible I?d like any sort of highly informed advisement if it is really stupid or insane to move forward with 1.14.  Specifically, we are implementing 1.14.0-3.el6.
>> 
> May I know what is a blocker for using default version of sssd(1.13) in el6?
> It is a stable version ready for production.
> 
>> Similarly, is it safe to say that this is a comprehensive list of known issues or are there identified problems that aren?t documented in this report?
>> 
>> https://fedorahosted.org/sssd/report/2
>> 
> https://fedorahosted.org/sssd/report/3 would be better
> and look directly into the bucket "SSSD 1.14.2"
> 
>> Any advise or recommendation that an expert in sssd 1.14 could provide would be appreciated (as I said before so far it seems pretty stable).
>> 
> We fixed many bugs in 1.14.1 and copr repository was updated
> https://copr.fedorainfracloud.org/coprs/g/sssd/sssd-1-14/
> I would say it si 99% ready for production.
> 
> We will appreciate testing. And in case of any bugs, I can release
> new version in copr immediately after fixing bug in upstream.
> 
> LS


********************************************************************************
This e-mail is intended only for the use of the individual or entity to which
it is addressed and may contain information that is privileged and confidential.
If the reader of this e-mail message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this
communication is prohibited. If you have received this e-mail in error, please 
notify the sender and destroy all copies of the transmittal. 

Thank you
University of Chicago Medicine and Biological Sciences 
********************************************************************************



From jhrozek at redhat.com  Fri Aug 26 05:54:07 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 26 Aug 2016 07:54:07 +0200
Subject: [Freeipa-users] SUDO and group lookup in AD trust
In-Reply-To: <20160825204152.GA6360@10.4.128.1>
References: <2050149863.1012561.1471958268423.JavaMail.zimbra@casalogic.dk>
	<20160824075009.rj73yous3ptypj54@hendrix>
	<1433616466.7119.1472107348774.JavaMail.zimbra@casalogic.dk>
	<1121029446.9457.1472109874936.JavaMail.zimbra@casalogic.dk>
	<260135086.10187.1472112336235.JavaMail.zimbra@casalogic.dk>
	<20160825084820.GB30315@10.4.128.1>
	<1042341051.13710.1472117452652.JavaMail.zimbra@casalogic.dk>
	<20160825204152.GA6360@10.4.128.1>
Message-ID: <20160826055407.sok4s6c7ehtwoe3q@hendrix>

On Thu, Aug 25, 2016 at 10:41:53PM +0200, Lukas Slebodnik wrote:
> On (25/08/16 11:30), Troels Hansen wrote:
> >Hmm, adding the CentOS SSSD 1.14 copr repo and running yum upgrade,
> >getting a version 1.14.1, clean cache DB (complaing about cache being
> >old version),
> Upgrade to 1.14.1 should not require puring sssd cache.
> If you are able to reproduce then please provide steps.
> Or file a sssd bug https://fedorahosted.org/sssd/newticket
> 
> >I can getent users, but log log in for no obvious reason (system error in secure.log).
> >
> system error sounds bad. Please provide log files with
> high debug level in domain section sssd.conf
> 
> https://fedorahosted.org/sssd/wiki/Troubleshooting#SSSDdebuglogs

We were debugging this yesterday with Troels and the logs said it's:
    https://fedorahosted.org/sssd/ticket/3127



From pspacek at redhat.com  Fri Aug 26 06:37:49 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Fri, 26 Aug 2016 08:37:49 +0200
Subject: [Freeipa-users] Slow logins with multi site replication
In-Reply-To: <20160825203048.pubqy2kbrhnoxkam@hendrix>
References: <mailman.18734.1470138748.3910.freeipa-users@redhat.com>
	<HE1PR0601MB21080891D356C0985B7668848DED0@HE1PR0601MB2108.eurprd06.prod.outlook.com>
	<20160825203048.pubqy2kbrhnoxkam@hendrix>
Message-ID: <22d91c56-a1ed-4e0c-8e70-b7c92b24f3f1@redhat.com>

On 25.8.2016 22:30, Jakub Hrozek wrote:
> On Thu, Aug 25, 2016 at 04:11:29PM +0000, Neal Harrington | i-Neda Ltd wrote:
>>>> Hi,
>>
>>>>
>>>> I am experiencing slow logins and sudo authentication for servers joined to my FreeIPA domain. I have been following the other recent thread on slow logins and believe my issue is different.
>>>>
>>>> I have replication setup with 2 FreeIPA servers at each of 3 sites. The replication is working well and I am able to login correctly on client servers with correct sudo permissions etc. Logins seem to take a long time however. There seems to be some kind of DNS/connection timeout issues, see the example below where the client times out on the auth01 server, then retries and connects. I have also seen it switch to an alternate IPA server on timeout. Total delay in this example is about 10 seconds however it can take longer (approx 30 seconds). It is worth mentioning that client servers in each site cannot connect to IPA servers is a different site - however in the example below the auth01 IPA server is in the same site as the client server. I'm not sure if there is any way to make the IPA clients site aware so they prefer to log in to a local server?
>>>>
>>>>
>>>> On the IPA servers themselves there is no noticeable delay and once I have authenticated with sudo once, subsequent attempts in the same login are also near instant. I have not been able to find any reason for this delay in any logs (which probably just means I'm not looking in the right place).
>>>>
>>>>
>>>> DNS servers are running on each IPA server and responding well whenever I have tested.
>>>>
>>>>
>>>> IPA Servers: CentOS 7.2.1511 running IPA 4.2.0 (from standard CentOS repo)
>>>>
>>>> Client servers: Ubuntu 14.04 running IPA 3.3.4 (From standard Ubuntu repo)
>>>>
>>>>
>>>> Any comments or suggestions greatly appreciated.
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Neal.
>>>>
>>>>
>>>> Example sssd log for a "sudo -l" attempt.
>>>>
>>>> (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_child_timeout]
>>>> (0x0040): Timeout for child [7430] reached. In case KDC is distant or
>>>> network is slow you may consider increasing value of krb5_auth_timeout.
>>>> (Mon Aug 1 14:39:59 2016) [sssd[be[fqdn.com]]] [krb5_auth_done] (0x0020):
>>>> child timed out!
>>>
>>> These debug messages seem to be telling you what the problem is. Have
>>> you tried how long does it take to kinit (preferably with
>>> KRB5_TRACE=/dev/stderr prepended) ?
>>
>> Hi Jakub,
>>
>> Thanks for your response and sorry for my delay in replying. kinit takes between 2 and 25 seconds to complete - the KRB5_TRACE option shows it trying a random auth server, timing out and trying another random server until it picks a local server which then completes almost immediately. This seems to confirm that the problem is simply the server tries to authenticate against a FreeIPA server that is unreachable and times out causing the randomly slow logins. Given 6 auth servers with only 2 on each site there is a ~ 10% chance of hitting 3 bad servers in a row before login succeeds - if each takes 20 seconds that would explain the random login times of a few sec - 1 minute.
>>
>> If I enter the local kdc servers manually in the realm section of krb5.conf then ssh logins always happen in < 2sec - however I would prefer to avoid the manual step of configuring and updating this (planning to expand out to a few hundred servers over 4-5 sites). Manually setting these is likely to lead to mistakes and it just feels inelegant compared to DNS SRV records.
>>
>> I have seen https://www.freeipa.org/page/V4/DNS_Location_Mechanism which looks good but is a proposal from 2013 with no indications that it has actually been developed. I was also very interested by https://www.freeipa.org/page/Howto/IPA_locations which would be perfect - except the "ipa location-add" commands do not seem to be recognised by my FreeIPA installs.
>>
>> Am I missing a better way to handle the case of multiple locations with clients in Location A being unable to authenticate against FreeIPA servers at location B?
>>
>> Any suggestions greatly appreciated.
>>
>> Thanks,
>> Neal.
>>
> 
> Petr Spacek (CC) has been working lately in this area, but frankly I
> don't know what the status is or what a recommendation for current
> versions might be..

Hello,

Field "Target version: 4.4.0" on page
https://www.freeipa.org/page/V4/DNS_Location_Mechanism
is correct - the feature is implemented in FreeIPA 4.4.0.

Please stay tuned until your distribution provides sufficiently new version of
FreeIPA.

-- 
Petr^2 Spacek



From mkosek at redhat.com  Fri Aug 26 06:51:05 2016
From: mkosek at redhat.com (Martin Kosek)
Date: Fri, 26 Aug 2016 08:51:05 +0200
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
	<55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
	<57BF2DE6.3080102@redhat.com>
	<44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>
Message-ID: <0e77fb36-2da2-3d0f-7e12-43cf5b06c04b@redhat.com>

On 08/25/2016 08:04 PM, Ian Harding wrote:
> 
> 
> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>> Ian Harding wrote:
>>>
>>>
>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>>> Ian Harding wrote:
>>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>>> happened.
>>>>>
>>>>> It only had a replication agreement with freeipa-sea
>>>>>
>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>
>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>> configuration!
>>>>>
>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>> [no]: yes
>>>>> Shutting down all IPA services
>>>>> Removing IPA client configuration
>>>>> Unconfiguring ntpd
>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>> Unconfiguring CA
>>>>> Unconfiguring named
>>>>> Unconfiguring ipa-dnskeysyncd
>>>>> Unconfiguring web server
>>>>> Unconfiguring krb5kdc
>>>>> Unconfiguring kadmin
>>>>> Unconfiguring directory server
>>>>> Unconfiguring ipa_memcached
>>>>> Unconfiguring ipa-otpd
>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>
>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>> configuration!
>>>>>
>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>> [no]: yes
>>>>>
>>>>> WARNING: Failed to connect to Directory Server to find information
>>>>> about
>>>>> replication agreements. Uninstallation will continue despite the
>>>>> possible
>>>>> existing replication agreements.
>>>>> Shutting down all IPA services
>>>>> Removing IPA client configuration
>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>>> Directory Manager (existing master) password:
>>>>>
>>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>>> You should remove it before proceeding:
>>>>>       % ipa host-del freeipa-dal.bpt.rocks
>>>>> [root at freeipa-dal ianh]#
>>>>>
>>>>> So I tried to delete it again with --force
>>>>>
>>>>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>>>>> freeipa-dal.bpt.rocks
>>>>> Directory Manager password:
>>>>>
>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>>> 'freeipa-dal.bpt.rocks'
>>>>> [root at freeipa-sea ianh]#
>>>>>
>>>>> Can't delete it from the master server either
>>>>>
>>>>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>>> disabled
>>>>>
>>>>>
>>>>> Now what?  I'm running out of things that work.
>>>>
>>>> Not sure what version of IPA you have but try:
>>>>
>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>>
>>>> If this had a CA on it then you'll want to ensure that any replication
>>>> agreements it had have been removed as well.
>>>>
>>>> rob
>>>>
>>>
>>> It turns out I'm not smart enough to untangle this mess.
>>>
>>> Is there any way to kind of start over?  I managed to delete and
>>> recreate a couple replicas but the problems (obsolete ruv as far as I
>>> can tell) carry on with the new replicas.  They won't even replicate
>>> back to the master they were created from.
>>
>> Once you have the right version of 389-ds then then cleanruv tasks work
>> a lot better. What version are you running now?
> 
> 1.3.4.0.  It's handcuffed to my CentOS 7 so I don't want to update it
> outside the CentOS ecosystem.  What's the downside of upgrading it from
> source or an RPM for a different flavor of RedHat derived Linux?
> 
> I'm a one-man band but I'd be interested in hearing a pitch from someone
> who is super smart on this stuff for a working consulting gig and maybe
> ongoing support.  Who would I talk to at RedHat about coming in from the
> cold for full on corporate support?

This sounds like you want to call
https://www.redhat.com/en/about/contact/sales#
:-)



From cory at trinitymobilenetworks.com  Thu Aug 25 22:34:43 2016
From: cory at trinitymobilenetworks.com (Cory Francis Myers)
Date: Thu, 25 Aug 2016 18:34:43 -0400
Subject: [Freeipa-users]  sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6Fdtf_Wt8M0Ezn0tvS1EBozpxRh_jNg958aZ14faOzT+A@mail.gmail.com>
Message-ID: <20160825223443.GA42620@ozymandias.local>

We are seeing the same problem (correct group membership; matching HBAC
rules retrieved by sssd and rejected by sudo) on a new Ubuntu 16.04
client joining a realm of existing (and working) Ubuntu 15.10 hosts,
despite identical "/etc/sssd/sssd.conf" files.

Master:

    root at hades:~# cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=15.10
    DISTRIB_CODENAME=wily
    DISTRIB_DESCRIPTION="Ubuntu 15.10"
    root at hades:~# ipa --version
    VERSION: 4.1.4, API_VERSION: 2.114


Existing (working) client:

    root at orange1:~# cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=15.10
    DISTRIB_CODENAME=wily
    DISTRIB_DESCRIPTION="Ubuntu 15.10"
    root at orange1:~# ipa-client-install --version
    4.1.4
    root at orange1:~# sssd --version
    1.12.5


New (broken) client:

    root at orange4:~# cat /etc/lsb-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=16.04
    DISTRIB_CODENAME=xenial
    DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
    root at orange4:~# ipa-client-install --version
    4.3.1
    root at orange4:~# sssd --version
    1.13.4


I too would be grateful for any advice.  The relevant parts of our logs
corroborate what John has reported in this thread, but I can provide
excerpts if that would be helpful.


    --- Cory.


-- 
Cory Myers
Systems Engineer
Trinity Mobile Networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160825/9c2f9ad3/attachment.sig>

From zeusuofm at hotmail.com  Fri Aug 26 04:20:11 2016
From: zeusuofm at hotmail.com (Mariusz Stolarczyk)
Date: Fri, 26 Aug 2016 04:20:11 +0000
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
	sudo on ipa-server
Message-ID: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>

Need help restoring central sudo rights on ipa server.


How I broke it!!!: I decided to take advantage of the centralized automount feature with a custom location for a couple mounts. When I ran the ipa-client-automount --location=server_mounts it appeared to install correctly but that didn't appear not to work so my plan was to manually setup the automount since it is only one machine. So of course I ran the ipa-client-automount --uninstall on the ipa server and thats when I lost the sudo rights on the ipa server: superuser not in the sudoers file, this incident will be reported.


I have repeated this steps with the same results:

Initially sudo works for superuser

And after ipa-client-automount --location=server_mounts (on the ipa-server)

sudo still works

but after, ipa-client-automount --uninstall

no sudo for superuser on the ipa server but the superuser still has sudo privilages on the clients????


background/versions:

My setup is all CentOS 7.2 machines with one ipa server and the rest are clients all using ipa version 4.2.0.

I had no issues using the ipa-client-automount on all my clients to configure network homes and shares as well as setting up a superuser with central sudo powers before this happened.


1.) Don't be too harsh if it is a BIG NO-NO to run the ipa-client-automount command on the ipa-server

2.) Not sure what logs or config files i need to post.


Thanks in advance!

-mark





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160826/41f6c4ea/attachment.htm>

From pbrezina at redhat.com  Fri Aug 26 09:34:20 2016
From: pbrezina at redhat.com (=?UTF-8?B?UGF2ZWwgQsWZZXppbmE=?=)
Date: Fri, 26 Aug 2016 11:34:20 +0200
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6GBJwQP2nut-=MfgOozfb7i2iF=eFtdBu3_TUuwMiqdxg@mail.gmail.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
	<CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
	<4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
	<CA+No-6GBJwQP2nut-=MfgOozfb7i2iF=eFtdBu3_TUuwMiqdxg@mail.gmail.com>
Message-ID: <57C00D1C.8080806@redhat.com>

On 08/25/2016 08:01 PM, Jeff Goddard wrote:
> I'm still hoping someone can offer additional help. I see in the apt
> term.log these errors when downloading the freeipa-client package. Could
> this be the problem?

Hi,
I'm sorry, I somehow overlooked this thread. Can you provide output of 
ipa sudorule-show please?

Thank you.




From pvoborni at redhat.com  Fri Aug 26 11:36:01 2016
From: pvoborni at redhat.com (Petr Vobornik)
Date: Fri, 26 Aug 2016 13:36:01 +0200
Subject: [Freeipa-users] The 3rd party cert for IPA Web GUI
In-Reply-To: <BN6PR12MB1169387DBD13307DBD4B3928C8EB0@BN6PR12MB1169.namprd12.prod.outlook.com>
References: <BN6PR12MB1169387DBD13307DBD4B3928C8EB0@BN6PR12MB1169.namprd12.prod.outlook.com>
Message-ID: <5d1c72f3-b998-92b3-abeb-274c212da465@redhat.com>

On 08/23/2016 10:25 PM, Z D wrote:
> Hi there, is it possible to have a cert (say from VeriSign) for a IPA host and 
> use it for httpd (Web GUI), without breaking anything else? I've acquired one 
> and added it to nssdb (/etc/httpd/alias).
> 
> 
> # certutil -L -d /etc/httpd/alias
> Certificate Nickname                                         Trust Attributes
>                                                               SSL,S/MIME,JAR/XPI
> ipaCert                                                      u,u,u
> Server-Cert                                                  u,u,u
> COMP.COM IPA CA                                         CT,C,C
> Signing-Cert                                                 u,u,u
> CA-LDAP01-CHAINED                                            u,u,u
> Comp SSL CA - G2 - VeriSign, Inc.                          ,,
> 
> 
> It's now used in /etc/httpd/conf.d/nss.conf and the cert looks good via a 
> browser. But it's breaking something, since I see this:
> 
> # ipa user-show admin
> ipa: ERROR: cert validation failed for 
> "CN=ca-ldap01.comp.com,OU=Corp,O=Corporation,L=City,ST=California,C=US" 
> ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not 
> trusted by the user.)
> ipa: ERROR: cannot connect to 'https://ca-ldap01.comp.com/ipa/json': 
> (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not 
> trusted by the user.
> 
> 
> Adding this cert to /etc/dirsrv/slapd-CORP-COM/ nssdb didn't resolve the issue. 
> Thanks for any advice.
> 
> Zarko
> 
> 
> 

The recommended procedure is to use ipa-server-certinall utility:
  https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP

But in recent versions of Fedora and RHEL it still suffers from
https://bugzilla.redhat.com/show_bug.cgi?id=1360813 The bugzilla nicely
outlines the necessary manual workarounds.



-- 
Petr Vobornik



From jgoddard at emerlyn.com  Fri Aug 26 12:15:13 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 26 Aug 2016 08:15:13 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <57C00D1C.8080806@redhat.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<5f034203-e3fb-882a-9518-d88b81f7516e@redhat.com>
	<CA+No-6FcoWcpbep6uOjfHy_O00VQZJM-0AyEihOz9NvQkfUyQA@mail.gmail.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
	<CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
	<4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
	<CA+No-6GBJwQP2nut-=MfgOozfb7i2iF=eFtdBu3_TUuwMiqdxg@mail.gmail.com>
	<57C00D1C.8080806@redhat.com>
Message-ID: <CA+No-6EXtKUuNGJq27qhmKZwAEDoSn-y0yYBZNwCc1y1WvdPnw@mail.gmail.com>

Pavel,

I appreciate that you're busy and thank you for taking time to look at
this. Here is the output:

[root at id-management-1 ~]# ipa sudorule-show
Rule name: all
  Rule name: All
  Description: Full sudo access for Developer group in office environment
  Enabled: TRUE
  Command category: all
  RunAs User category: all
  RunAs Group category: all
  User Groups: developers
  Host Groups: office
[root at id-management-1 ~]#



On Fri, Aug 26, 2016 at 5:34 AM, Pavel B?ezina <pbrezina at redhat.com> wrote:

> On 08/25/2016 08:01 PM, Jeff Goddard wrote:
>
>> I'm still hoping someone can offer additional help. I see in the apt
>> term.log these errors when downloading the freeipa-client package. Could
>> this be the problem?
>>
>
> Hi,
> I'm sorry, I somehow overlooked this thread. Can you provide output of ipa
> sudorule-show please?
>
> Thank you.
>
>
>


Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160826/353b43dc/attachment.htm>

From william.muriithi at gmail.com  Fri Aug 26 12:39:05 2016
From: william.muriithi at gmail.com (William Muriithi)
Date: Fri, 26 Aug 2016 08:39:05 -0400
Subject: [Freeipa-users] nfsidmap oddity
Message-ID: <CAE9rU+72LQ3nwPKuWL9gSZY9x_V=K66nR9hurhRbNerOuBbUNA@mail.gmail.com>

Morning

I have been struggling with nfsidmap issue for a couple of days and
wouldn't mind a fresh eyes.

Essentially, I have a FreeIPA that has a trust relationship with AD.
The AD is on domain example-corp.example.com while FreeIPA manages
eng.example.com.  The problem is, when I login using AD account, the
nfsidmap seem to think I am on the FreeIPA account.  I have changed
the idnapd.conf to use AD domain but that doesn't help.

vi /etc/idmapd.conf

Domain = example-corp.example.com



[william at cacti ~]$ ssh 'william at example-corp'@platinum.eng.example.com

william at example-corp@platinum.eng.example.com's password:

Last login: Tue Aug 23 11:45:33 2016 from 192.168.20.28

[william at example-corp.example.com@platinum ~]$ env | grep USER

USER=william at example-corp.example.com

[william at example-corp.example.com@platinum ~]$ su

Password:

[root at platinum william]# tail /var/log/messages

Aug 26 08:18:13 platinum nfsidmap[17780]: nss_getpwnam: name
'root at eng.example.com' does not map into domain
'example-corp.example.com'

Aug 26 08:18:13 platinum nfsidmap[17784]: nss_getpwnam: name
'william at eng.example.com' does not map into domain
'example-corp.example.com'



From sbose at redhat.com  Fri Aug 26 12:55:30 2016
From: sbose at redhat.com (Sumit Bose)
Date: Fri, 26 Aug 2016 14:55:30 +0200
Subject: [Freeipa-users] nfsidmap oddity
In-Reply-To: <CAE9rU+72LQ3nwPKuWL9gSZY9x_V=K66nR9hurhRbNerOuBbUNA@mail.gmail.com>
References: <CAE9rU+72LQ3nwPKuWL9gSZY9x_V=K66nR9hurhRbNerOuBbUNA@mail.gmail.com>
Message-ID: <20160826125530.GB3265@p.Speedport_W_724V_Typ_A_05011603_00_009>

On Fri, Aug 26, 2016 at 08:39:05AM -0400, William Muriithi wrote:
> Morning
> 
> I have been struggling with nfsidmap issue for a couple of days and
> wouldn't mind a fresh eyes.
> 
> Essentially, I have a FreeIPA that has a trust relationship with AD.
> The AD is on domain example-corp.example.com while FreeIPA manages
> eng.example.com.  The problem is, when I login using AD account, the
> nfsidmap seem to think I am on the FreeIPA account.  I have changed
> the idnapd.conf to use AD domain but that doesn't help.
> 
> vi /etc/idmapd.conf
> 
> Domain = example-corp.example.com

Which translation method do you use? SSSD provides an own method which
should be more flexible than the default ones, see iman sss_rpcidmapd
for details.

HTH

bye,
Sumit

> 
> 
> 
> [william at cacti ~]$ ssh 'william at example-corp'@platinum.eng.example.com
> 
> william at example-corp@platinum.eng.example.com's password:
> 
> Last login: Tue Aug 23 11:45:33 2016 from 192.168.20.28
> 
> [william at example-corp.example.com@platinum ~]$ env | grep USER
> 
> USER=william at example-corp.example.com
> 
> [william at example-corp.example.com@platinum ~]$ su
> 
> Password:
> 
> [root at platinum william]# tail /var/log/messages
> 
> Aug 26 08:18:13 platinum nfsidmap[17780]: nss_getpwnam: name
> 'root at eng.example.com' does not map into domain
> 'example-corp.example.com'
> 
> Aug 26 08:18:13 platinum nfsidmap[17784]: nss_getpwnam: name
> 'william at eng.example.com' does not map into domain
> 'example-corp.example.com'
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From nharrington at i-neda.com  Fri Aug 26 15:25:18 2016
From: nharrington at i-neda.com (Neal Harrington | i-Neda Ltd)
Date: Fri, 26 Aug 2016 15:25:18 +0000
Subject: [Freeipa-users] Slow logins with multi site replication
In-Reply-To: <22d91c56-a1ed-4e0c-8e70-b7c92b24f3f1@redhat.com>
References: <mailman.18734.1470138748.3910.freeipa-users@redhat.com>
	<HE1PR0601MB21080891D356C0985B7668848DED0@HE1PR0601MB2108.eurprd06.prod.outlook.com>
	<20160825203048.pubqy2kbrhnoxkam@hendrix>,
	<22d91c56-a1ed-4e0c-8e70-b7c92b24f3f1@redhat.com>
Message-ID: <HE1PR0601MB210851218A6ABE7CD47A0A7D8DEC0@HE1PR0601MB2108.eurprd06.prod.outlook.com>

<SNIP>

> >> I have seen https://www.freeipa.org/page/V4/DNS_Location_Mechanism which looks good but is a proposal from 2013 with no indications that it has actually been developed. I was also very interested by https://www.freeipa.org/page/Howto/IPA_locations which would be perfect - except the "ipa location-add" commands do not seem to be recognised by my FreeIPA installs.
> >>
> >> Am I missing a better way to handle the case of multiple locations with clients in Location A being unable to authenticate against FreeIPA servers at location B?
> >>
> >> Any suggestions greatly appreciated.
> >>
> >> Thanks,
> >> Neal.
> >>
> >
> > Petr Spacek (CC) has been working lately in this area, but frankly I
> > don't know what the status is or what a recommendation for current
> > versions might be..
>
> Hello,
>
> Field "Target version: 4.4.0" on page
> https://www.freeipa.org/page/V4/DNS_Location_Mechanism<https://www.freeipa.org/page/V4/DNS_Location_Mechanism>
> is correct - the feature is implemented in FreeIPA 4.4.0.
>
> Please stay tuned until your distribution provides sufficiently new version of
> FreeIPA.
>
> Petr^2 Spacek

Thanks that is good news, particularly as FreeIPA 4.4 was to be included in RHEL 7.3 (https://bugzilla.redhat.com/show_bug.cgi?id=1292141) and RHEL 7.3 went into Beta yesterday (https://www.redhat.com/en/about/blog/red-hat-enterprise-linux-73-beta-now-available)

Thanks very much.

Neal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160826/5fc7e0bb/attachment.htm>

From rcritten at redhat.com  Fri Aug 26 15:35:32 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 26 Aug 2016 11:35:32 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
Message-ID: <57C061C4.2000604@redhat.com>

Mariusz Stolarczyk wrote:
> Need help restoring central sudo rights on ipa server.
>
>
> How I broke it!!!: I decided to take advantage of the centralized
> automount feature with a custom location for a couple mounts. When I ran
> the ipa-client-automount --location=server_mounts it appeared to install
> correctly but that didn't appear not to work so my plan was to manually
> setup the automount since it is only one machine. So of course I ran the
> ipa-client-automount --uninstall on the ipa server and thats when I lost
> the sudo rights on the ipa server: superuser not in the sudoers file,
> this incident will be reported.
>
>
> I have repeated this steps with the same results:
>
> Initially sudo works for superuser
>
> And after ipa-client-automount --location=server_mounts (on the ipa-server)
>
> sudo still works
>
> but after, ipa-client-automount --uninstall
>
> no sudo for superuser on the ipa server but the superuser still has sudo
> privilages on the clients????
>
>
> background/versions:
>
> My setup is all CentOS 7.2 machines with one ipa server and the rest are
> clients all using ipa version 4.2.0.
>
> I had no issues using the ipa-client-automount on all my clients to
> configure network homes and shares as well as setting up a superuser
> with central sudo powers before this happened.
>
>
> 1.) Don't be too harsh if it is a BIG NO-NO to run the
> ipa-client-automount command on the ipa-server
>
> 2.) Not sure what logs or config files i need to post.

I'd confirm that sssd is still configured to do sudo by looking for sss 
in the sudoers line in /etc/nssswitch.conf and ensure that sudo is an 
enabled service in /etc/sssd/sssd.conf, probably something like:

services = nss, sudo, pam, ssh

rob



From prasun.gera at gmail.com  Fri Aug 26 23:02:56 2016
From: prasun.gera at gmail.com (Prasun Gera)
Date: Fri, 26 Aug 2016 19:02:56 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <57C061C4.2000604@redhat.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
Message-ID: <CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>

ipa-client-automount --uninstall was(is?) a bit broken in that it tries to
revert back to an older configuration, but it can accidentally revert it to
a state before the ipa-client was installed (as opposed to the state where
automount was installed). Check your nssswitch.conf file and compare it to
other clients on which things work fine. You might notice differences.

On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden <rcritten at redhat.com>
wrote:

> Mariusz Stolarczyk wrote:
>
>> Need help restoring central sudo rights on ipa server.
>>
>>
>> How I broke it!!!: I decided to take advantage of the centralized
>> automount feature with a custom location for a couple mounts. When I ran
>> the ipa-client-automount --location=server_mounts it appeared to install
>> correctly but that didn't appear not to work so my plan was to manually
>> setup the automount since it is only one machine. So of course I ran the
>> ipa-client-automount --uninstall on the ipa server and thats when I lost
>> the sudo rights on the ipa server: superuser not in the sudoers file,
>> this incident will be reported.
>>
>>
>> I have repeated this steps with the same results:
>>
>> Initially sudo works for superuser
>>
>> And after ipa-client-automount --location=server_mounts (on the
>> ipa-server)
>>
>> sudo still works
>>
>> but after, ipa-client-automount --uninstall
>>
>> no sudo for superuser on the ipa server but the superuser still has sudo
>> privilages on the clients????
>>
>>
>> background/versions:
>>
>> My setup is all CentOS 7.2 machines with one ipa server and the rest are
>> clients all using ipa version 4.2.0.
>>
>> I had no issues using the ipa-client-automount on all my clients to
>> configure network homes and shares as well as setting up a superuser
>> with central sudo powers before this happened.
>>
>>
>> 1.) Don't be too harsh if it is a BIG NO-NO to run the
>> ipa-client-automount command on the ipa-server
>>
>> 2.) Not sure what logs or config files i need to post.
>>
>
> I'd confirm that sssd is still configured to do sudo by looking for sss in
> the sudoers line in /etc/nssswitch.conf and ensure that sudo is an enabled
> service in /etc/sssd/sssd.conf, probably something like:
>
> services = nss, sudo, pam, ssh
>
> rob
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160826/d69ec081/attachment.htm>

From zeusuofm at hotmail.com  Sat Aug 27 05:49:24 2016
From: zeusuofm at hotmail.com (Mariusz Stolarczyk)
Date: Sat, 27 Aug 2016 05:49:24 +0000
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>,
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
Message-ID: <BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>

The /etc/nsswitch.conf was the culprit. Fortunately there is a /etc/nsswitch.cof.bak and that did the trick.


Rob, your suspicion was correct the sudoers line was missing.


It actually looks like the ipa-client-automount --uninstall reverts the nsswitch.conf file to default pre-ipa values.


Still a bit curious that the ipa-client-automount --location=server_mounts did not take on the ipa-server. If there is a good reason for this behavior I would suggest that the ipa-client-automount command would not even start it it was executed on the ipa server.


thanks everyone!

ms

________________________________
From: Prasun Gera <prasun.gera at gmail.com>
Sent: Friday, August 26, 2016 4:02 PM
To: Rob Crittenden
Cc: m s; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] ipa-client-automount --uninstall breaks central sudo on ipa-server

ipa-client-automount --uninstall was(is?) a bit broken in that it tries to revert back to an older configuration, but it can accidentally revert it to a state before the ipa-client was installed (as opposed to the state where automount was installed). Check your nssswitch.conf file and compare it to other clients on which things work fine. You might notice differences.

On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden <rcritten at redhat.com<mailto:rcritten at redhat.com>> wrote:
m s wrote:
Need help restoring central sudo rights on ipa server.


How I broke it!!!: I decided to take advantage of the centralized
automount feature with a custom location for a couple mounts. When I ran
the ipa-client-automount --location=server_mounts it appeared to install
correctly but that didn't appear not to work so my plan was to manually
setup the automount since it is only one machine. So of course I ran the
ipa-client-automount --uninstall on the ipa server and thats when I lost
the sudo rights on the ipa server: superuser not in the sudoers file,
this incident will be reported.


I have repeated this steps with the same results:

Initially sudo works for superuser

And after ipa-client-automount --location=server_mounts (on the ipa-server)

sudo still works

but after, ipa-client-automount --uninstall

no sudo for superuser on the ipa server but the superuser still has sudo
privilages on the clients????


background/versions:

My setup is all CentOS 7.2 machines with one ipa server and the rest are
clients all using ipa version 4.2.0.

I had no issues using the ipa-client-automount on all my clients to
configure network homes and shares as well as setting up a superuser
with central sudo powers before this happened.


1.) Don't be too harsh if it is a BIG NO-NO to run the
ipa-client-automount command on the ipa-server

2.) Not sure what logs or config files i need to post.

I'd confirm that sssd is still configured to do sudo by looking for sss in the sudoers line in /etc/nssswitch.conf and ensure that sudo is an enabled service in /etc/sssd/sssd.conf, probably something like:

services = nss, sudo, pam, ssh

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160827/f0805dec/attachment.htm>

From prasun.gera at gmail.com  Sat Aug 27 15:29:58 2016
From: prasun.gera at gmail.com (Prasun Gera)
Date: Sat, 27 Aug 2016 11:29:58 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
	<BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
Message-ID: <CAFLz+BkqcCK5gjmMrHfqodnHTQ5JWDJ9JZHGR67f7Q+M5u4eHg@mail.gmail.com>

I had created a bug for this
https://bugzilla.redhat.com/show_bug.cgi?id=1276153, and there was an
existing bug report too (https://bugzilla.redhat.com/show_bug.cgi?id=1141799),
but that's been marked as wontfix. Since this trips multiple people, I
would like to propose reopening it.

On Sat, Aug 27, 2016 at 1:49 AM, Mariusz Stolarczyk <zeusuofm at hotmail.com>
wrote:

> The /etc/nsswitch.conf was the culprit. Fortunately there is a
> /etc/nsswitch.cof.bak and that did the trick.
>
>
> Rob, your suspicion was correct the sudoers line was missing.
>
>
> It actually looks like the ipa-client-automount --uninstall reverts the
> nsswitch.conf file to default pre-ipa values.
>
>
> Still a bit curious that the ipa-client-automount --location=server_mounts
> did not take on the ipa-server. If there is a good reason for this behavior
> I would suggest that the ipa-client-automount command would not even
> start it it was executed on the ipa server.
>
>
> thanks everyone!
> ms
>
> ------------------------------
> *From:* Prasun Gera <prasun.gera at gmail.com>
> *Sent:* Friday, August 26, 2016 4:02 PM
> *To:* Rob Crittenden
> *Cc:* m s; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] ipa-client-automount --uninstall breaks
> central sudo on ipa-server
>
> ipa-client-automount --uninstall was(is?) a bit broken in that it tries to
> revert back to an older configuration, but it can accidentally revert it to
> a state before the ipa-client was installed (as opposed to the state where
> automount was installed). Check your nssswitch.conf file and compare it to
> other clients on which things work fine. You might notice differences.
>
> On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> m s wrote:
>>
>>> Need help restoring central sudo rights on ipa server.
>>>
>>>
>>> How I broke it!!!: I decided to take advantage of the centralized
>>> automount feature with a custom location for a couple mounts. When I ran
>>> the ipa-client-automount --location=server_mounts it appeared to install
>>> correctly but that didn't appear not to work so my plan was to manually
>>> setup the automount since it is only one machine. So of course I ran the
>>> ipa-client-automount --uninstall on the ipa server and thats when I lost
>>> the sudo rights on the ipa server: superuser not in the sudoers file,
>>> this incident will be reported.
>>>
>>>
>>> I have repeated this steps with the same results:
>>>
>>> Initially sudo works for superuser
>>>
>>> And after ipa-client-automount --location=server_mounts (on the
>>> ipa-server)
>>>
>>> sudo still works
>>>
>>> but after, ipa-client-automount --uninstall
>>>
>>> no sudo for superuser on the ipa server but the superuser still has sudo
>>> privilages on the clients????
>>>
>>>
>>> background/versions:
>>>
>>> My setup is all CentOS 7.2 machines with one ipa server and the rest are
>>> clients all using ipa version 4.2.0.
>>>
>>> I had no issues using the ipa-client-automount on all my clients to
>>> configure network homes and shares as well as setting up a superuser
>>> with central sudo powers before this happened.
>>>
>>>
>>> 1.) Don't be too harsh if it is a BIG NO-NO to run the
>>> ipa-client-automount command on the ipa-server
>>>
>>> 2.) Not sure what logs or config files i need to post.
>>>
>>
>> I'd confirm that sssd is still configured to do sudo by looking for sss
>> in the sudoers line in /etc/nssswitch.conf and ensure that sudo is an
>> enabled service in /etc/sssd/sssd.conf, probably something like:
>>
>> services = nss, sudo, pam, ssh
>>
>> rob
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160827/2f64071e/attachment.htm>

From rcritten at redhat.com  Sat Aug 27 19:45:06 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Sat, 27 Aug 2016 15:45:06 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
	<BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
Message-ID: <57C1EDC2.30808@redhat.com>

Mariusz Stolarczyk wrote:
> The /etc/nsswitch.conf was the culprit. Fortunately there is a
> /etc/nsswitch.cof.bak and that did the trick.
>
>
> Rob, your suspicion was correct the sudoers line was missing.
>
>
> It actually looks like the ipa-client-automount --uninstall reverts the
> nsswitch.conf file to default pre-ipa values.
>
>
> Still a bit curious that the ipa-client-automount
> --location=server_mounts did not take on the ipa-server. If there is a
> good reason for this behavior I would suggest that the
> ipa-client-automount command would not even start it it was executed on
> the ipa server.

I don't understand this paragraph at all. What does "did not take" mean? 
What do you mean by the command doesn't start?

rob

>
>
> thanks everyone!
>
> ms
>
> ------------------------------------------------------------------------
> *From:* Prasun Gera <prasun.gera at gmail.com>
> *Sent:* Friday, August 26, 2016 4:02 PM
> *To:* Rob Crittenden
> *Cc:* m s; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] ipa-client-automount --uninstall breaks
> central sudo on ipa-server
> ipa-client-automount --uninstall was(is?) a bit broken in that it tries
> to revert back to an older configuration, but it can accidentally revert
> it to a state before the ipa-client was installed (as opposed to the
> state where automount was installed). Check your nssswitch.conf file and
> compare it to other clients on which things work fine. You might notice
> differences.
>
> On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     m s wrote:
>
>         Need help restoring central sudo rights on ipa server.
>
>
>         How I broke it!!!: I decided to take advantage of the centralized
>         automount feature with a custom location for a couple mounts.
>         When I ran
>         the ipa-client-automount --location=server_mounts it appeared to
>         install
>         correctly but that didn't appear not to work so my plan was to
>         manually
>         setup the automount since it is only one machine. So of course I
>         ran the
>         ipa-client-automount --uninstall on the ipa server and thats
>         when I lost
>         the sudo rights on the ipa server: superuser not in the sudoers
>         file,
>         this incident will be reported.
>
>
>         I have repeated this steps with the same results:
>
>         Initially sudo works for superuser
>
>         And after ipa-client-automount --location=server_mounts (on the
>         ipa-server)
>
>         sudo still works
>
>         but after, ipa-client-automount --uninstall
>
>         no sudo for superuser on the ipa server but the superuser still
>         has sudo
>         privilages on the clients????
>
>
>         background/versions:
>
>         My setup is all CentOS 7.2 machines with one ipa server and the
>         rest are
>         clients all using ipa version 4.2.0.
>
>         I had no issues using the ipa-client-automount on all my clients to
>         configure network homes and shares as well as setting up a superuser
>         with central sudo powers before this happened.
>
>
>         1.) Don't be too harsh if it is a BIG NO-NO to run the
>         ipa-client-automount command on the ipa-server
>
>         2.) Not sure what logs or config files i need to post.
>
>
>     I'd confirm that sssd is still configured to do sudo by looking for
>     sss in the sudoers line in /etc/nssswitch.conf and ensure that sudo
>     is an enabled service in /etc/sssd/sssd.conf, probably something like:
>
>     services = nss, sudo, pam, ssh
>
>     rob
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
>
>



From rcritten at redhat.com  Sat Aug 27 19:49:49 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Sat, 27 Aug 2016 15:49:49 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <CAFLz+BkqcCK5gjmMrHfqodnHTQ5JWDJ9JZHGR67f7Q+M5u4eHg@mail.gmail.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
	<BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<CAFLz+BkqcCK5gjmMrHfqodnHTQ5JWDJ9JZHGR67f7Q+M5u4eHg@mail.gmail.com>
Message-ID: <57C1EEDD.8040508@redhat.com>

Prasun Gera wrote:
> I had created a bug for this
> https://bugzilla.redhat.com/show_bug.cgi?id=1276153, and there was an
> existing bug report too
> (https://bugzilla.redhat.com/show_bug.cgi?id=1141799), but that's been
> marked as wontfix. Since this trips multiple people, I would like to
> propose reopening it.

The upstream ticket is still open, 
https://fedorahosted.org/freeipa/ticket/4543 , it just really hasn't 
seemed to affect that many people which is why it is being considered a 
low priority to fix.

In retrospect saving a copy of nsswitch.conf is a bit overkill. It 
really just needs to save and restore the automount entry in 
/etc/nsswitch.conf, not the whole file.

rob

>
> On Sat, Aug 27, 2016 at 1:49 AM, Mariusz Stolarczyk
> <zeusuofm at hotmail.com <mailto:zeusuofm at hotmail.com>> wrote:
>
>     The /etc/nsswitch.conf was the culprit. Fortunately there is a
>     /etc/nsswitch.cof.bak and that did the trick.
>
>
>     Rob, your suspicion was correct the sudoers line was missing.
>
>
>     It actually looks like the ipa-client-automount --uninstall reverts
>     the nsswitch.conf file to default pre-ipa values.
>
>
>     Still a bit curious that the ipa-client-automount
>     --location=server_mounts did not take on the ipa-server. If there is
>     a good reason for this behavior I would suggest that the
>     ipa-client-automount command would not even start it it was
>     executed on the ipa server.
>
>
>     thanks everyone!
>
>     ms
>
>     ------------------------------------------------------------------------
>     *From:* Prasun Gera <prasun.gera at gmail.com
>     <mailto:prasun.gera at gmail.com>>
>     *Sent:* Friday, August 26, 2016 4:02 PM
>     *To:* Rob Crittenden
>     *Cc:* m s; freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>     *Subject:* Re: [Freeipa-users] ipa-client-automount --uninstall
>     breaks central sudo on ipa-server
>     ipa-client-automount --uninstall was(is?) a bit broken in that it
>     tries to revert back to an older configuration, but it can
>     accidentally revert it to a state before the ipa-client was
>     installed (as opposed to the state where automount was installed).
>     Check your nssswitch.conf file and compare it to other clients on
>     which things work fine. You might notice differences.
>
>     On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden
>     <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
>
>         m s wrote:
>
>             Need help restoring central sudo rights on ipa server.
>
>
>             How I broke it!!!: I decided to take advantage of the
>             centralized
>             automount feature with a custom location for a couple
>             mounts. When I ran
>             the ipa-client-automount --location=server_mounts it
>             appeared to install
>             correctly but that didn't appear not to work so my plan was
>             to manually
>             setup the automount since it is only one machine. So of
>             course I ran the
>             ipa-client-automount --uninstall on the ipa server and thats
>             when I lost
>             the sudo rights on the ipa server: superuser not in the
>             sudoers file,
>             this incident will be reported.
>
>
>             I have repeated this steps with the same results:
>
>             Initially sudo works for superuser
>
>             And after ipa-client-automount --location=server_mounts (on
>             the ipa-server)
>
>             sudo still works
>
>             but after, ipa-client-automount --uninstall
>
>             no sudo for superuser on the ipa server but the superuser
>             still has sudo
>             privilages on the clients????
>
>
>             background/versions:
>
>             My setup is all CentOS 7.2 machines with one ipa server and
>             the rest are
>             clients all using ipa version 4.2.0.
>
>             I had no issues using the ipa-client-automount on all my
>             clients to
>             configure network homes and shares as well as setting up a
>             superuser
>             with central sudo powers before this happened.
>
>
>             1.) Don't be too harsh if it is a BIG NO-NO to run the
>             ipa-client-automount command on the ipa-server
>
>             2.) Not sure what logs or config files i need to post.
>
>
>         I'd confirm that sssd is still configured to do sudo by looking
>         for sss in the sudoers line in /etc/nssswitch.conf and ensure
>         that sudo is an enabled service in /etc/sssd/sssd.conf, probably
>         something like:
>
>         services = nss, sudo, pam, ssh
>
>         rob
>
>         --
>         Manage your subscription for the Freeipa-users mailing list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>         Go to http://freeipa.org for more info on the project
>
>
>



From zeusuofm at hotmail.com  Sun Aug 28 04:50:34 2016
From: zeusuofm at hotmail.com (Mariusz Stolarczyk)
Date: Sun, 28 Aug 2016 04:50:34 +0000
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <57C1EDC2.30808@redhat.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
	<BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>,
	<57C1EDC2.30808@redhat.com>
Message-ID: <BN3PR13MB085231740CD5FF8F34C5DE9FC7EE0@BN3PR13MB0852.namprd13.prod.outlook.com>

Sorry Rob for not being clear.


I created a special location with a couple of mounts with the webGUI and then applied the command: ipa-client-automount --location=server_mounts on the ipa server. Then I checked the server and the automounts were not available. I had no problems using the command (with a different set of mounts i.e. location) for all the clients. But to be honest I didn't spend too much time trying to fix it before applying the --uninstall which broke global sudo. The command says explicitly "ipa-client"-automount and I was applying it to the server so maybe it is not the intent to be run the ipa server. I can give it another try with a virtual set up in a couple of days to confirm that.


-ms


________________________________
From: Rob Crittenden <rcritten at redhat.com>
Sent: Saturday, August 27, 2016 12:45:06 PM
To: Mariusz Stolarczyk; Prasun Gera
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] ipa-client-automount --uninstall breaks central sudo on ipa-server

Mariusz Stolarczyk wrote:
> The /etc/nsswitch.conf was the culprit. Fortunately there is a
> /etc/nsswitch.cof.bak and that did the trick.
>
>
> Rob, your suspicion was correct the sudoers line was missing.
>
>
> It actually looks like the ipa-client-automount --uninstall reverts the
> nsswitch.conf file to default pre-ipa values.
>
>
> Still a bit curious that the ipa-client-automount
> --location=server_mounts did not take on the ipa-server. If there is a
> good reason for this behavior I would suggest that the
> ipa-client-automount command would not even start it it was executed on
> the ipa server.

I don't understand this paragraph at all. What does "did not take" mean?
What do you mean by the command doesn't start?

rob

>
>
> thanks everyone!
>
> ms
>
> ------------------------------------------------------------------------
> *From:* Prasun Gera <prasun.gera at gmail.com>
> *Sent:* Friday, August 26, 2016 4:02 PM
> *To:* Rob Crittenden
> *Cc:* m s; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] ipa-client-automount --uninstall breaks
> central sudo on ipa-server
> ipa-client-automount --uninstall was(is?) a bit broken in that it tries
> to revert back to an older configuration, but it can accidentally revert
> it to a state before the ipa-client was installed (as opposed to the
> state where automount was installed). Check your nssswitch.conf file and
> compare it to other clients on which things work fine. You might notice
> differences.
>
> On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     m s wrote:
>
>         Need help restoring central sudo rights on ipa server.
>
>
>         How I broke it!!!: I decided to take advantage of the centralized
>         automount feature with a custom location for a couple mounts.
>         When I ran
>         the ipa-client-automount --location=server_mounts it appeared to
>         install
>         correctly but that didn't appear not to work so my plan was to
>         manually
>         setup the automount since it is only one machine. So of course I
>         ran the
>         ipa-client-automount --uninstall on the ipa server and thats
>         when I lost
>         the sudo rights on the ipa server: superuser not in the sudoers
>         file,
>         this incident will be reported.
>
>
>         I have repeated this steps with the same results:
>
>         Initially sudo works for superuser
>
>         And after ipa-client-automount --location=server_mounts (on the
>         ipa-server)
>
>         sudo still works
>
>         but after, ipa-client-automount --uninstall
>
>         no sudo for superuser on the ipa server but the superuser still
>         has sudo
>         privilages on the clients????
>
>
>         background/versions:
>
>         My setup is all CentOS 7.2 machines with one ipa server and the
>         rest are
>         clients all using ipa version 4.2.0.
>
>         I had no issues using the ipa-client-automount on all my clients to
>         configure network homes and shares as well as setting up a superuser
>         with central sudo powers before this happened.
>
>
>         1.) Don't be too harsh if it is a BIG NO-NO to run the
>         ipa-client-automount command on the ipa-server
>
>         2.) Not sure what logs or config files i need to post.
>
>
>     I'd confirm that sssd is still configured to do sudo by looking for
>     sss in the sudoers line in /etc/nssswitch.conf and ensure that sudo
>     is an enabled service in /etc/sssd/sssd.conf, probably something like:
>
>     services = nss, sudo, pam, ssh
>
>     rob
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160828/c1441e94/attachment.htm>

From prasun.gera at gmail.com  Sun Aug 28 06:31:07 2016
From: prasun.gera at gmail.com (Prasun Gera)
Date: Sun, 28 Aug 2016 02:31:07 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <57C1EEDD.8040508@redhat.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
	<BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<CAFLz+BkqcCK5gjmMrHfqodnHTQ5JWDJ9JZHGR67f7Q+M5u4eHg@mail.gmail.com>
	<57C1EEDD.8040508@redhat.com>
Message-ID: <CAFLz+B=tR4dLuaEefBKS59bzrt5eL5zUdXr7SLHBtap-u-2wbQ@mail.gmail.com>

>
> In retrospect saving a copy of nsswitch.conf is a bit overkill. It really
> just needs to save and restore the automount entry in /etc/nsswitch.conf,
> not the whole file.
>
>
I think it should also remove the sssd configuration in addition to
removing it from nssswitch. i.e. Uninstalling the automount should bring
sssd to a clean state as well.


> rob
>
>
>> On Sat, Aug 27, 2016 at 1:49 AM, Mariusz Stolarczyk
>> <zeusuofm at hotmail.com <mailto:zeusuofm at hotmail.com>> wrote:
>>
>>     The /etc/nsswitch.conf was the culprit. Fortunately there is a
>>     /etc/nsswitch.cof.bak and that did the trick.
>>
>>
>>     Rob, your suspicion was correct the sudoers line was missing.
>>
>>
>>     It actually looks like the ipa-client-automount --uninstall reverts
>>     the nsswitch.conf file to default pre-ipa values.
>>
>>
>>     Still a bit curious that the ipa-client-automount
>>     --location=server_mounts did not take on the ipa-server. If there is
>>     a good reason for this behavior I would suggest that the
>>     ipa-client-automount command would not even start it it was
>>     executed on the ipa server.
>>
>>
>>     thanks everyone!
>>
>>     ms
>>
>>     ------------------------------------------------------------
>> ------------
>>     *From:* Prasun Gera <prasun.gera at gmail.com
>>     <mailto:prasun.gera at gmail.com>>
>>     *Sent:* Friday, August 26, 2016 4:02 PM
>>     *To:* Rob Crittenden
>>     *Cc:* m s; freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>>     *Subject:* Re: [Freeipa-users] ipa-client-automount --uninstall
>>     breaks central sudo on ipa-server
>>     ipa-client-automount --uninstall was(is?) a bit broken in that it
>>     tries to revert back to an older configuration, but it can
>>     accidentally revert it to a state before the ipa-client was
>>     installed (as opposed to the state where automount was installed).
>>     Check your nssswitch.conf file and compare it to other clients on
>>     which things work fine. You might notice differences.
>>
>>     On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden
>>     <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
>>
>>         m s wrote:
>>
>>             Need help restoring central sudo rights on ipa server.
>>
>>
>>             How I broke it!!!: I decided to take advantage of the
>>             centralized
>>             automount feature with a custom location for a couple
>>             mounts. When I ran
>>             the ipa-client-automount --location=server_mounts it
>>             appeared to install
>>             correctly but that didn't appear not to work so my plan was
>>             to manually
>>             setup the automount since it is only one machine. So of
>>             course I ran the
>>             ipa-client-automount --uninstall on the ipa server and thats
>>             when I lost
>>             the sudo rights on the ipa server: superuser not in the
>>             sudoers file,
>>             this incident will be reported.
>>
>>
>>             I have repeated this steps with the same results:
>>
>>             Initially sudo works for superuser
>>
>>             And after ipa-client-automount --location=server_mounts (on
>>             the ipa-server)
>>
>>             sudo still works
>>
>>             but after, ipa-client-automount --uninstall
>>
>>             no sudo for superuser on the ipa server but the superuser
>>             still has sudo
>>             privilages on the clients????
>>
>>
>>             background/versions:
>>
>>             My setup is all CentOS 7.2 machines with one ipa server and
>>             the rest are
>>             clients all using ipa version 4.2.0.
>>
>>             I had no issues using the ipa-client-automount on all my
>>             clients to
>>             configure network homes and shares as well as setting up a
>>             superuser
>>             with central sudo powers before this happened.
>>
>>
>>             1.) Don't be too harsh if it is a BIG NO-NO to run the
>>             ipa-client-automount command on the ipa-server
>>
>>             2.) Not sure what logs or config files i need to post.
>>
>>
>>         I'd confirm that sssd is still configured to do sudo by looking
>>         for sss in the sudoers line in /etc/nssswitch.conf and ensure
>>         that sudo is an enabled service in /etc/sssd/sssd.conf, probably
>>         something like:
>>
>>         services = nss, sudo, pam, ssh
>>
>>         rob
>>
>>         --
>>         Manage your subscription for the Freeipa-users mailing list:
>>         https://www.redhat.com/mailman/listinfo/freeipa-users
>>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>>         Go to http://freeipa.org for more info on the project
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160828/43d933c4/attachment.htm>

From kashmancy at gmail.com  Sun Aug 28 07:29:08 2016
From: kashmancy at gmail.com (Harry Kashouli)
Date: Sun, 28 Aug 2016 00:29:08 -0700
Subject: [Freeipa-users] LDAP only seems to allow anonymous access
Message-ID: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>

Hi all,

I can only seem to connect clients to my FreeIPA's LDAP if I use the
following:
 - Simple authentication
 - Anonymous login

If I try to log in using any user credentials, it will not work. Are both
GSS-API and named logins not allowed by default?

Thanks,
-Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160828/26fb57c1/attachment.htm>

From rcritten at redhat.com  Sun Aug 28 15:01:02 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Sun, 28 Aug 2016 11:01:02 -0400
Subject: [Freeipa-users] LDAP only seems to allow anonymous access
In-Reply-To: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>
References: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>
Message-ID: <57C2FCAE.8050708@redhat.com>

Harry Kashouli wrote:
> Hi all,
>
> I can only seem to connect clients to my FreeIPA's LDAP if I use the
> following:
>   - Simple authentication
>   - Anonymous login
>
> If I try to log in using any user credentials, it will not work. Are
> both GSS-API and named logins not allowed by default?

Not sure what you mean by named logins but GSSAPI should work fine:

$ kinit test
$ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=test
...

What error(s) are you seeing?

rob



From rcritten at redhat.com  Sun Aug 28 15:02:13 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Sun, 28 Aug 2016 11:02:13 -0400
Subject: [Freeipa-users] ipa-client-automount --uninstall breaks central
 sudo on ipa-server
In-Reply-To: <CAFLz+B=tR4dLuaEefBKS59bzrt5eL5zUdXr7SLHBtap-u-2wbQ@mail.gmail.com>
References: <BN3PR13MB08529F0529859A93639EE342C7EC0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<57C061C4.2000604@redhat.com>
	<CAFLz+Bmk-_VDkuGDTCUKGhe6Asw47+2p+gCdZgkmShJt8aoO-A@mail.gmail.com>
	<BN3PR13MB0852A14FD3AA946B0FDF6B4DC7EF0@BN3PR13MB0852.namprd13.prod.outlook.com>
	<CAFLz+BkqcCK5gjmMrHfqodnHTQ5JWDJ9JZHGR67f7Q+M5u4eHg@mail.gmail.com>
	<57C1EEDD.8040508@redhat.com>
	<CAFLz+B=tR4dLuaEefBKS59bzrt5eL5zUdXr7SLHBtap-u-2wbQ@mail.gmail.com>
Message-ID: <57C2FCF5.4070106@redhat.com>

Prasun Gera wrote:
>     In retrospect saving a copy of nsswitch.conf is a bit overkill. It
>     really just needs to save and restore the automount entry in
>     /etc/nsswitch.conf, not the whole file.

AFAIR this is already done appropriately in sssd.conf. The service is 
removed, no files are restored.

rob

>
>
> I think it should also remove the sssd configuration in addition to
> removing it from nssswitch. i.e. Uninstalling the automount should bring
> sssd to a clean state as well.
>
>     rob
>
>
>         On Sat, Aug 27, 2016 at 1:49 AM, Mariusz Stolarczyk
>         <zeusuofm at hotmail.com <mailto:zeusuofm at hotmail.com>
>         <mailto:zeusuofm at hotmail.com <mailto:zeusuofm at hotmail.com>>> wrote:
>
>              The /etc/nsswitch.conf was the culprit. Fortunately there is a
>              /etc/nsswitch.cof.bak and that did the trick.
>
>
>              Rob, your suspicion was correct the sudoers line was missing.
>
>
>              It actually looks like the ipa-client-automount --uninstall
>         reverts
>              the nsswitch.conf file to default pre-ipa values.
>
>
>              Still a bit curious that the ipa-client-automount
>              --location=server_mounts did not take on the ipa-server. If
>         there is
>              a good reason for this behavior I would suggest that the
>              ipa-client-automount command would not even start it it was
>              executed on the ipa server.
>
>
>              thanks everyone!
>
>              ms
>
>
>         ------------------------------------------------------------------------
>              *From:* Prasun Gera <prasun.gera at gmail.com
>         <mailto:prasun.gera at gmail.com>
>              <mailto:prasun.gera at gmail.com <mailto:prasun.gera at gmail.com>>>
>              *Sent:* Friday, August 26, 2016 4:02 PM
>              *To:* Rob Crittenden
>              *Cc:* m s; freeipa-users at redhat.com
>         <mailto:freeipa-users at redhat.com>
>         <mailto:freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
>              *Subject:* Re: [Freeipa-users] ipa-client-automount --uninstall
>              breaks central sudo on ipa-server
>              ipa-client-automount --uninstall was(is?) a bit broken in
>         that it
>              tries to revert back to an older configuration, but it can
>              accidentally revert it to a state before the ipa-client was
>              installed (as opposed to the state where automount was
>         installed).
>              Check your nssswitch.conf file and compare it to other
>         clients on
>              which things work fine. You might notice differences.
>
>              On Fri, Aug 26, 2016 at 11:35 AM, Rob Crittenden
>              <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
>                  m s wrote:
>
>                      Need help restoring central sudo rights on ipa server.
>
>
>                      How I broke it!!!: I decided to take advantage of the
>                      centralized
>                      automount feature with a custom location for a couple
>                      mounts. When I ran
>                      the ipa-client-automount --location=server_mounts it
>                      appeared to install
>                      correctly but that didn't appear not to work so my
>         plan was
>                      to manually
>                      setup the automount since it is only one machine. So of
>                      course I ran the
>                      ipa-client-automount --uninstall on the ipa server
>         and thats
>                      when I lost
>                      the sudo rights on the ipa server: superuser not in the
>                      sudoers file,
>                      this incident will be reported.
>
>
>                      I have repeated this steps with the same results:
>
>                      Initially sudo works for superuser
>
>                      And after ipa-client-automount
>         --location=server_mounts (on
>                      the ipa-server)
>
>                      sudo still works
>
>                      but after, ipa-client-automount --uninstall
>
>                      no sudo for superuser on the ipa server but the
>         superuser
>                      still has sudo
>                      privilages on the clients????
>
>
>                      background/versions:
>
>                      My setup is all CentOS 7.2 machines with one ipa
>         server and
>                      the rest are
>                      clients all using ipa version 4.2.0.
>
>                      I had no issues using the ipa-client-automount on
>         all my
>                      clients to
>                      configure network homes and shares as well as
>         setting up a
>                      superuser
>                      with central sudo powers before this happened.
>
>
>                      1.) Don't be too harsh if it is a BIG NO-NO to run the
>                      ipa-client-automount command on the ipa-server
>
>                      2.) Not sure what logs or config files i need to post.
>
>
>                  I'd confirm that sssd is still configured to do sudo by
>         looking
>                  for sss in the sudoers line in /etc/nssswitch.conf and
>         ensure
>                  that sudo is an enabled service in /etc/sssd/sssd.conf,
>         probably
>                  something like:
>
>                  services = nss, sudo, pam, ssh
>
>                  rob
>
>                  --
>                  Manage your subscription for the Freeipa-users mailing
>         list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>                  <https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>                  Go to http://freeipa.org for more info on the project
>
>
>
>
>



From larry.rosen at JDRSolutions.com  Fri Aug 26 19:26:43 2016
From: larry.rosen at JDRSolutions.com (Larry Rosen)
Date: Fri, 26 Aug 2016 19:26:43 +0000
Subject: [Freeipa-users] Add user fails - automember: Default group for new
 users is not POSIX
Message-ID: <79B7CEE400C91A4C9FD8BF082D8226073E367107@JDRPDC.JDRSolutions.local>

I am trying to create a new automember rule to assign certain user classes into a default group using the web GUI, however it fails with the message

FreeIPA, version: 4.2.0

	IPA Error 4001: NotFound
	Default group for new users is not POSIX

But it (xfstest) IS a POSIX group and I've disabled UPG:

	[root at ipa-idm-01 ~]#  ipa-managed-entries -e "UPG Definition" status
	Plugin Disabled

What's up with this.  Why does nearly every operation I try in this server fail?  The Identity Manager Guide really sucks, it has few real world examples to go by.  Does the expression have to be an expression rather than a value?  Must I create an expression with some sort of pattern matching ( * . + etc.) like ^xfstest_class* ?

1) created a POSIX group
	Group name	xfstest
	Group Type	POSIX
	GID		1333300615

2) created automember user group rule
	Automember Rule	xfstest
	Inclusive
		Attrib		Expression
		userclass	xfstest_class

3) Attempt to add a new user
	login	autotest
	First name	auto
	Last name	test
	Class	xfstest_class
	No private group	unchecked



From larry.rosen at JDRSolutions.com  Fri Aug 26 19:47:06 2016
From: larry.rosen at JDRSolutions.com (Larry Rosen)
Date: Fri, 26 Aug 2016 19:47:06 +0000
Subject: [Freeipa-users] Add user fails - automember: Default group for new
 users is not POSIX
Message-ID: <79B7CEE400C91A4C9FD8BF082D8226073E367178@JDRPDC.JDRSolutions.local>

Never mind, I see this is a known bug in 4.2.x fixed in 4.3.1

When I am allowed to upgrade my servers I'll try again.  I guess the workaround is to use CLI with -gid (which kind of defeats the the purpose of the autogroup for me)

Thanks for listening to my rant!

Larry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160826/8c1d8f0a/attachment.htm>

From tjaalton at ubuntu.com  Mon Aug 29 07:34:04 2016
From: tjaalton at ubuntu.com (Timo Aaltonen)
Date: Mon, 29 Aug 2016 10:34:04 +0300
Subject: [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1
In-Reply-To: <57192380.4090400@ubuntu.com>
References: <57192380.4090400@ubuntu.com>
Message-ID: <ea17612a-fa54-8194-d8f4-de2a008df331@ubuntu.com>

On 21.04.2016 22:01, Timo Aaltonen wrote:
>
> ps. Debian unstable will have 4.3.1 once the package has gone through
> the NEW queue because the packaging got split in certain ways

No it did not, because the ftpmaster rejected the upload since it ships
with minified javascript which is not considered modifiable source code.
And the old version has now been removed from Debian because it was
unmaintainable.

So I hope #5639 will be resolved at some point. Note that Debian doesn't
require the javascript to be minified during package build, just that
the source would ship the unminified copy as well.

-- 
t



From kashmancy at gmail.com  Mon Aug 29 08:01:02 2016
From: kashmancy at gmail.com (Harry Kashouli)
Date: Mon, 29 Aug 2016 01:01:02 -0700
Subject: [Freeipa-users] LDAP only seems to allow anonymous access
In-Reply-To: <57C2FCAE.8050708@redhat.com>
References: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>
	<57C2FCAE.8050708@redhat.com>
Message-ID: <CAEYUZpf=Ec9iLg2nG34G3pK1DRndDao-2amAPeJ=Zrg3zgtzrg@mail.gmail.com>

This is the error I get:

ldapsearch -LLL GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:

-Harry

On 28 August 2016 at 08:01, Rob Crittenden <rcritten at redhat.com> wrote:

> Harry Kashouli wrote:
>
>> Hi all,
>>
>> I can only seem to connect clients to my FreeIPA's LDAP if I use the
>> following:
>>   - Simple authentication
>>   - Anonymous login
>>
>> If I try to log in using any user credentials, it will not work. Are
>> both GSS-API and named logins not allowed by default?
>>
>
> Not sure what you mean by named logins but GSSAPI should work fine:
>
> $ kinit test
> $ ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=test
> ...
>
> What error(s) are you seeing?
>
> rob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/aab12c58/attachment.htm>

From abokovoy at redhat.com  Mon Aug 29 08:13:35 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 29 Aug 2016 11:13:35 +0300
Subject: [Freeipa-users] LDAP only seems to allow anonymous access
In-Reply-To: <CAEYUZpf=Ec9iLg2nG34G3pK1DRndDao-2amAPeJ=Zrg3zgtzrg@mail.gmail.com>
References: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>
	<57C2FCAE.8050708@redhat.com>
	<CAEYUZpf=Ec9iLg2nG34G3pK1DRndDao-2amAPeJ=Zrg3zgtzrg@mail.gmail.com>
Message-ID: <20160829081335.2difayiya5maa6mt@redhat.com>

On Mon, 29 Aug 2016, Harry Kashouli wrote:
>This is the error I get:
>
>ldapsearch -LLL GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
>SASL/EXTERNAL authentication started
>ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>        additional info: SASL(-4): no mechanism available:
>
You are using wrong syntax. To specify SASL mechanism, you need to use
-Y option:

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=admin


-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Mon Aug 29 08:37:01 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 29 Aug 2016 11:37:01 +0300
Subject: [Freeipa-users] LDAP only seems to allow anonymous access
In-Reply-To: <CAEYUZpcs3JUhSuehXyAYF0NBW1JRjPpMku+diM=BwzU+Qq1xxA@mail.gmail.com>
References: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>
	<57C2FCAE.8050708@redhat.com>
	<CAEYUZpf=Ec9iLg2nG34G3pK1DRndDao-2amAPeJ=Zrg3zgtzrg@mail.gmail.com>
	<20160829081335.2difayiya5maa6mt@redhat.com>
	<CAEYUZpcs3JUhSuehXyAYF0NBW1JRjPpMku+diM=BwzU+Qq1xxA@mail.gmail.com>
Message-ID: <20160829083701.kq7pbrgl2kb37uov@redhat.com>

Don't answer directly, answer to the list.

On Mon, 29 Aug 2016, Harry Kashouli wrote:
>Gotcha, updated error below:
>
>$ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
>SASL/GSSAPI authentication started
>SASL username: admin at OUTLAND.ZSAZOULI.COM
>SASL SSF: 56
>SASL data security layer installed.
>No such object (32)
>
>I know the user exists, cause I see the admin (and my other users) in the
>FreeIPA web UI, and kinit gives me a valid ticket
Did you replace $REALM above with the correct value? E.g.

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=outland,dc=zsazouli,dc=com uid=admin

As you can see in the SASL output, the GSSAPI negotiation happened
successfully, the "No such object (32)" answer is LDAP return code which
is most likely due to wrong base used. If no object would exist, you'd
get empty successful result instead.

>
>-Harry
>
>On 29 August 2016 at 01:13, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>
>> On Mon, 29 Aug 2016, Harry Kashouli wrote:
>>
>>> This is the error I get:
>>>
>>> ldapsearch -LLL GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
>>> SASL/EXTERNAL authentication started
>>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>>        additional info: SASL(-4): no mechanism available:
>>>
>>> You are using wrong syntax. To specify SASL mechanism, you need to use
>> -Y option:
>>
>> ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
>>
>>
>> --
>> / Alexander Bokovoy
>>

-- 
/ Alexander Bokovoy



From kashmancy at gmail.com  Mon Aug 29 09:05:17 2016
From: kashmancy at gmail.com (Harry Kashouli)
Date: Mon, 29 Aug 2016 02:05:17 -0700
Subject: [Freeipa-users] LDAP only seems to allow anonymous access
In-Reply-To: <20160829085931.xzpwlntamfcfkn3y@redhat.com>
References: <CAEYUZpe-4VCAOKrha8Y-pKqjDcyU4JK8GSZCD2n-pMaw9wkuWg@mail.gmail.com>
	<57C2FCAE.8050708@redhat.com>
	<CAEYUZpf=Ec9iLg2nG34G3pK1DRndDao-2amAPeJ=Zrg3zgtzrg@mail.gmail.com>
	<20160829081335.2difayiya5maa6mt@redhat.com>
	<CAEYUZpcs3JUhSuehXyAYF0NBW1JRjPpMku+diM=BwzU+Qq1xxA@mail.gmail.com>
	<20160829083701.kq7pbrgl2kb37uov@redhat.com>
	<CAEYUZpe=pOf7vEAKVNfvwNkFFNFU+QwZeJy7VH8-xXm2Tvo6sg@mail.gmail.com>
	<20160829085931.xzpwlntamfcfkn3y@redhat.com>
Message-ID: <CAEYUZpdKhckp7sjo8vcRHA2Mhv3nGWiJfU6aYW4dRpyzQ7vvkw@mail.gmail.com>

Sorry, I missed adding the mailing list, added now.

Ah, I'll bear that in mind about authentication prior to 4.4. I have 4.3.1
on Fedora 24 right now. I'm using anonymous authentication for now, for my
various situations such as Jira/etc, and it seems to work, and I'll try
again in 4.4 with various GUI apps.

Thanks again for all the help!

-Harry

On 29 August 2016 at 01:59, Alexander Bokovoy <abokovoy at redhat.com> wrote:

> Again, don't answer to me directly, use freeipa-users@ mailing list.
>
> On Mon, 29 Aug 2016, Harry Kashouli wrote:
>
>> Fixed it, and now it looks like I actually get a successful result, and it
>> gives me info on the account. Thanks, I should've guessed that I needed to
>> replace $REALM.
>>
>> Now, even though this works, if I try to connect via a GUI such as LDAP
>> Admin, I can only connect to the database if I use "Simple
>> Authentication",
>> and anonymous. If I switch it to GSS-API and add the admin user, I get an
>> error as follows:
>> "LDAP error! Invalid credentials: SASL(-13): authentication failure:
>> GSSAPI Failure: gss_accept_sec_context"
>>
>> I've tried using the following two options as base, but still no sucess:
>> - dc=outland,dc=zsazouli,dc=com
>> - cn=users,cn=accounts,dc=outland,dc=zsazouli,dc=com
>>
> I don't think it is related to the choice of the base here. You need to
> look into details of your GUI application. 'LDAP Admin' app is running
> on Windows and I don't think it is going to use IPA's credentials -- it
> is rather using Active Directory user's ones. However, we do not support
> GSSAPI authentication as an AD user to LDAP in versions before FreeIPA 4.4.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/5a8e8c29/attachment.htm>

From deepak_dimri at hotmail.com  Mon Aug 29 12:17:46 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Mon, 29 Aug 2016 08:17:46 -0400
Subject: [Freeipa-users] Delegated administration use case
Message-ID: <SNT152-W91B59A2FE003AC9DB669F2F5E10@phx.gbl>

My IPA server has bunch of IPA-clients registered with it, i have done department/product wise grouping of my ipa clients and users. Example: for business unit1 (BU1) i have "BU1UserGroup" and "BU1HostGroup" similarly  for BU2 its "BU2UserGroup" & "BU2HostGroup". Now i  want to have department wise delegation administration in such a way that admin of BU1 can manage access for the users in "BU1UserGroup" and "BU1HostGroup" and admin of BU2 can manage the users and hosts for hosts in "BU2UserGroup" & "BU2HostGroup".  Essentially these sub admins should have full access to manage the access privileges for users and mange the hosts for their respective department/BU. 
I am still playing with IPA to understand this better but thought of asking you if this is a valid user case of IPA server and any pointer how this can be achieved would be much appreciated
Thanks,Deepak
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/03b1cc29/attachment.htm>

From rakesh.rajasekharan at gmail.com  Mon Aug 29 12:37:10 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Mon, 29 Aug 2016 18:07:10 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <57BEB0AB.2090506@redhat.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
	<CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
	<57BEB0AB.2090506@redhat.com>
Message-ID: <CANAMAkrNMzr2EsaqHgD3Z+sO+p_Zvyv4_dbDtuCq+Cz=91M-Fw@mail.gmail.com>

Hi Thierry,

Coz of the issues we had to revert back to earlier running openldap in
production.

I have now done a few TCP related changes in sysctl.conf and have also
increased the nsslapd-dbcachesize and nsslapd-cachememsize to 200MB

I will again start migrating hosts back to IPA and see if I face the
earlier issue.

I will update back once I have something


Thanks,
Rakesh



On Thu, Aug 25, 2016 at 2:17 PM, thierry bordaz <tbordaz at redhat.com> wrote:

>
>
> On 08/25/2016 10:15 AM, Rakesh Rajasekharan wrote:
>
> All of the troubleshooting seems fine.
>
>
> However, Running libconv.pl gives me this output
>
> ----- Recommendations -----
>
>  1.  You have unindexed components, this can be caused from a search on an
> unindexed attribute, or your returned results exceeded the
> allidsthreshold.  Unindexed components are not recommended. To refuse
> unindexed searches, switch 'nsslapd-require-index' to 'on' under your
> database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config).
>
>  2.  You have a significant difference between binds and unbinds.  You may
> want to investigate this difference.
>
>
> I feel, this could be a pointer to things going slow.. and IPA hanging. I
> think i now have something that I can try and nail down this issue.
>
> On a sidenote, I was earlier running openldap and migrated over to
> Freeipa,
>
> Thanks
> Rakesh
>
>
>
> On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek <pspacek at redhat.com> wrote:
>
>> On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
>> > I think thers something seriously wrong with my system
>> >
>> > not able to run any  IPA commands
>> >
>> > klist
>> > Ticket cache: KEYRING:persistent:0:0
>> > Default principal: admin at XYZ.COM
>> >
>> > Valid starting       Expires              Service principal
>> > 2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/ <XYZ.COM at XYZ.COM>
>> XYZ.COM at XYZ.COM
>> >
>> >
>> > [root at prod-ipa-master-1a :~] ipactl status
>> > Directory Service: RUNNING
>> > krb5kdc Service: RUNNING
>> > kadmin Service: RUNNING
>> > ipa_memcached Service: RUNNING
>> > httpd Service: RUNNING
>> > pki-tomcatd Service: RUNNING
>> > ipa-otpd Service: RUNNING
>> > ipa: INFO: The ipactl command was successful
>> >
>> >
>> >
>> > [root at prod-ipa-master :~] ipa user-find p-testuser
>> > ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may
>> > provide more information', 851968)/("Cannot contact any KDC for realm '
>> > XYZ.COM'", -1765328228)
>>
>
> Hi Rakesh,
>
> Having a reproducible test case would you rerun the command above.
> During its processing you may monitor DS process load (top). If it is
> high, you may get some pstacks of it.
> Also would you attach the part of DS access logs taken during the command.
>
> regards
> thierry
>
> >
>>
>> This is weird because the server seems to be up.
>>
>> Please follow
>> http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>>
>> Petr^2 Spacek
>>
>> >
>> >
>> > Thanks
>> >
>> > Rakesh
>> >
>> > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
>> > rakesh.rajasekharan at gmail.com> wrote:
>> >
>> >> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
>> >>
>> >> But, the hang is still there. though I dont see the sigfault now
>> >>
>> >>
>> >>
>> >>
>> >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
>> >> rakesh.rajasekharan at gmail.com> wrote:
>> >>
>> >>> My disk was getting filled too fast
>> >>>
>> >>> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
>> >>>
>> >>> Is there a way to make the logging less verbose
>> >>>
>> >>>
>> >>>
>> >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com>
>> wrote:
>> >>>
>> >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>> >>>>> I was able to fix that may be temporarily... when i checked the
>> >>>> network..
>> >>>>> there was another process that was running and consuming a lot of
>> >>>> network (
>> >>>>> i have no idea who did that. I need to seriously start restricting
>> >>>> people
>> >>>>> access to this machine )
>> >>>>>
>> >>>>> after killing that perfomance improved drastically
>> >>>>>
>> >>>>> But now, suddenly I started experiencing the same hang.
>> >>>>>
>> >>>>> This time , I gert the following error when checked dmesg
>> >>>>>
>> >>>>> [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
>> >>>>> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>> >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on port
>> 88.
>> >>>>> Sending cookies.  Check SNMP counters.
>> >>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c sp
>> >>>>> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>> >>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c sp
>> >>>>> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>> >>>>
>> >>>> Okay, this one is serious. The LDAP server crashed.
>> >>>>
>> >>>> 1. Make sure all your packages are up-to-date.
>> >>>>
>> >>>> Please see
>> >>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>> >>>> ebugging-crashes
>> >>>> for further instructions how to debug this.
>> >>>>
>> >>>> Petr^2 Spacek
>> >>>>
>> >>>>>
>> >>>>> and in /var/log/dirsrv/example-com/errors
>> >>>>>
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291138 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291139 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291140 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291141 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291142 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291143 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291144 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3291145 (rc: 32)
>> >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>> >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord:
>> >>>> could
>> >>>>> not delete change record 3292734 (rc: 51)
>> >>>>>
>> >>>>>
>> >>>>> Can  i do something about this error.. I treid to restart ipa a
>> couple
>> >>>> of
>> >>>>> time but that did not help
>> >>>>>
>> >>>>> Thanks
>> >>>>> Rakesh
>> >>>>>
>> >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
>> >>>> wrote:
>> >>>>>
>> >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>> >>>>>>> I am running my set up on AWS cloud, and entropy is low at around
>> >>>> 180 .
>> >>>>>>>
>> >>>>>>> I plan to increase it bu installing haveged . But, would low
>> entropy
>> >>>> by
>> >>>>>> any
>> >>>>>>> chance cause this issue of intermittent hang .
>> >>>>>>> Also, the hang is mostly observed when registering around 20
>> clients
>> >>>>>>> together
>> >>>>>>
>> >>>>>> Possibly, I'm not sure. If you want to dig into this, I would do
>> this:
>> >>>>>> 1. look what process hangs on client (using pstree command or so)
>> >>>>>> $ pstree
>> >>>>>>
>> >>>>>> 2. look to what server and port is the hanging client connected to
>> >>>>>> $ lsof -p <PID of the hanging process>
>> >>>>>>
>> >>>>>> 3. jump to server and see what process is bound to the target port
>> >>>>>> $ netstat -pn
>> >>>>>>
>> >>>>>> 4. see where the process if hanging
>> >>>>>> $ strace -p <PID of the hanging process>
>> >>>>>>
>> >>>>>> I hope it helps.
>> >>>>>>
>> >>>>>> Petr^2 Spacek
>> >>>>>>
>> >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>> >>>>>>> rakesh.rajasekharan at gmail.com> wrote:
>> >>>>>>>
>> >>>>>>>> yes there seems to be something thats worrying.. I have faced
>> this
>> >>>> today
>> >>>>>>>> as well.
>> >>>>>>>> There are few hosts around 280 odd left and when i try adding
>> them
>> >>>> to
>> >>>>>> IPA
>> >>>>>>>> , the slowness begins..
>> >>>>>>>>
>> >>>>>>>> all the ipa commands like ipa user-find.. etc becomes very slow
>> in
>> >>>>>>>> responding.
>> >>>>>>>>
>> >>>>>>>> the SYNC_RECV are not many though just around 80-90 and today
>> that
>> >>>> was
>> >>>>>>>> around 20 only
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> I have for now increased tcp_max_syn_backlog to 5000.
>> >>>>>>>> For now the slowness seems to have gone.. but I will do a try
>> >>>> adding the
>> >>>>>>>> clients again tomorrow and see how it goes
>> >>>>>>>>
>> >>>>>>>> Thanks
>> >>>>>>>> Rakesh
>> >>>>>>>>
>> >>>>>>>> The issues
>> >>>>>>>>
>> >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <
>> pspacek at redhat.com>
>> >>>>>> wrote:
>> >>>>>>>>
>> >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>> >>>>>>>>>> Hi
>> >>>>>>>>>>
>> >>>>>>>>>> I am migrating to freeipa from openldap and have around 4000
>> >>>> clients
>> >>>>>>>>>>
>> >>>>>>>>>> I had openned a another thread on that, but chose to start a
>> new
>> >>>> one
>> >>>>>>>>> here
>> >>>>>>>>>> as its a separate issue
>> >>>>>>>>>>
>> >>>>>>>>>> I was able to change the nssslapd-maxdescriptors adding an ldif
>> >>>> file
>> >>>>>>>>>>
>> >>>>>>>>>> cat nsslapd-modify.ldif
>> >>>>>>>>>> dn: cn=config
>> >>>>>>>>>> changetype: modify
>> >>>>>>>>>> replace: nsslapd-maxdescriptors
>> >>>>>>>>>> nsslapd-maxdescriptors: 17000
>> >>>>>>>>>>
>> >>>>>>>>>> and running the ldapmodify command
>> >>>>>>>>>>
>> >>>>>>>>>> I have now started moving clients running an openldap to
>> Freeipa
>> >>>> and
>> >>>>>>>>> have
>> >>>>>>>>>> today moved close to 2000 clients
>> >>>>>>>>>>
>> >>>>>>>>>> However, I have noticed that IPA hangs intermittently.
>> >>>>>>>>>>
>> >>>>>>>>>> running a kinit admin returns the below error
>> >>>>>>>>>> kinit: Generic error (see e-text) while getting initial
>> >>>> credentials
>> >>>>>>>>>>
>> >>>>>>>>>> from the /var/log/messages, I see this entry
>> >>>>>>>>>>
>> >>>>>>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP:
>> >>>> request_sock_TCP:
>> >>>>>>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
>> >>>>>> counters.
>> >>>>>>>>>
>> >>>>>>>>> I would be worried about this message. Maybe kernel/firewall is
>> >>>> doing
>> >>>>>>>>> something fishy behind your back and blocking some connections
>> or
>> >>>> so.
>> >>>>>>>>>
>> >>>>>>>>> Petr^2 Spacek
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started Session
>> >>>> 4885
>> >>>>>> of
>> >>>>>>>>>> user root.
>> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting
>> Session
>> >>>> 4885
>> >>>>>> of
>> >>>>>>>>>> user root.
>> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started Session
>> >>>> 4886
>> >>>>>> of
>> >>>>>>>>>> user root.
>> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting
>> Session
>> >>>> 4886
>> >>>>>> of
>> >>>>>>>>>> user root.
>> >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]:
>> ansible-command
>> >>>>>>>>> Invoked
>> >>>>>>>>>> with creates=None executable=None shell=True args= removes=None
>> >>>>>>>>> warn=True
>> >>>>>>>>>> chdir=None
>> >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>> >>>> Unspecified
>> >>>>>>>>> GSS
>> >>>>>>>>>> failure.  Minor code may provide more information (KDC returned
>> >>>> error
>> >>>>>>>>>> string: PROCESS_TGS)
>> >>>>>>>>>>
>> >>>>>>>>>> Could it be possible that its due to the initial load of adding
>> >>>> the
>> >>>>>>>>> clients
>> >>>>>>>>>> or is there something else that I need to take care of.
>>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/95917d3e/attachment.htm>

From rakesh.rajasekharan at gmail.com  Mon Aug 29 14:25:29 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Mon, 29 Aug 2016 19:55:29 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkrNMzr2EsaqHgD3Z+sO+p_Zvyv4_dbDtuCq+Cz=91M-Fw@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
	<CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
	<57BEB0AB.2090506@redhat.com>
	<CANAMAkrNMzr2EsaqHgD3Z+sO+p_Zvyv4_dbDtuCq+Cz=91M-Fw@mail.gmail.com>
Message-ID: <CANAMAkqwX=toissq8tEjuj5p-AP5dkA3V+5Oq9PkJFQyTdoH2A@mail.gmail.com>

I tried increasing the nsslapd-dbcachesize and nsslapd-cachememsize in my
QA envs to 200MB.

However, in my log files, I still see this message
[29/Aug/2016:04:34:37 +0000] - WARNING: ipaca: entry cache size 10485760B
is less than db size 11599872B; We recommend to increase the entry cache
size nsslapd-cachememsize.
[29/Aug/2016:04:34:37 +0000] - WARNING: changelog: entry cache size
2097152B is less than db size 441647104B; We recommend to increase the
entry cache size nsslapd-cachememsize.

these are my ldif files that i used to modify the values
modify entry cache size
cat modify-cache-mem-size.ldif
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-cachememsize
nsslapd-cachememsize: 209715200

modify db cache size
cat modfy-db-cache-size.ldif
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-dbcachesize
nsslapd-dbcachesize: 209715200

After modifying , i restarted IPA services

Is there anything else that  I need to take care of as the logs suggest its
still not getting the updated values

Thanks
Rakesh

On Mon, Aug 29, 2016 at 6:07 PM, Rakesh Rajasekharan <
rakesh.rajasekharan at gmail.com> wrote:

> Hi Thierry,
>
> Coz of the issues we had to revert back to earlier running openldap in
> production.
>
> I have now done a few TCP related changes in sysctl.conf and have also
> increased the nsslapd-dbcachesize and nsslapd-cachememsize to 200MB
>
> I will again start migrating hosts back to IPA and see if I face the
> earlier issue.
>
> I will update back once I have something
>
>
> Thanks,
> Rakesh
>
>
>
> On Thu, Aug 25, 2016 at 2:17 PM, thierry bordaz <tbordaz at redhat.com>
> wrote:
>
>>
>>
>> On 08/25/2016 10:15 AM, Rakesh Rajasekharan wrote:
>>
>> All of the troubleshooting seems fine.
>>
>>
>> However, Running libconv.pl gives me this output
>>
>> ----- Recommendations -----
>>
>>  1.  You have unindexed components, this can be caused from a search on
>> an unindexed attribute, or your returned results exceeded the
>> allidsthreshold.  Unindexed components are not recommended. To refuse
>> unindexed searches, switch 'nsslapd-require-index' to 'on' under your
>> database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config).
>>
>>  2.  You have a significant difference between binds and unbinds.  You
>> may want to investigate this difference.
>>
>>
>> I feel, this could be a pointer to things going slow.. and IPA hanging. I
>> think i now have something that I can try and nail down this issue.
>>
>> On a sidenote, I was earlier running openldap and migrated over to
>> Freeipa,
>>
>> Thanks
>> Rakesh
>>
>>
>>
>> On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek <pspacek at redhat.com> wrote:
>>
>>> On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
>>> > I think thers something seriously wrong with my system
>>> >
>>> > not able to run any  IPA commands
>>> >
>>> > klist
>>> > Ticket cache: KEYRING:persistent:0:0
>>> > Default principal: admin at XYZ.COM
>>> >
>>> > Valid starting       Expires              Service principal
>>> > 2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/ <XYZ.COM at XYZ.COM>
>>> XYZ.COM at XYZ.COM
>>> >
>>> >
>>> > [root at prod-ipa-master-1a :~] ipactl status
>>> > Directory Service: RUNNING
>>> > krb5kdc Service: RUNNING
>>> > kadmin Service: RUNNING
>>> > ipa_memcached Service: RUNNING
>>> > httpd Service: RUNNING
>>> > pki-tomcatd Service: RUNNING
>>> > ipa-otpd Service: RUNNING
>>> > ipa: INFO: The ipactl command was successful
>>> >
>>> >
>>> >
>>> > [root at prod-ipa-master :~] ipa user-find p-testuser
>>> > ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may
>>> > provide more information', 851968)/("Cannot contact any KDC for realm '
>>> > XYZ.COM'", -1765328228)
>>>
>>
>> Hi Rakesh,
>>
>> Having a reproducible test case would you rerun the command above.
>> During its processing you may monitor DS process load (top). If it is
>> high, you may get some pstacks of it.
>> Also would you attach the part of DS access logs taken during the command.
>>
>> regards
>> thierry
>>
>> >
>>>
>>> This is weird because the server seems to be up.
>>>
>>> Please follow
>>> http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>>>
>>> Petr^2 Spacek
>>>
>>> >
>>> >
>>> > Thanks
>>> >
>>> > Rakesh
>>> >
>>> > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
>>> > rakesh.rajasekharan at gmail.com> wrote:
>>> >
>>> >> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
>>> >>
>>> >> But, the hang is still there. though I dont see the sigfault now
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
>>> >> rakesh.rajasekharan at gmail.com> wrote:
>>> >>
>>> >>> My disk was getting filled too fast
>>> >>>
>>> >>> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
>>> >>>
>>> >>> Is there a way to make the logging less verbose
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com>
>>> wrote:
>>> >>>
>>> >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>>> >>>>> I was able to fix that may be temporarily... when i checked the
>>> >>>> network..
>>> >>>>> there was another process that was running and consuming a lot of
>>> >>>> network (
>>> >>>>> i have no idea who did that. I need to seriously start restricting
>>> >>>> people
>>> >>>>> access to this machine )
>>> >>>>>
>>> >>>>> after killing that perfomance improved drastically
>>> >>>>>
>>> >>>>> But now, suddenly I started experiencing the same hang.
>>> >>>>>
>>> >>>>> This time , I gert the following error when checked dmesg
>>> >>>>>
>>> >>>>> [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c sp
>>> >>>>> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>>> >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on
>>> port 88.
>>> >>>>> Sending cookies.  Check SNMP counters.
>>> >>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c
>>> sp
>>> >>>>> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>>> >>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c
>>> sp
>>> >>>>> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>>> >>>>
>>> >>>> Okay, this one is serious. The LDAP server crashed.
>>> >>>>
>>> >>>> 1. Make sure all your packages are up-to-date.
>>> >>>>
>>> >>>> Please see
>>> >>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>>> >>>> ebugging-crashes
>>> >>>> for further instructions how to debug this.
>>> >>>>
>>> >>>> Petr^2 Spacek
>>> >>>>
>>> >>>>>
>>> >>>>> and in /var/log/dirsrv/example-com/errors
>>> >>>>>
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291138 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291139 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291140 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291141 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291142 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291143 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291144 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3291145 (rc: 32)
>>> >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>>> >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin - delete_changerecord:
>>> >>>> could
>>> >>>>> not delete change record 3292734 (rc: 51)
>>> >>>>>
>>> >>>>>
>>> >>>>> Can  i do something about this error.. I treid to restart ipa a
>>> couple
>>> >>>> of
>>> >>>>> time but that did not help
>>> >>>>>
>>> >>>>> Thanks
>>> >>>>> Rakesh
>>> >>>>>
>>> >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
>>> >>>> wrote:
>>> >>>>>
>>> >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>> >>>>>>> I am running my set up on AWS cloud, and entropy is low at around
>>> >>>> 180 .
>>> >>>>>>>
>>> >>>>>>> I plan to increase it bu installing haveged . But, would low
>>> entropy
>>> >>>> by
>>> >>>>>> any
>>> >>>>>>> chance cause this issue of intermittent hang .
>>> >>>>>>> Also, the hang is mostly observed when registering around 20
>>> clients
>>> >>>>>>> together
>>> >>>>>>
>>> >>>>>> Possibly, I'm not sure. If you want to dig into this, I would do
>>> this:
>>> >>>>>> 1. look what process hangs on client (using pstree command or so)
>>> >>>>>> $ pstree
>>> >>>>>>
>>> >>>>>> 2. look to what server and port is the hanging client connected to
>>> >>>>>> $ lsof -p <PID of the hanging process>
>>> >>>>>>
>>> >>>>>> 3. jump to server and see what process is bound to the target port
>>> >>>>>> $ netstat -pn
>>> >>>>>>
>>> >>>>>> 4. see where the process if hanging
>>> >>>>>> $ strace -p <PID of the hanging process>
>>> >>>>>>
>>> >>>>>> I hope it helps.
>>> >>>>>>
>>> >>>>>> Petr^2 Spacek
>>> >>>>>>
>>> >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>>> >>>>>>> rakesh.rajasekharan at gmail.com> wrote:
>>> >>>>>>>
>>> >>>>>>>> yes there seems to be something thats worrying.. I have faced
>>> this
>>> >>>> today
>>> >>>>>>>> as well.
>>> >>>>>>>> There are few hosts around 280 odd left and when i try adding
>>> them
>>> >>>> to
>>> >>>>>> IPA
>>> >>>>>>>> , the slowness begins..
>>> >>>>>>>>
>>> >>>>>>>> all the ipa commands like ipa user-find.. etc becomes very slow
>>> in
>>> >>>>>>>> responding.
>>> >>>>>>>>
>>> >>>>>>>> the SYNC_RECV are not many though just around 80-90 and today
>>> that
>>> >>>> was
>>> >>>>>>>> around 20 only
>>> >>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> I have for now increased tcp_max_syn_backlog to 5000.
>>> >>>>>>>> For now the slowness seems to have gone.. but I will do a try
>>> >>>> adding the
>>> >>>>>>>> clients again tomorrow and see how it goes
>>> >>>>>>>>
>>> >>>>>>>> Thanks
>>> >>>>>>>> Rakesh
>>> >>>>>>>>
>>> >>>>>>>> The issues
>>> >>>>>>>>
>>> >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <
>>> pspacek at redhat.com>
>>> >>>>>> wrote:
>>> >>>>>>>>
>>> >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>> >>>>>>>>>> Hi
>>> >>>>>>>>>>
>>> >>>>>>>>>> I am migrating to freeipa from openldap and have around 4000
>>> >>>> clients
>>> >>>>>>>>>>
>>> >>>>>>>>>> I had openned a another thread on that, but chose to start a
>>> new
>>> >>>> one
>>> >>>>>>>>> here
>>> >>>>>>>>>> as its a separate issue
>>> >>>>>>>>>>
>>> >>>>>>>>>> I was able to change the nssslapd-maxdescriptors adding an
>>> ldif
>>> >>>> file
>>> >>>>>>>>>>
>>> >>>>>>>>>> cat nsslapd-modify.ldif
>>> >>>>>>>>>> dn: cn=config
>>> >>>>>>>>>> changetype: modify
>>> >>>>>>>>>> replace: nsslapd-maxdescriptors
>>> >>>>>>>>>> nsslapd-maxdescriptors: 17000
>>> >>>>>>>>>>
>>> >>>>>>>>>> and running the ldapmodify command
>>> >>>>>>>>>>
>>> >>>>>>>>>> I have now started moving clients running an openldap to
>>> Freeipa
>>> >>>> and
>>> >>>>>>>>> have
>>> >>>>>>>>>> today moved close to 2000 clients
>>> >>>>>>>>>>
>>> >>>>>>>>>> However, I have noticed that IPA hangs intermittently.
>>> >>>>>>>>>>
>>> >>>>>>>>>> running a kinit admin returns the below error
>>> >>>>>>>>>> kinit: Generic error (see e-text) while getting initial
>>> >>>> credentials
>>> >>>>>>>>>>
>>> >>>>>>>>>> from the /var/log/messages, I see this entry
>>> >>>>>>>>>>
>>> >>>>>>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP:
>>> >>>> request_sock_TCP:
>>> >>>>>>>>>> Possible SYN flooding on port 88. Sending cookies.  Check SNMP
>>> >>>>>> counters.
>>> >>>>>>>>>
>>> >>>>>>>>> I would be worried about this message. Maybe kernel/firewall is
>>> >>>> doing
>>> >>>>>>>>> something fishy behind your back and blocking some connections
>>> or
>>> >>>> so.
>>> >>>>>>>>>
>>> >>>>>>>>> Petr^2 Spacek
>>> >>>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started
>>> Session
>>> >>>> 4885
>>> >>>>>> of
>>> >>>>>>>>>> user root.
>>> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting
>>> Session
>>> >>>> 4885
>>> >>>>>> of
>>> >>>>>>>>>> user root.
>>> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started
>>> Session
>>> >>>> 4886
>>> >>>>>> of
>>> >>>>>>>>>> user root.
>>> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting
>>> Session
>>> >>>> 4886
>>> >>>>>> of
>>> >>>>>>>>>> user root.
>>> >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]:
>>> ansible-command
>>> >>>>>>>>> Invoked
>>> >>>>>>>>>> with creates=None executable=None shell=True args=
>>> removes=None
>>> >>>>>>>>> warn=True
>>> >>>>>>>>>> chdir=None
>>> >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>>> >>>> Unspecified
>>> >>>>>>>>> GSS
>>> >>>>>>>>>> failure.  Minor code may provide more information (KDC
>>> returned
>>> >>>> error
>>> >>>>>>>>>> string: PROCESS_TGS)
>>> >>>>>>>>>>
>>> >>>>>>>>>> Could it be possible that its due to the initial load of
>>> adding
>>> >>>> the
>>> >>>>>>>>> clients
>>> >>>>>>>>>> or is there something else that I need to take care of.
>>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/a4e1f094/attachment.htm>

From tbordaz at redhat.com  Mon Aug 29 14:46:30 2016
From: tbordaz at redhat.com (thierry bordaz)
Date: Mon, 29 Aug 2016 16:46:30 +0200
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkqwX=toissq8tEjuj5p-AP5dkA3V+5Oq9PkJFQyTdoH2A@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
	<CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
	<57BEB0AB.2090506@redhat.com>
	<CANAMAkrNMzr2EsaqHgD3Z+sO+p_Zvyv4_dbDtuCq+Cz=91M-Fw@mail.gmail.com>
	<CANAMAkqwX=toissq8tEjuj5p-AP5dkA3V+5Oq9PkJFQyTdoH2A@mail.gmail.com>
Message-ID: <57C44AC6.1030402@redhat.com>

Hi Rakesh,

Those tuning may depend on the memory available on your machine.
nsslapd-cachememsize allows the entry cache to consume up to 200Mb but 
its memory footprint is known to go above.
200Mb both looks pretty good to me. How large is your machine ? What is 
your version of 389-ds ?

Those warnings do not change your settings. It just raise that entry 
cache of 'ipaca' and 'retrocl' are small but it is fine. The size of the 
entry cache is important mostly in userRoot.
You may double check the actual values, after restart, with ldapsearch 
on 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config' and 
'cn=config,cn=ldbm database,cn=plugins,cn=config'.

A step is to know what will be response time of DS to know if it is 
responsible of the hang or not.
The logs and possibly pstack during those intermittent hangs will help 
to determine that.

regards
thierry




On 08/29/2016 04:25 PM, Rakesh Rajasekharan wrote:
> I tried increasing the nsslapd-dbcachesize and nsslapd-cachememsize in 
> my QA envs to 200MB.
>
> However, in my log files, I still see this message
> [29/Aug/2016:04:34:37 +0000] - WARNING: ipaca: entry cache size 
> 10485760B is less than db size 11599872B; We recommend to increase the 
> entry cache size nsslapd-cachememsize.
> [29/Aug/2016:04:34:37 +0000] - WARNING: changelog: entry cache size 
> 2097152B is less than db size 441647104B; We recommend to increase the 
> entry cache size nsslapd-cachememsize.
>
> these are my ldif files that i used to modify the values
> modify entry cache size
> cat modify-cache-mem-size.ldif
> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 209715200
>
> modify db cache size
> cat modfy-db-cache-size.ldif
> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-dbcachesize
> nsslapd-dbcachesize: 209715200
>
> After modifying , i restarted IPA services
>
> Is there anything else that  I need to take care of as the logs 
> suggest its still not getting the updated values
>
> Thanks
> Rakesh
>
> On Mon, Aug 29, 2016 at 6:07 PM, Rakesh Rajasekharan 
> <rakesh.rajasekharan at gmail.com <mailto:rakesh.rajasekharan at gmail.com>> 
> wrote:
>
>     Hi Thierry,
>
>     Coz of the issues we had to revert back to earlier running
>     openldap in production.
>
>     I have now done a few TCP related changes in sysctl.conf and have
>     also increased the nsslapd-dbcachesize and nsslapd-cachememsize to
>     200MB
>
>     I will again start migrating hosts back to IPA and see if I face
>     the earlier issue.
>
>     I will update back once I have something
>
>
>     Thanks,
>     Rakesh
>
>
>
>     On Thu, Aug 25, 2016 at 2:17 PM, thierry bordaz
>     <tbordaz at redhat.com <mailto:tbordaz at redhat.com>> wrote:
>
>
>
>         On 08/25/2016 10:15 AM, Rakesh Rajasekharan wrote:
>>         All of the troubleshooting seems fine.
>>
>>
>>         However, Running libconv.pl <http://libconv.pl> gives me this
>>         output
>>
>>         ----- Recommendations -----
>>
>>          1.  You have unindexed components, this can be caused from a
>>         search on an unindexed attribute, or your returned results
>>         exceeded the allidsthreshold. Unindexed components are not
>>         recommended. To refuse unindexed searches, switch
>>         'nsslapd-require-index' to 'on' under your database entry
>>         (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config).
>>
>>          2.  You have a significant difference between binds and
>>         unbinds.  You may want to investigate this difference.
>>
>>
>>         I feel, this could be a pointer to things going slow.. and
>>         IPA hanging. I think i now have something that I can try and
>>         nail down this issue.
>>
>>         On a sidenote, I was earlier running openldap and migrated
>>         over to Freeipa,
>>
>>         Thanks
>>         Rakesh
>>
>>
>>
>>         On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek
>>         <pspacek at redhat.com <mailto:pspacek at redhat.com>> wrote:
>>
>>             On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
>>             > I think thers something seriously wrong with my system
>>             >
>>             > not able to run any  IPA commands
>>             >
>>             > klist
>>             > Ticket cache: KEYRING:persistent:0:0
>>             > Default principal: admin at XYZ.COM <mailto:admin at XYZ.COM>
>>             >
>>             > Valid starting       Expires             Service principal
>>             > 2016-08-23T16:26:36 2016-08-24T16:26:22 
>>             krbtgt/XYZ.COM at XYZ.COM <mailto:XYZ.COM at XYZ.COM>
>>             >
>>             >
>>             > [root at prod-ipa-master-1a :~] ipactl status
>>             > Directory Service: RUNNING
>>             > krb5kdc Service: RUNNING
>>             > kadmin Service: RUNNING
>>             > ipa_memcached Service: RUNNING
>>             > httpd Service: RUNNING
>>             > pki-tomcatd Service: RUNNING
>>             > ipa-otpd Service: RUNNING
>>             > ipa: INFO: The ipactl command was successful
>>             >
>>             >
>>             >
>>             > [root at prod-ipa-master :~] ipa user-find p-testuser
>>             > ipa: ERROR: Kerberos error: ('Unspecified GSS failure. 
>>             Minor code may
>>             > provide more information', 851968)/("Cannot contact any
>>             KDC for realm '
>>             > XYZ.COM <http://XYZ.COM>'", -1765328228)
>>
>
>         Hi Rakesh,
>
>             Having a reproducible test case would you rerun the
>             command above.
>             During its processing you may monitor DS process load
>             (top). If it is high, you may get some pstacks of it.
>             Also would you attach the part of DS access logs taken
>             during the command.
>
>             regards
>             thierry
>
>>             >
>>
>>             This is weird because the server seems to be up.
>>
>>             Please follow
>>             http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>>             <http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos>
>>
>>             Petr^2 Spacek
>>
>>             >
>>             >
>>             > Thanks
>>             >
>>             > Rakesh
>>             >
>>             > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
>>             > rakesh.rajasekharan at gmail.com
>>             <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>             >
>>             >> i changed the loggin level to 4 . Modifying
>>             nsslapd-accesslog-level
>>             >>
>>             >> But, the hang is still there. though I dont see the
>>             sigfault now
>>             >>
>>             >>
>>             >>
>>             >>
>>             >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
>>             >> rakesh.rajasekharan at gmail.com
>>             <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>             >>
>>             >>> My disk was getting filled too fast
>>             >>>
>>             >>> logs under /var/log/dirsrv was coming around 5 gb
>>             quickly filling up
>>             >>>
>>             >>> Is there a way to make the logging less verbose
>>             >>>
>>             >>>
>>             >>>
>>             >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek
>>             <pspacek at redhat.com <mailto:pspacek at redhat.com>> wrote:
>>             >>>
>>             >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>>             >>>>> I was able to fix that may be temporarily... when i
>>             checked the
>>             >>>> network..
>>             >>>>> there was another process that was running and
>>             consuming a lot of
>>             >>>> network (
>>             >>>>> i have no idea who did that. I need to seriously
>>             start restricting
>>             >>>> people
>>             >>>>> access to this machine )
>>             >>>>>
>>             >>>>> after killing that perfomance improved drastically
>>             >>>>>
>>             >>>>> But now, suddenly I started experiencing the same hang.
>>             >>>>>
>>             >>>>> This time , I gert the following error when checked
>>             dmesg
>>             >>>>>
>>             >>>>> [ 301.236976] ns-slapd[3124]: segfault at 0 ip
>>             00007f1de416951c sp
>>             >>>>> 00007f1dee1dba70 error 4 in
>>             libcos-plugin.so[7f1de4166000+b000]
>>             >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN
>>             flooding on port 88.
>>             >>>>> Sending cookies.  Check SNMP counters.
>>             >>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip
>>             00007f533d82251c sp
>>             >>>>> 00007f5347894a70 error 4 in
>>             libcos-plugin.so[7f533d81f000+b000]
>>             >>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip
>>             00007f6231eb951c sp
>>             >>>>> 00007f623bf2ba70 error 4 in
>>             libcos-plugin.so[7f6231eb6000+b00
>>             >>>>
>>             >>>> Okay, this one is serious. The LDAP server crashed.
>>             >>>>
>>             >>>> 1. Make sure all your packages are up-to-date.
>>             >>>>
>>             >>>> Please see
>>             >>>>
>>             http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>>             <http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d>
>>             >>>> ebugging-crashes
>>             >>>> for further instructions how to debug this.
>>             >>>>
>>             >>>> Petr^2 Spacek
>>             >>>>
>>             >>>>>
>>             >>>>> and in /var/log/dirsrv/example-com/errors
>>             >>>>>
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291138 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291139 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291140 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291141 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291142 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291143 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291144 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3291145 (rc: 32)
>>             >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded
>>             in delete
>>             >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin -
>>             delete_changerecord:
>>             >>>> could
>>             >>>>> not delete change record 3292734 (rc: 51)
>>             >>>>>
>>             >>>>>
>>             >>>>> Can  i do something about this error.. I treid to
>>             restart ipa a couple
>>             >>>> of
>>             >>>>> time but that did not help
>>             >>>>>
>>             >>>>> Thanks
>>             >>>>> Rakesh
>>             >>>>>
>>             >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek
>>             <pspacek at redhat.com <mailto:pspacek at redhat.com>>
>>             >>>> wrote:
>>             >>>>>
>>             >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>             >>>>>>> I am running my set up on AWS cloud, and entropy
>>             is low at around
>>             >>>> 180 .
>>             >>>>>>>
>>             >>>>>>> I plan to increase it bu installing haveged .
>>             But, would low entropy
>>             >>>> by
>>             >>>>>> any
>>             >>>>>>> chance cause this issue of intermittent hang .
>>             >>>>>>> Also, the hang is mostly observed when
>>             registering around 20 clients
>>             >>>>>>> together
>>             >>>>>>
>>             >>>>>> Possibly, I'm not sure. If you want to dig into
>>             this, I would do this:
>>             >>>>>> 1. look what process hangs on client (using pstree
>>             command or so)
>>             >>>>>> $ pstree
>>             >>>>>>
>>             >>>>>> 2. look to what server and port is the hanging
>>             client connected to
>>             >>>>>> $ lsof -p <PID of the hanging process>
>>             >>>>>>
>>             >>>>>> 3. jump to server and see what process is bound to
>>             the target port
>>             >>>>>> $ netstat -pn
>>             >>>>>>
>>             >>>>>> 4. see where the process if hanging
>>             >>>>>> $ strace -p <PID of the hanging process>
>>             >>>>>>
>>             >>>>>> I hope it helps.
>>             >>>>>>
>>             >>>>>> Petr^2 Spacek
>>             >>>>>>
>>             >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh
>>             Rajasekharan <
>>             >>>>>>> rakesh.rajasekharan at gmail.com
>>             <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>             >>>>>>>
>>             >>>>>>>> yes there seems to be something thats worrying..
>>             I have faced this
>>             >>>> today
>>             >>>>>>>> as well.
>>             >>>>>>>> There are few hosts around 280 odd left and when
>>             i try adding them
>>             >>>> to
>>             >>>>>> IPA
>>             >>>>>>>> , the slowness begins..
>>             >>>>>>>>
>>             >>>>>>>> all the ipa commands like ipa user-find.. etc
>>             becomes very slow in
>>             >>>>>>>> responding.
>>             >>>>>>>>
>>             >>>>>>>> the SYNC_RECV are not many though just around
>>             80-90 and today that
>>             >>>> was
>>             >>>>>>>> around 20 only
>>             >>>>>>>>
>>             >>>>>>>>
>>             >>>>>>>> I have for now increased tcp_max_syn_backlog to
>>             5000.
>>             >>>>>>>> For now the slowness seems to have gone.. but I
>>             will do a try
>>             >>>> adding the
>>             >>>>>>>> clients again tomorrow and see how it goes
>>             >>>>>>>>
>>             >>>>>>>> Thanks
>>             >>>>>>>> Rakesh
>>             >>>>>>>>
>>             >>>>>>>> The issues
>>             >>>>>>>>
>>             >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek
>>             <pspacek at redhat.com <mailto:pspacek at redhat.com>>
>>             >>>>>> wrote:
>>             >>>>>>>>
>>             >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>             >>>>>>>>>> Hi
>>             >>>>>>>>>>
>>             >>>>>>>>>> I am migrating to freeipa from openldap and
>>             have around 4000
>>             >>>> clients
>>             >>>>>>>>>>
>>             >>>>>>>>>> I had openned a another thread on that, but
>>             chose to start a new
>>             >>>> one
>>             >>>>>>>>> here
>>             >>>>>>>>>> as its a separate issue
>>             >>>>>>>>>>
>>             >>>>>>>>>> I was able to change the
>>             nssslapd-maxdescriptors adding an ldif
>>             >>>> file
>>             >>>>>>>>>>
>>             >>>>>>>>>> cat nsslapd-modify.ldif
>>             >>>>>>>>>> dn: cn=config
>>             >>>>>>>>>> changetype: modify
>>             >>>>>>>>>> replace: nsslapd-maxdescriptors
>>             >>>>>>>>>> nsslapd-maxdescriptors: 17000
>>             >>>>>>>>>>
>>             >>>>>>>>>> and running the ldapmodify command
>>             >>>>>>>>>>
>>             >>>>>>>>>> I have now started moving clients running an
>>             openldap to Freeipa
>>             >>>> and
>>             >>>>>>>>> have
>>             >>>>>>>>>> today moved close to 2000 clients
>>             >>>>>>>>>>
>>             >>>>>>>>>> However, I have noticed that IPA hangs
>>             intermittently.
>>             >>>>>>>>>>
>>             >>>>>>>>>> running a kinit admin returns the below error
>>             >>>>>>>>>> kinit: Generic error (see e-text) while
>>             getting initial
>>             >>>> credentials
>>             >>>>>>>>>>
>>             >>>>>>>>>> from the /var/log/messages, I see this entry
>>             >>>>>>>>>>
>>             >>>>>>>>>> prod-ipa-master-int kernel: [104090.315801] TCP:
>>             >>>> request_sock_TCP:
>>             >>>>>>>>>> Possible SYN flooding on port 88. Sending
>>             cookies.  Check SNMP
>>             >>>>>> counters.
>>             >>>>>>>>>
>>             >>>>>>>>> I would be worried about this message. Maybe
>>             kernel/firewall is
>>             >>>> doing
>>             >>>>>>>>> something fishy behind your back and blocking
>>             some connections or
>>             >>>> so.
>>             >>>>>>>>>
>>             >>>>>>>>> Petr^2 Spacek
>>             >>>>>>>>>
>>             >>>>>>>>>
>>             >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int
>>             systemd[1]: Started Session
>>             >>>> 4885
>>             >>>>>> of
>>             >>>>>>>>>> user root.
>>             >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int
>>             systemd[1]: Starting Session
>>             >>>> 4885
>>             >>>>>> of
>>             >>>>>>>>>> user root.
>>             >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int
>>             systemd[1]: Started Session
>>             >>>> 4886
>>             >>>>>> of
>>             >>>>>>>>>> user root.
>>             >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int
>>             systemd[1]: Starting Session
>>             >>>> 4886
>>             >>>>>> of
>>             >>>>>>>>>> user root.
>>             >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int
>>             python[28984]: ansible-command
>>             >>>>>>>>> Invoked
>>             >>>>>>>>>> with creates=None executable=None shell=True
>>             args= removes=None
>>             >>>>>>>>> warn=True
>>             >>>>>>>>>> chdir=None
>>             >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be:
>>             GSSAPI Error:
>>             >>>> Unspecified
>>             >>>>>>>>> GSS
>>             >>>>>>>>>> failure.  Minor code may provide more
>>             information (KDC returned
>>             >>>> error
>>             >>>>>>>>>> string: PROCESS_TGS)
>>             >>>>>>>>>>
>>             >>>>>>>>>> Could it be possible that its due to the
>>             initial load of adding
>>             >>>> the
>>             >>>>>>>>> clients
>>             >>>>>>>>>> or is there something else that I need to take
>>             care of.
>>
>>
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/ce4246df/attachment.htm>

From rakesh.rajasekharan at gmail.com  Mon Aug 29 16:53:50 2016
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Mon, 29 Aug 2016 22:23:50 +0530
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <57C44AC6.1030402@redhat.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<68130cd8-9007-2d9c-5af0-536414c2f8e1@redhat.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
	<CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
	<57BEB0AB.2090506@redhat.com>
	<CANAMAkrNMzr2EsaqHgD3Z+sO+p_Zvyv4_dbDtuCq+Cz=91M-Fw@mail.gmail.com>
	<CANAMAkqwX=toissq8tEjuj5p-AP5dkA3V+5Oq9PkJFQyTdoH2A@mail.gmail.com>
	<57C44AC6.1030402@redhat.com>
Message-ID: <CANAMAkqxa=CHSAa0s0qBnSr-kvomRA+MAtTtN_KgrHL=cNuvuQ@mail.gmail.com>

Hi Thierry,

My machine has 30GB RAM ..and  389-ds version is 1.3.4

ldapsearch shows the values for nsslapd-cachememsize updated to 200MB.

ldapsearch -LLL -o ldif-wrap=no -D "cn=directory manager" -w 'mypassword'
-b 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config'|grep
nsslapd-cachememsize
nsslapd-cachememsize: 209715200


So, it seems to have updated though seeing that warning(WARNING: ipaca:
entry cache size 10485760B is less than db size 11599872B) in the log
confuses me a bit.

Thers one more entry that I found from the ldapsearch to be bit low

nsslapd-dncachememsize: 10485760
maxdncachesize: 10485760

Should I update these as well to a higher value

At the time when the issue happened, the memory usage as well as the
overall load of the system was very low .
I will try reproducing the issue atleast in my QA env..probably by trying
to mock  simultaneous parallel logins to a large number of hosts


thanks
Rakesh




On Mon, Aug 29, 2016 at 8:16 PM, thierry bordaz <tbordaz at redhat.com> wrote:

> Hi Rakesh,
>
> Those tuning may depend on the memory available on your machine.
> nsslapd-cachememsize allows the entry cache to consume up to 200Mb but its
> memory footprint is known to go above.
> 200Mb both looks pretty good to me. How large is your machine ? What is
> your version of 389-ds ?
>
> Those warnings do not change your settings. It just raise that entry cache
> of 'ipaca' and 'retrocl' are small but it is fine. The size of the entry
> cache is important mostly in userRoot.
> You may double check the actual values, after restart, with ldapsearch on
> 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config' and 'cn=config,cn=ldbm
> database,cn=plugins,cn=config'.
>
> A step is to know what will be response time of DS to know if it is
> responsible of the hang or not.
> The logs and possibly pstack during those intermittent hangs will help to
> determine that.
>
> regards
> thierry
>
>
>
>
>
> On 08/29/2016 04:25 PM, Rakesh Rajasekharan wrote:
>
> I tried increasing the nsslapd-dbcachesize and nsslapd-cachememsize in my
> QA envs to 200MB.
>
> However, in my log files, I still see this message
> [29/Aug/2016:04:34:37 +0000] - WARNING: ipaca: entry cache size 10485760B
> is less than db size 11599872B; We recommend to increase the entry cache
> size nsslapd-cachememsize.
> [29/Aug/2016:04:34:37 +0000] - WARNING: changelog: entry cache size
> 2097152B is less than db size 441647104B; We recommend to increase the
> entry cache size nsslapd-cachememsize.
>
> these are my ldif files that i used to modify the values
> modify entry cache size
> cat modify-cache-mem-size.ldif
> dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-cachememsize
> nsslapd-cachememsize: 209715200
>
> modify db cache size
> cat modfy-db-cache-size.ldif
> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-dbcachesize
> nsslapd-dbcachesize: 209715200
>
> After modifying , i restarted IPA services
>
> Is there anything else that  I need to take care of as the logs suggest
> its still not getting the updated values
>
> Thanks
> Rakesh
>
> On Mon, Aug 29, 2016 at 6:07 PM, Rakesh Rajasekharan <
> rakesh.rajasekharan at gmail.com> wrote:
>
>> Hi Thierry,
>>
>> Coz of the issues we had to revert back to earlier running openldap in
>> production.
>>
>> I have now done a few TCP related changes in sysctl.conf and have also
>> increased the nsslapd-dbcachesize and nsslapd-cachememsize to 200MB
>>
>> I will again start migrating hosts back to IPA and see if I face the
>> earlier issue.
>>
>> I will update back once I have something
>>
>>
>> Thanks,
>> Rakesh
>>
>>
>>
>> On Thu, Aug 25, 2016 at 2:17 PM, thierry bordaz < <tbordaz at redhat.com>
>> tbordaz at redhat.com> wrote:
>>
>>>
>>>
>>> On 08/25/2016 10:15 AM, Rakesh Rajasekharan wrote:
>>>
>>> All of the troubleshooting seems fine.
>>>
>>>
>>> However, Running libconv.pl gives me this output
>>>
>>> ----- Recommendations -----
>>>
>>>  1.  You have unindexed components, this can be caused from a search on
>>> an unindexed attribute, or your returned results exceeded the
>>> allidsthreshold.  Unindexed components are not recommended. To refuse
>>> unindexed searches, switch 'nsslapd-require-index' to 'on' under your
>>> database entry (e.g. cn=UserRoot,cn=ldbm database,cn=plugins,cn=config).
>>>
>>>  2.  You have a significant difference between binds and unbinds.  You
>>> may want to investigate this difference.
>>>
>>>
>>> I feel, this could be a pointer to things going slow.. and IPA hanging.
>>> I think i now have something that I can try and nail down this issue.
>>>
>>> On a sidenote, I was earlier running openldap and migrated over to
>>> Freeipa,
>>>
>>> Thanks
>>> Rakesh
>>>
>>>
>>>
>>> On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek < <pspacek at redhat.com>
>>> pspacek at redhat.com> wrote:
>>>
>>>> On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
>>>> > I think thers something seriously wrong with my system
>>>> >
>>>> > not able to run any  IPA commands
>>>> >
>>>> > klist
>>>> > Ticket cache: KEYRING:persistent:0:0
>>>> > Default principal: <admin at XYZ.COM>admin at XYZ.COM
>>>> >
>>>> > Valid starting       Expires              Service principal
>>>> > 2016-08-23T16:26:36  2016-08-24T16:26:22  krbtgt/ <XYZ.COM at XYZ.COM>
>>>> XYZ.COM at XYZ.COM
>>>> >
>>>> >
>>>> > [root at prod-ipa-master-1a :~] ipactl status
>>>> > Directory Service: RUNNING
>>>> > krb5kdc Service: RUNNING
>>>> > kadmin Service: RUNNING
>>>> > ipa_memcached Service: RUNNING
>>>> > httpd Service: RUNNING
>>>> > pki-tomcatd Service: RUNNING
>>>> > ipa-otpd Service: RUNNING
>>>> > ipa: INFO: The ipactl command was successful
>>>> >
>>>> >
>>>> >
>>>> > [root at prod-ipa-master :~] ipa user-find p-testuser
>>>> > ipa: ERROR: Kerberos error: ('Unspecified GSS failure.  Minor code may
>>>> > provide more information', 851968)/("Cannot contact any KDC for realm
>>>> '
>>>> > XYZ.COM'", -1765328228)
>>>>
>>>
>>> Hi Rakesh,
>>>
>>> Having a reproducible test case would you rerun the command above.
>>> During its processing you may monitor DS process load (top). If it is
>>> high, you may get some pstacks of it.
>>> Also would you attach the part of DS access logs taken during the
>>> command.
>>>
>>> regards
>>> thierry
>>>
>>> >
>>>>
>>>> This is weird because the server seems to be up.
>>>>
>>>> Please follow
>>>> http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>>>>
>>>> Petr^2 Spacek
>>>>
>>>> >
>>>> >
>>>> > Thanks
>>>> >
>>>> > Rakesh
>>>> >
>>>> > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh Rajasekharan <
>>>> > rakesh.rajasekharan at gmail.com> wrote:
>>>> >
>>>> >> i changed the loggin level to 4 . Modifying nsslapd-accesslog-level
>>>> >>
>>>> >> But, the hang is still there. though I dont see the sigfault now
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>> >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh Rajasekharan <
>>>> >> <rakesh.rajasekharan at gmail.com>rakesh.rajasekharan at gmail.com> wrote:
>>>> >>
>>>> >>> My disk was getting filled too fast
>>>> >>>
>>>> >>> logs under /var/log/dirsrv was coming around 5 gb quickly filling up
>>>> >>>
>>>> >>> Is there a way to make the logging less verbose
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek <pspacek at redhat.com>
>>>> wrote:
>>>> >>>
>>>> >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>>>> >>>>> I was able to fix that may be temporarily... when i checked the
>>>> >>>> network..
>>>> >>>>> there was another process that was running and consuming a lot of
>>>> >>>> network (
>>>> >>>>> i have no idea who did that. I need to seriously start restricting
>>>> >>>> people
>>>> >>>>> access to this machine )
>>>> >>>>>
>>>> >>>>> after killing that perfomance improved drastically
>>>> >>>>>
>>>> >>>>> But now, suddenly I started experiencing the same hang.
>>>> >>>>>
>>>> >>>>> This time , I gert the following error when checked dmesg
>>>> >>>>>
>>>> >>>>> [  301.236976] ns-slapd[3124]: segfault at 0 ip 00007f1de416951c
>>>> sp
>>>> >>>>> 00007f1dee1dba70 error 4 in libcos-plugin.so[7f1de4166000+b000]
>>>> >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible SYN flooding on
>>>> port 88.
>>>> >>>>> Sending cookies.  Check SNMP counters.
>>>> >>>>> [11831.397037] ns-slapd[22550]: segfault at 0 ip 00007f533d82251c
>>>> sp
>>>> >>>>> 00007f5347894a70 error 4 in libcos-plugin.so[7f533d81f000+b000]
>>>> >>>>> [11832.727989] ns-slapd[22606]: segfault at 0 ip 00007f6231eb951c
>>>> sp
>>>> >>>>> 00007f623bf2ba70 error 4 in libcos-plugin.so[7f6231eb6000+b00
>>>> >>>>
>>>> >>>> Okay, this one is serious. The LDAP server crashed.
>>>> >>>>
>>>> >>>> 1. Make sure all your packages are up-to-date.
>>>> >>>>
>>>> >>>> Please see
>>>> >>>> <http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d>
>>>> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>>>> >>>> ebugging-crashes
>>>> >>>> for further instructions how to debug this.
>>>> >>>>
>>>> >>>> Petr^2 Spacek
>>>> >>>>
>>>> >>>>>
>>>> >>>>> and in /var/log/dirsrv/example-com/errors
>>>> >>>>>
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291138 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291139 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291140 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291141 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291142 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291143 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291144 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3291145 (rc: 32)
>>>> >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count exceeded in delete
>>>> >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin -
>>>> delete_changerecord:
>>>> >>>> could
>>>> >>>>> not delete change record 3292734 (rc: 51)
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> Can  i do something about this error.. I treid to restart ipa a
>>>> couple
>>>> >>>> of
>>>> >>>>> time but that did not help
>>>> >>>>>
>>>> >>>>> Thanks
>>>> >>>>> Rakesh
>>>> >>>>>
>>>> >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek <pspacek at redhat.com>
>>>> >>>> wrote:
>>>> >>>>>
>>>> >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>>> >>>>>>> I am running my set up on AWS cloud, and entropy is low at
>>>> around
>>>> >>>> 180 .
>>>> >>>>>>>
>>>> >>>>>>> I plan to increase it bu installing haveged . But, would low
>>>> entropy
>>>> >>>> by
>>>> >>>>>> any
>>>> >>>>>>> chance cause this issue of intermittent hang .
>>>> >>>>>>> Also, the hang is mostly observed when registering around 20
>>>> clients
>>>> >>>>>>> together
>>>> >>>>>>
>>>> >>>>>> Possibly, I'm not sure. If you want to dig into this, I would do
>>>> this:
>>>> >>>>>> 1. look what process hangs on client (using pstree command or so)
>>>> >>>>>> $ pstree
>>>> >>>>>>
>>>> >>>>>> 2. look to what server and port is the hanging client connected
>>>> to
>>>> >>>>>> $ lsof -p <PID of the hanging process>
>>>> >>>>>>
>>>> >>>>>> 3. jump to server and see what process is bound to the target
>>>> port
>>>> >>>>>> $ netstat -pn
>>>> >>>>>>
>>>> >>>>>> 4. see where the process if hanging
>>>> >>>>>> $ strace -p <PID of the hanging process>
>>>> >>>>>>
>>>> >>>>>> I hope it helps.
>>>> >>>>>>
>>>> >>>>>> Petr^2 Spacek
>>>> >>>>>>
>>>> >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh Rajasekharan <
>>>> >>>>>>> <rakesh.rajasekharan at gmail.com>rakesh.rajasekharan at gmail.com>
>>>> wrote:
>>>> >>>>>>>
>>>> >>>>>>>> yes there seems to be something thats worrying.. I have faced
>>>> this
>>>> >>>> today
>>>> >>>>>>>> as well.
>>>> >>>>>>>> There are few hosts around 280 odd left and when i try adding
>>>> them
>>>> >>>> to
>>>> >>>>>> IPA
>>>> >>>>>>>> , the slowness begins..
>>>> >>>>>>>>
>>>> >>>>>>>> all the ipa commands like ipa user-find.. etc becomes very
>>>> slow in
>>>> >>>>>>>> responding.
>>>> >>>>>>>>
>>>> >>>>>>>> the SYNC_RECV are not many though just around 80-90 and today
>>>> that
>>>> >>>> was
>>>> >>>>>>>> around 20 only
>>>> >>>>>>>>
>>>> >>>>>>>>
>>>> >>>>>>>> I have for now increased tcp_max_syn_backlog to 5000.
>>>> >>>>>>>> For now the slowness seems to have gone.. but I will do a try
>>>> >>>> adding the
>>>> >>>>>>>> clients again tomorrow and see how it goes
>>>> >>>>>>>>
>>>> >>>>>>>> Thanks
>>>> >>>>>>>> Rakesh
>>>> >>>>>>>>
>>>> >>>>>>>> The issues
>>>> >>>>>>>>
>>>> >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr Spacek <
>>>> <pspacek at redhat.com>pspacek at redhat.com>
>>>> >>>>>> wrote:
>>>> >>>>>>>>
>>>> >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>>> >>>>>>>>>> Hi
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> I am migrating to freeipa from openldap and have around 4000
>>>> >>>> clients
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> I had openned a another thread on that, but chose to start a
>>>> new
>>>> >>>> one
>>>> >>>>>>>>> here
>>>> >>>>>>>>>> as its a separate issue
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> I was able to change the nssslapd-maxdescriptors adding an
>>>> ldif
>>>> >>>> file
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> cat nsslapd-modify.ldif
>>>> >>>>>>>>>> dn: cn=config
>>>> >>>>>>>>>> changetype: modify
>>>> >>>>>>>>>> replace: nsslapd-maxdescriptors
>>>> >>>>>>>>>> nsslapd-maxdescriptors: 17000
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> and running the ldapmodify command
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> I have now started moving clients running an openldap to
>>>> Freeipa
>>>> >>>> and
>>>> >>>>>>>>> have
>>>> >>>>>>>>>> today moved close to 2000 clients
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> However, I have noticed that IPA hangs intermittently.
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> running a kinit admin returns the below error
>>>> >>>>>>>>>> kinit: Generic error (see e-text) while getting initial
>>>> >>>> credentials
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> from the /var/log/messages, I see this entry
>>>> >>>>>>>>>>
>>>> >>>>>>>>>>  prod-ipa-master-int kernel: [104090.315801] TCP:
>>>> >>>> request_sock_TCP:
>>>> >>>>>>>>>> Possible SYN flooding on port 88. Sending cookies.  Check
>>>> SNMP
>>>> >>>>>> counters.
>>>> >>>>>>>>>
>>>> >>>>>>>>> I would be worried about this message. Maybe kernel/firewall
>>>> is
>>>> >>>> doing
>>>> >>>>>>>>> something fishy behind your back and blocking some
>>>> connections or
>>>> >>>> so.
>>>> >>>>>>>>>
>>>> >>>>>>>>> Petr^2 Spacek
>>>> >>>>>>>>>
>>>> >>>>>>>>>
>>>> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Started
>>>> Session
>>>> >>>> 4885
>>>> >>>>>> of
>>>> >>>>>>>>>> user root.
>>>> >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int systemd[1]: Starting
>>>> Session
>>>> >>>> 4885
>>>> >>>>>> of
>>>> >>>>>>>>>> user root.
>>>> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Started
>>>> Session
>>>> >>>> 4886
>>>> >>>>>> of
>>>> >>>>>>>>>> user root.
>>>> >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int systemd[1]: Starting
>>>> Session
>>>> >>>> 4886
>>>> >>>>>> of
>>>> >>>>>>>>>> user root.
>>>> >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int python[28984]:
>>>> ansible-command
>>>> >>>>>>>>> Invoked
>>>> >>>>>>>>>> with creates=None executable=None shell=True args=
>>>> removes=None
>>>> >>>>>>>>> warn=True
>>>> >>>>>>>>>> chdir=None
>>>> >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int sssd_be: GSSAPI Error:
>>>> >>>> Unspecified
>>>> >>>>>>>>> GSS
>>>> >>>>>>>>>> failure.  Minor code may provide more information (KDC
>>>> returned
>>>> >>>> error
>>>> >>>>>>>>>> string: PROCESS_TGS)
>>>> >>>>>>>>>>
>>>> >>>>>>>>>> Could it be possible that its due to the initial load of
>>>> adding
>>>> >>>> the
>>>> >>>>>>>>> clients
>>>> >>>>>>>>>> or is there something else that I need to take care of.
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/c782cd0e/attachment.htm>

From ianh at brownpapertickets.com  Mon Aug 29 16:48:26 2016
From: ianh at brownpapertickets.com (Ian Harding)
Date: Mon, 29 Aug 2016 09:48:26 -0700
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <95a007f3-acf3-4688-db9e-4be4b6f3e3c6@redhat.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
	<55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
	<57BF2DE6.3080102@redhat.com>
	<44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>
	<95a007f3-acf3-4688-db9e-4be4b6f3e3c6@redhat.com>
Message-ID: <0cdb0f14-4068-eed9-45af-e43f25a3ce19@brownpapertickets.com>



On 08/25/2016 03:10 PM, Mark Reynolds wrote:
> 
> 
> On 08/25/2016 02:04 PM, Ian Harding wrote:
>>
>> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>>> Ian Harding wrote:
>>>>
>>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>>>> Ian Harding wrote:
>>>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>>>> happened.
>>>>>>
>>>>>> It only had a replication agreement with freeipa-sea
>>>>>>
>>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>
>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>> configuration!
>>>>>>
>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>> [no]: yes
>>>>>> Shutting down all IPA services
>>>>>> Removing IPA client configuration
>>>>>> Unconfiguring ntpd
>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>> Unconfiguring CA
>>>>>> Unconfiguring named
>>>>>> Unconfiguring ipa-dnskeysyncd
>>>>>> Unconfiguring web server
>>>>>> Unconfiguring krb5kdc
>>>>>> Unconfiguring kadmin
>>>>>> Unconfiguring directory server
>>>>>> Unconfiguring ipa_memcached
>>>>>> Unconfiguring ipa-otpd
>>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>
>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>> configuration!
>>>>>>
>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>> [no]: yes
>>>>>>
>>>>>> WARNING: Failed to connect to Directory Server to find information
>>>>>> about
>>>>>> replication agreements. Uninstallation will continue despite the
>>>>>> possible
>>>>>> existing replication agreements.
>>>>>> Shutting down all IPA services
>>>>>> Removing IPA client configuration
>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>>>> Directory Manager (existing master) password:
>>>>>>
>>>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>>>> You should remove it before proceeding:
>>>>>>       % ipa host-del freeipa-dal.bpt.rocks
>>>>>> [root at freeipa-dal ianh]#
>>>>>>
>>>>>> So I tried to delete it again with --force
>>>>>>
>>>>>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>>>>>> freeipa-dal.bpt.rocks
>>>>>> Directory Manager password:
>>>>>>
>>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>>>> 'freeipa-dal.bpt.rocks'
>>>>>> [root at freeipa-sea ianh]#
>>>>>>
>>>>>> Can't delete it from the master server either
>>>>>>
>>>>>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>>>> disabled
>>>>>>
>>>>>>
>>>>>> Now what?  I'm running out of things that work.
>>>>> Not sure what version of IPA you have but try:
>>>>>
>>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>>>
>>>>> If this had a CA on it then you'll want to ensure that any replication
>>>>> agreements it had have been removed as well.
>>>>>
>>>>> rob
>>>>>
>>>> It turns out I'm not smart enough to untangle this mess.
>>>>
>>>> Is there any way to kind of start over?  I managed to delete and
>>>> recreate a couple replicas but the problems (obsolete ruv as far as I
>>>> can tell) carry on with the new replicas.  They won't even replicate
>>>> back to the master they were created from.
>>> Once you have the right version of 389-ds then then cleanruv tasks work
>>> a lot better. What version are you running now?
>> 1.3.4.0. 
> Ian,
> 
> Can you the exact version please?  rpm -qa | grep 389-ds-base
> 
> Thanks,
> Mark

Sorry about the delay..

[root at freeipa-sea ianh]# rpm -qa | grep 389-ds-base
389-ds-base-libs-1.3.4.0-33.el7_2.x86_64
389-ds-base-1.3.4.0-33.el7_2.x86_64


>>  It's handcuffed to my CentOS 7 so I don't want to update it
>> outside the CentOS ecosystem.  What's the downside of upgrading it from
>> source or an RPM for a different flavor of RedHat derived Linux?
>>
>> I'm a one-man band but I'd be interested in hearing a pitch from someone
>> who is super smart on this stuff for a working consulting gig and maybe
>> ongoing support.  Who would I talk to at RedHat about coming in from the
>> cold for full on corporate support?
>>
>> Thanks!
>>
>>>> Basically, is there a way to do a fresh install of FreeIPA server, and
>>>> do a dump/restore of data from my existing messed up install?
>>> Not really, no. You can migrate IPA to IPA but only users and groups and
>>> you lose private groups for existing users (they become regular POSIX
>>> groups).
>>>
>>> rob
>>>
> 

-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From deepak_dimri at hotmail.com  Mon Aug 29 17:31:09 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Mon, 29 Aug 2016 13:31:09 -0400
Subject: [Freeipa-users] Delegated Administration in IPA
In-Reply-To: <SNT152-W36122D680DCE9E16FAAD77F5E10@phx.gbl>
References: <SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl>,
	<20160808085423.whdfs7ss4xw45a62@redhat.com>,
	<SNT152-W295217DD427E6F86F586BDF51B0@phx.gbl>,
	<SNT152-W36122D680DCE9E16FAAD77F5E10@phx.gbl>
Message-ID: <SNT152-W271B6A24C3B39CD13D12C1F5E10@phx.gbl>

**adding FreeIPA-Users***




Hi Alexander,
I was referring to you below reply regarding managing the access ( adding and deleting etc) for only those hosts which are part of a particular hostgroup - you mentioned i can do that using "additional target filter based on the hostgroup membership." in the freeIPA permission. What would be the attribute/DN i should be giving in the target filter to achieve this?
obviously default host group membership allow the admin to add and delete any hosts. Which i dont want. I want management restricted to only those host which are part of the hostgroup
Thanks in advance
Best Regards,Deepak


> Date: Mon, 8 Aug 2016 11:54:23 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Delegated Administration in IPA
> 
> On Mon, 08 Aug 2016, Deepak Dimri wrote:
> >Hi List,
> >I want some help here! i have 100 of linux servers and ec2 instances
> >used by various teams/departments.   I want to have group wise
> >clubbing of these servers so that i can delegate administration access
> >to manager of  that particular group. For example lets say out of those
> >100 servers, 25 servers belongs to engineering team so i want to
> >register these 25 servers under engineering group/domain and then
> >assign the full administration access to engineering manager to manage
> >these 25 servers and there accesses.  I am getting a sense that we can
> >create DNS subdomains for each team i.e. engineering.<ipa server domain
> >name> and then register those 25 servers under engineering.<ipa server
> >domain name> but then i am not sure how i can assign the access and do
> >rest of the configurations.  I would be thankfully if any of you can
> >provide with configuration steps to help me
> What kind of administration do you want to achieve?
> 
> - Managing IPA objects themselves?
> - Managing actual machines as in login to them, run sudo, etc?
> 
> For the former you'd need to learn how to deal with
> permissions/privileges/roles and create separate
> permissions/privileges/roles that look like a default one with
> additional target filter based on the hostgroup membership.
> 
> For the latter you'd use HBAC rules.
> 
> -- 
> / Alexander Bokovoy
 		 	   		   		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/ee6f3fcb/attachment.htm>

From rmeggins at redhat.com  Mon Aug 29 17:48:12 2016
From: rmeggins at redhat.com (Rich Megginson)
Date: Mon, 29 Aug 2016 11:48:12 -0600
Subject: [Freeipa-users] Freeipa 4.2.0 hangs intermittently
In-Reply-To: <CANAMAkqxa=CHSAa0s0qBnSr-kvomRA+MAtTtN_KgrHL=cNuvuQ@mail.gmail.com>
References: <CANAMAkr7w6xNmZ94Xrr93+zbJ2+0sjTzvvTqpuWA3NyN0NZ_WA@mail.gmail.com>
	<CANAMAkq+TvfKxj2x1y9c76cY2fi8eKwh5kKa=NTwLOiam=jHQA@mail.gmail.com>
	<CANAMAkqgBj9=M-yKRSqLoz6_trQxEpdWvv91pZdXooBgGp1A5A@mail.gmail.com>
	<7850c6f9-f79a-355e-4730-93bb67fbacf1@redhat.com>
	<CANAMAkpiZxJYoihJM4qgR8eW=GDC==xmM6SFVXep1+ZGqNQdOw@mail.gmail.com>
	<a043e25c-78bb-3ddf-35c7-10541b886f4c@redhat.com>
	<CANAMAkr2hVJ6+17ybeXh4Rzuf_pBBhDcJYDX1dOamGjYRQVYnQ@mail.gmail.com>
	<CANAMAkpqv5r2GNR1z9+iOJEh40F50kskrnPAOT+B5qV9uR6Q7g@mail.gmail.com>
	<CANAMAkpC5DKkqA_X4tZjscFyOyD2SJjjy74g1sOGYayqLH=ywA@mail.gmail.com>
	<ca385752-87b1-1190-cbdd-9d552b3bf105@redhat.com>
	<CANAMAkqqBOUx0rXH6MPYQgiVtSzCpCOO+EiuwT0urcyUAn_G3g@mail.gmail.com>
	<57BEB0AB.2090506@redhat.com>
	<CANAMAkrNMzr2EsaqHgD3Z+sO+p_Zvyv4_dbDtuCq+Cz=91M-Fw@mail.gmail.com>
	<CANAMAkqwX=toissq8tEjuj5p-AP5dkA3V+5Oq9PkJFQyTdoH2A@mail.gmail.com>
	<57C44AC6.1030402@redhat.com>
	<CANAMAkqxa=CHSAa0s0qBnSr-kvomRA+MAtTtN_KgrHL=cNuvuQ@mail.gmail.com>
Message-ID: <f3787021-8ae5-9408-f0e2-e354fece2e73@redhat.com>

On 08/29/2016 10:53 AM, Rakesh Rajasekharan wrote:
> Hi Thierry,
>
> My machine has 30GB RAM ..and  389-ds version is 1.3.4
>
> ldapsearch shows the values for nsslapd-cachememsize updated to 200MB.
>
> ldapsearch -LLL -o ldif-wrap=no -D "cn=directory manager" -w 
> 'mypassword' -b 'cn=userRoot,cn=ldbm 
> database,cn=plugins,cn=config'|grep nsslapd-cachememsize
> nsslapd-cachememsize: 209715200
>
>
> So, it seems to have updated though seeing that warning(WARNING: 
> ipaca: entry cache size 10485760B is less than db size 11599872B) in 
> the log confuses me a bit.
>
> Thers one more entry that I found from the ldapsearch to be bit low
>
> nsslapd-dncachememsize: 10485760
> maxdncachesize: 10485760
>
> Should I update these as well to a higher value
>
> At the time when the issue happened, the memory usage as well as the 
> overall load of the system was very low .
> I will try reproducing the issue atleast in my QA env..probably by 
> trying to mock  simultaneous parallel logins to a large number of hosts

To monitor your cache sizes, please use the dbmon.sh tool provided with 
your distro.  If that is not available with your particular distro, see 
https://github.com/richm/scripts/wiki/dbmon.sh

>
>
> thanks
> Rakesh
>
>
>
>
> On Mon, Aug 29, 2016 at 8:16 PM, thierry bordaz <tbordaz at redhat.com 
> <mailto:tbordaz at redhat.com>> wrote:
>
>     Hi Rakesh,
>
>     Those tuning may depend on the memory available on your machine.
>     nsslapd-cachememsize allows the entry cache to consume up to 200Mb
>     but its memory footprint is known to go above.
>     200Mb both looks pretty good to me. How large is your machine ?
>     What is your version of 389-ds ?
>
>     Those warnings do not change your settings. It just raise that
>     entry cache of 'ipaca' and 'retrocl' are small but it is fine. The
>     size of the entry cache is important mostly in userRoot.
>     You may double check the actual values, after restart, with
>     ldapsearch on 'cn=userRoot,cn=ldbm database,cn=plugins,cn=config'
>     and 'cn=config,cn=ldbm database,cn=plugins,cn=config'.
>
>     A step is to know what will be response time of DS to know if it
>     is responsible of the hang or not.
>     The logs and possibly pstack during those intermittent hangs will
>     help to determine that.
>
>     regards
>     thierry
>
>
>
>
>
>     On 08/29/2016 04:25 PM, Rakesh Rajasekharan wrote:
>>     I tried increasing the nsslapd-dbcachesize and
>>     nsslapd-cachememsize in my QA envs to 200MB.
>>
>>     However, in my log files, I still see this message
>>     [29/Aug/2016:04:34:37 +0000] - WARNING: ipaca: entry cache size
>>     10485760B is less than db size 11599872B; We recommend to
>>     increase the entry cache size nsslapd-cachememsize.
>>     [29/Aug/2016:04:34:37 +0000] - WARNING: changelog: entry cache
>>     size 2097152B is less than db size 441647104B; We recommend to
>>     increase the entry cache size nsslapd-cachememsize.
>>
>>     these are my ldif files that i used to modify the values
>>     modify entry cache size
>>     cat modify-cache-mem-size.ldif
>>     dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
>>     changetype: modify
>>     replace: nsslapd-cachememsize
>>     nsslapd-cachememsize: 209715200
>>
>>     modify db cache size
>>     cat modfy-db-cache-size.ldif
>>     dn: cn=config,cn=ldbm database,cn=plugins,cn=config
>>     changetype: modify
>>     replace: nsslapd-dbcachesize
>>     nsslapd-dbcachesize: 209715200
>>
>>     After modifying , i restarted IPA services
>>
>>     Is there anything else that  I need to take care of as the logs
>>     suggest its still not getting the updated values
>>
>>     Thanks
>>     Rakesh
>>
>>     On Mon, Aug 29, 2016 at 6:07 PM, Rakesh Rajasekharan
>>     <rakesh.rajasekharan at gmail.com
>>     <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>
>>         Hi Thierry,
>>
>>         Coz of the issues we had to revert back to earlier running
>>         openldap in production.
>>
>>         I have now done a few TCP related changes in sysctl.conf and
>>         have also increased the nsslapd-dbcachesize and
>>         nsslapd-cachememsize to 200MB
>>
>>         I will again start migrating hosts back to IPA and see if I
>>         face the earlier issue.
>>
>>         I will update back once I have something
>>
>>
>>         Thanks,
>>         Rakesh
>>
>>
>>
>>         On Thu, Aug 25, 2016 at 2:17 PM, thierry bordaz
>>         <tbordaz at redhat.com <mailto:tbordaz at redhat.com>> wrote:
>>
>>
>>
>>             On 08/25/2016 10:15 AM, Rakesh Rajasekharan wrote:
>>>             All of the troubleshooting seems fine.
>>>
>>>
>>>             However, Running libconv.pl <http://libconv.pl> gives me
>>>             this output
>>>
>>>             ----- Recommendations -----
>>>
>>>              1.  You have unindexed components, this can be caused
>>>             from a search on an unindexed attribute, or your
>>>             returned results exceeded the allidsthreshold. Unindexed
>>>             components are not recommended. To refuse unindexed
>>>             searches, switch 'nsslapd-require-index' to 'on' under
>>>             your database entry (e.g. cn=UserRoot,cn=ldbm
>>>             database,cn=plugins,cn=config).
>>>
>>>              2.  You have a significant difference between binds and
>>>             unbinds.  You may want to investigate this difference.
>>>
>>>
>>>             I feel, this could be a pointer to things going slow..
>>>             and IPA hanging. I think i now have something that I can
>>>             try and nail down this issue.
>>>
>>>             On a sidenote, I was earlier running openldap and
>>>             migrated over to Freeipa,
>>>
>>>             Thanks
>>>             Rakesh
>>>
>>>
>>>
>>>             On Wed, Aug 24, 2016 at 12:38 PM, Petr Spacek
>>>             <pspacek at redhat.com <mailto:pspacek at redhat.com>> wrote:
>>>
>>>                 On 23.8.2016 18:44, Rakesh Rajasekharan wrote:
>>>                 > I think thers something seriously wrong with my system
>>>                 >
>>>                 > not able to run any  IPA commands
>>>                 >
>>>                 > klist
>>>                 > Ticket cache: KEYRING:persistent:0:0
>>>                 > Default principal: admin at XYZ.COM
>>>                 <mailto:admin at XYZ.COM>
>>>                 >
>>>                 > Valid starting      Expires       Service principal
>>>                 > 2016-08-23T16:26:36 2016-08-24T16:26:22
>>>                 krbtgt/XYZ.COM at XYZ.COM <mailto:XYZ.COM at XYZ.COM>
>>>                 >
>>>                 >
>>>                 > [root at prod-ipa-master-1a :~] ipactl status
>>>                 > Directory Service: RUNNING
>>>                 > krb5kdc Service: RUNNING
>>>                 > kadmin Service: RUNNING
>>>                 > ipa_memcached Service: RUNNING
>>>                 > httpd Service: RUNNING
>>>                 > pki-tomcatd Service: RUNNING
>>>                 > ipa-otpd Service: RUNNING
>>>                 > ipa: INFO: The ipactl command was successful
>>>                 >
>>>                 >
>>>                 >
>>>                 > [root at prod-ipa-master :~] ipa user-find p-testuser
>>>                 > ipa: ERROR: Kerberos error: ('Unspecified GSS
>>>                 failure.  Minor code may
>>>                 > provide more information', 851968)/("Cannot
>>>                 contact any KDC for realm '
>>>                 > XYZ.COM <http://XYZ.COM>'", -1765328228)
>>>
>>
>>             Hi Rakesh,
>>
>>                 Having a reproducible test case would you rerun the
>>                 command above.
>>                 During its processing you may monitor DS process load
>>                 (top). If it is high, you may get some pstacks of it.
>>                 Also would you attach the part of DS access logs
>>                 taken during the command.
>>
>>                 regards
>>                 thierry
>>
>>>                 >
>>>
>>>                 This is weird because the server seems to be up.
>>>
>>>                 Please follow
>>>                 http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos
>>>                 <http://www.freeipa.org/page/Troubleshooting#Authentication.2FKerberos>
>>>
>>>                 Petr^2 Spacek
>>>
>>>                 >
>>>                 >
>>>                 > Thanks
>>>                 >
>>>                 > Rakesh
>>>                 >
>>>                 > On Tue, Aug 23, 2016 at 10:01 PM, Rakesh
>>>                 Rajasekharan <
>>>                 > rakesh.rajasekharan at gmail.com
>>>                 <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>>                 >
>>>                 >> i changed the loggin level to 4 . Modifying
>>>                 nsslapd-accesslog-level
>>>                 >>
>>>                 >> But, the hang is still there. though I dont see
>>>                 the sigfault now
>>>                 >>
>>>                 >>
>>>                 >>
>>>                 >>
>>>                 >> On Tue, Aug 23, 2016 at 9:02 PM, Rakesh
>>>                 Rajasekharan <
>>>                 >> rakesh.rajasekharan at gmail.com
>>>                 <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>>                 >>
>>>                 >>> My disk was getting filled too fast
>>>                 >>>
>>>                 >>> logs under /var/log/dirsrv was coming around 5
>>>                 gb quickly filling up
>>>                 >>>
>>>                 >>> Is there a way to make the logging less verbose
>>>                 >>>
>>>                 >>>
>>>                 >>>
>>>                 >>> On Tue, Aug 23, 2016 at 6:41 PM, Petr Spacek
>>>                 <pspacek at redhat.com <mailto:pspacek at redhat.com>> wrote:
>>>                 >>>
>>>                 >>>> On 23.8.2016 15:07, Rakesh Rajasekharan wrote:
>>>                 >>>>> I was able to fix that may be temporarily...
>>>                 when i checked the
>>>                 >>>> network..
>>>                 >>>>> there was another process that was running and
>>>                 consuming a lot of
>>>                 >>>> network (
>>>                 >>>>> i have no idea who did that. I need to
>>>                 seriously start restricting
>>>                 >>>> people
>>>                 >>>>> access to this machine )
>>>                 >>>>>
>>>                 >>>>> after killing that perfomance improved drastically
>>>                 >>>>>
>>>                 >>>>> But now, suddenly I started experiencing the
>>>                 same hang.
>>>                 >>>>>
>>>                 >>>>> This time , I gert the following error when
>>>                 checked dmesg
>>>                 >>>>>
>>>                 >>>>> [  301.236976] ns-slapd[3124]: segfault at 0
>>>                 ip 00007f1de416951c sp
>>>                 >>>>> 00007f1dee1dba70 error 4 in
>>>                 libcos-plugin.so[7f1de4166000+b000]
>>>                 >>>>> [ 1116.248431] TCP: request_sock_TCP: Possible
>>>                 SYN flooding on port 88.
>>>                 >>>>> Sending cookies.  Check SNMP counters.
>>>                 >>>>> [11831.397037] ns-slapd[22550]: segfault at 0
>>>                 ip 00007f533d82251c sp
>>>                 >>>>> 00007f5347894a70 error 4 in
>>>                 libcos-plugin.so[7f533d81f000+b000]
>>>                 >>>>> [11832.727989] ns-slapd[22606]: segfault at 0
>>>                 ip 00007f6231eb951c sp
>>>                 >>>>> 00007f623bf2ba70 error 4 in
>>>                 libcos-plugin.so[7f6231eb6000+b00
>>>                 >>>>
>>>                 >>>> Okay, this one is serious. The LDAP server crashed.
>>>                 >>>>
>>>                 >>>> 1. Make sure all your packages are up-to-date.
>>>                 >>>>
>>>                 >>>> Please see
>>>                 >>>>
>>>                 http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#d
>>>                 >>>> ebugging-crashes
>>>                 >>>> for further instructions how to debug this.
>>>                 >>>>
>>>                 >>>> Petr^2 Spacek
>>>                 >>>>
>>>                 >>>>>
>>>                 >>>>> and in /var/log/dirsrv/example-com/errors
>>>                 >>>>>
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291138 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291139 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291140 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291141 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291142 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291143 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291144 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:36 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3291145 (rc: 32)
>>>                 >>>>> [23/Aug/2016:12:49:50 +0000] - Retry count
>>>                 exceeded in delete
>>>                 >>>>> [23/Aug/2016:12:49:50 +0000] DSRetroclPlugin -
>>>                 delete_changerecord:
>>>                 >>>> could
>>>                 >>>>> not delete change record 3292734 (rc: 51)
>>>                 >>>>>
>>>                 >>>>>
>>>                 >>>>> Can  i do something about this error.. I treid
>>>                 to restart ipa a couple
>>>                 >>>> of
>>>                 >>>>> time but that did not help
>>>                 >>>>>
>>>                 >>>>> Thanks
>>>                 >>>>> Rakesh
>>>                 >>>>>
>>>                 >>>>> On Mon, Aug 22, 2016 at 2:27 PM, Petr Spacek
>>>                 <pspacek at redhat.com <mailto:pspacek at redhat.com>>
>>>                 >>>> wrote:
>>>                 >>>>>
>>>                 >>>>>> On 19.8.2016 19:32, Rakesh Rajasekharan wrote:
>>>                 >>>>>>> I am running my set up on AWS cloud, and
>>>                 entropy is low at around
>>>                 >>>> 180 .
>>>                 >>>>>>>
>>>                 >>>>>>> I plan to increase it bu installing haveged
>>>                 . But, would low entropy
>>>                 >>>> by
>>>                 >>>>>> any
>>>                 >>>>>>> chance cause this issue of intermittent hang .
>>>                 >>>>>>> Also, the hang is mostly observed when
>>>                 registering around 20 clients
>>>                 >>>>>>> together
>>>                 >>>>>>
>>>                 >>>>>> Possibly, I'm not sure. If you want to dig
>>>                 into this, I would do this:
>>>                 >>>>>> 1. look what process hangs on client (using
>>>                 pstree command or so)
>>>                 >>>>>> $ pstree
>>>                 >>>>>>
>>>                 >>>>>> 2. look to what server and port is the
>>>                 hanging client connected to
>>>                 >>>>>> $ lsof -p <PID of the hanging process>
>>>                 >>>>>>
>>>                 >>>>>> 3. jump to server and see what process is
>>>                 bound to the target port
>>>                 >>>>>> $ netstat -pn
>>>                 >>>>>>
>>>                 >>>>>> 4. see where the process if hanging
>>>                 >>>>>> $ strace -p <PID of the hanging process>
>>>                 >>>>>>
>>>                 >>>>>> I hope it helps.
>>>                 >>>>>>
>>>                 >>>>>> Petr^2 Spacek
>>>                 >>>>>>
>>>                 >>>>>>> On Fri, Aug 19, 2016 at 7:24 PM, Rakesh
>>>                 Rajasekharan <
>>>                 >>>>>>> rakesh.rajasekharan at gmail.com
>>>                 <mailto:rakesh.rajasekharan at gmail.com>> wrote:
>>>                 >>>>>>>
>>>                 >>>>>>>> yes there seems to be something thats
>>>                 worrying.. I have faced this
>>>                 >>>> today
>>>                 >>>>>>>> as well.
>>>                 >>>>>>>> There are few hosts around 280 odd left and
>>>                 when i try adding them
>>>                 >>>> to
>>>                 >>>>>> IPA
>>>                 >>>>>>>> , the slowness begins..
>>>                 >>>>>>>>
>>>                 >>>>>>>> all the ipa commands like ipa user-find..
>>>                 etc becomes very slow in
>>>                 >>>>>>>> responding.
>>>                 >>>>>>>>
>>>                 >>>>>>>> the SYNC_RECV are not many though just
>>>                 around 80-90 and today that
>>>                 >>>> was
>>>                 >>>>>>>> around 20 only
>>>                 >>>>>>>>
>>>                 >>>>>>>>
>>>                 >>>>>>>> I have for now increased
>>>                 tcp_max_syn_backlog to 5000.
>>>                 >>>>>>>> For now the slowness seems to have gone..
>>>                 but I will do a try
>>>                 >>>> adding the
>>>                 >>>>>>>> clients again tomorrow and see how it goes
>>>                 >>>>>>>>
>>>                 >>>>>>>> Thanks
>>>                 >>>>>>>> Rakesh
>>>                 >>>>>>>>
>>>                 >>>>>>>> The issues
>>>                 >>>>>>>>
>>>                 >>>>>>>> On Fri, Aug 19, 2016 at 12:58 PM, Petr
>>>                 Spacek <pspacek at redhat.com <mailto:pspacek at redhat.com>>
>>>                 >>>>>> wrote:
>>>                 >>>>>>>>
>>>                 >>>>>>>>> On 18.8.2016 17:23, Rakesh Rajasekharan wrote:
>>>                 >>>>>>>>>> Hi
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> I am migrating to freeipa from openldap
>>>                 and have around 4000
>>>                 >>>> clients
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> I had openned a another thread on that,
>>>                 but chose to start a new
>>>                 >>>> one
>>>                 >>>>>>>>> here
>>>                 >>>>>>>>>> as its a separate issue
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> I was able to change the
>>>                 nssslapd-maxdescriptors adding an ldif
>>>                 >>>> file
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> cat nsslapd-modify.ldif
>>>                 >>>>>>>>>> dn: cn=config
>>>                 >>>>>>>>>> changetype: modify
>>>                 >>>>>>>>>> replace: nsslapd-maxdescriptors
>>>                 >>>>>>>>>> nsslapd-maxdescriptors: 17000
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> and running the ldapmodify command
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> I have now started moving clients running
>>>                 an openldap to Freeipa
>>>                 >>>> and
>>>                 >>>>>>>>> have
>>>                 >>>>>>>>>> today moved close to 2000 clients
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> However, I have noticed that IPA hangs
>>>                 intermittently.
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> running a kinit admin returns the below error
>>>                 >>>>>>>>>> kinit: Generic error (see e-text) while
>>>                 getting initial
>>>                 >>>> credentials
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> from the /var/log/messages, I see this entry
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>>  prod-ipa-master-int kernel:
>>>                 [104090.315801] TCP:
>>>                 >>>> request_sock_TCP:
>>>                 >>>>>>>>>> Possible SYN flooding on port 88. Sending
>>>                 cookies.  Check SNMP
>>>                 >>>>>> counters.
>>>                 >>>>>>>>>
>>>                 >>>>>>>>> I would be worried about this message.
>>>                 Maybe kernel/firewall is
>>>                 >>>> doing
>>>                 >>>>>>>>> something fishy behind your back and
>>>                 blocking some connections or
>>>                 >>>> so.
>>>                 >>>>>>>>>
>>>                 >>>>>>>>> Petr^2 Spacek
>>>                 >>>>>>>>>
>>>                 >>>>>>>>>
>>>                 >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int
>>>                 systemd[1]: Started Session
>>>                 >>>> 4885
>>>                 >>>>>> of
>>>                 >>>>>>>>>> user root.
>>>                 >>>>>>>>>> Aug 18 13:00:01 prod-ipa-master-int
>>>                 systemd[1]: Starting Session
>>>                 >>>> 4885
>>>                 >>>>>> of
>>>                 >>>>>>>>>> user root.
>>>                 >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int
>>>                 systemd[1]: Started Session
>>>                 >>>> 4886
>>>                 >>>>>> of
>>>                 >>>>>>>>>> user root.
>>>                 >>>>>>>>>> Aug 18 13:01:01 prod-ipa-master-int
>>>                 systemd[1]: Starting Session
>>>                 >>>> 4886
>>>                 >>>>>> of
>>>                 >>>>>>>>>> user root.
>>>                 >>>>>>>>>> Aug 18 13:02:40 prod-ipa-master-int
>>>                 python[28984]: ansible-command
>>>                 >>>>>>>>> Invoked
>>>                 >>>>>>>>>> with creates=None executable=None
>>>                 shell=True args= removes=None
>>>                 >>>>>>>>> warn=True
>>>                 >>>>>>>>>> chdir=None
>>>                 >>>>>>>>>> Aug 18 13:04:37 prod-ipa-master-int
>>>                 sssd_be: GSSAPI Error:
>>>                 >>>> Unspecified
>>>                 >>>>>>>>> GSS
>>>                 >>>>>>>>>> failure.  Minor code may provide more
>>>                 information (KDC returned
>>>                 >>>> error
>>>                 >>>>>>>>>> string: PROCESS_TGS)
>>>                 >>>>>>>>>>
>>>                 >>>>>>>>>> Could it be possible that its due to the
>>>                 initial load of adding
>>>                 >>>> the
>>>                 >>>>>>>>> clients
>>>                 >>>>>>>>>> or is there something else that I need to
>>>                 take care of.
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/45144cf8/attachment.htm>

From mareynol at redhat.com  Mon Aug 29 20:36:21 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Mon, 29 Aug 2016 16:36:21 -0400
Subject: [Freeipa-users] Cleaning Up an Unholy Mess
In-Reply-To: <0cdb0f14-4068-eed9-45af-e43f25a3ce19@brownpapertickets.com>
References: <a7ee48a4-29df-1ef2-3d51-c7af626b0df6@brownpapertickets.com>
	<57BE4B05.7080307@redhat.com>
	<55da4943-e938-3569-f770-8be0f3d8cad4@brownpapertickets.com>
	<57BF2DE6.3080102@redhat.com>
	<44736dd3-4c94-c637-fd0b-4e8e8411a87e@brownpapertickets.com>
	<95a007f3-acf3-4688-db9e-4be4b6f3e3c6@redhat.com>
	<0cdb0f14-4068-eed9-45af-e43f25a3ce19@brownpapertickets.com>
Message-ID: <98a3c56a-7ad6-1822-0b79-7dfe8906c15f@redhat.com>



On 08/29/2016 12:48 PM, Ian Harding wrote:
>
> On 08/25/2016 03:10 PM, Mark Reynolds wrote:
>>
>> On 08/25/2016 02:04 PM, Ian Harding wrote:
>>> On 08/25/2016 10:41 AM, Rob Crittenden wrote:
>>>> Ian Harding wrote:
>>>>> On 08/24/2016 06:33 PM, Rob Crittenden wrote:
>>>>>> Ian Harding wrote:
>>>>>>> I tried to simply uninstall and reinstall freeipa-dal and this
>>>>>>> happened.
>>>>>>>
>>>>>>> It only had a replication agreement with freeipa-sea
>>>>>>>
>>>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>>
>>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>>> configuration!
>>>>>>>
>>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>>> [no]: yes
>>>>>>> Shutting down all IPA services
>>>>>>> Removing IPA client configuration
>>>>>>> Unconfiguring ntpd
>>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>>> Unconfiguring CA
>>>>>>> Unconfiguring named
>>>>>>> Unconfiguring ipa-dnskeysyncd
>>>>>>> Unconfiguring web server
>>>>>>> Unconfiguring krb5kdc
>>>>>>> Unconfiguring kadmin
>>>>>>> Unconfiguring directory server
>>>>>>> Unconfiguring ipa_memcached
>>>>>>> Unconfiguring ipa-otpd
>>>>>>> [root at freeipa-dal ianh]# ipa-server-install --uninstall
>>>>>>>
>>>>>>> This is a NON REVERSIBLE operation and will delete all data and
>>>>>>> configuration!
>>>>>>>
>>>>>>> Are you sure you want to continue with the uninstall procedure?
>>>>>>> [no]: yes
>>>>>>>
>>>>>>> WARNING: Failed to connect to Directory Server to find information
>>>>>>> about
>>>>>>> replication agreements. Uninstallation will continue despite the
>>>>>>> possible
>>>>>>> existing replication agreements.
>>>>>>> Shutting down all IPA services
>>>>>>> Removing IPA client configuration
>>>>>>> Configuring certmonger to stop tracking system certificates for KRA
>>>>>>> Configuring certmonger to stop tracking system certificates for CA
>>>>>>> [root at freeipa-dal ianh]# ipa-replica-install --setup-ca --setup-dns
>>>>>>> --no-forwarders /var/lib/ipa/replica-info-freeipa-dal.bpt.rocks.gpg
>>>>>>> Directory Manager (existing master) password:
>>>>>>>
>>>>>>> The host freeipa-dal.bpt.rocks already exists on the master server.
>>>>>>> You should remove it before proceeding:
>>>>>>>       % ipa host-del freeipa-dal.bpt.rocks
>>>>>>> [root at freeipa-dal ianh]#
>>>>>>>
>>>>>>> So I tried to delete it again with --force
>>>>>>>
>>>>>>> [root at freeipa-sea ianh]# ipa-replica-manage --force del
>>>>>>> freeipa-dal.bpt.rocks
>>>>>>> Directory Manager password:
>>>>>>>
>>>>>>> 'freeipa-sea.bpt.rocks' has no replication agreement for
>>>>>>> 'freeipa-dal.bpt.rocks'
>>>>>>> [root at freeipa-sea ianh]#
>>>>>>>
>>>>>>> Can't delete it from the master server either
>>>>>>>
>>>>>>> [root at seattlenfs ianh]# ipa host-del freeipa-dal.bpt.rocks
>>>>>>> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
>>>>>>> disabled
>>>>>>>
>>>>>>>
>>>>>>> Now what?  I'm running out of things that work.
>>>>>> Not sure what version of IPA you have but try:
>>>>>>
>>>>>> # ipa-replica-manage --force --cleanup delete freeipa-dal.bpt.rocks
>>>>>>
>>>>>> If this had a CA on it then you'll want to ensure that any replication
>>>>>> agreements it had have been removed as well.
>>>>>>
>>>>>> rob
>>>>>>
>>>>> It turns out I'm not smart enough to untangle this mess.
>>>>>
>>>>> Is there any way to kind of start over?  I managed to delete and
>>>>> recreate a couple replicas but the problems (obsolete ruv as far as I
>>>>> can tell) carry on with the new replicas.  They won't even replicate
>>>>> back to the master they were created from.
>>>> Once you have the right version of 389-ds then then cleanruv tasks work
>>>> a lot better. What version are you running now?
>>> 1.3.4.0. 
>> Ian,
>>
>> Can you the exact version please?  rpm -qa | grep 389-ds-base
>>
>> Thanks,
>> Mark
> Sorry about the delay..
>
> [root at freeipa-sea ianh]# rpm -qa | grep 389-ds-base
> 389-ds-base-libs-1.3.4.0-33.el7_2.x86_64
> 389-ds-base-1.3.4.0-33.el7_2.x86_64
Now I'm not sure what is going on.  You are on the latest version of
389-ds-base, and it has the cleanAllRUV fix I was talking about. 
Perhaps the message "Waiting to process all the updates from the deleted
replica..." returned by "ipa-replica-manage list-clean-ruv" is not
accurate/current. 

If there are cleanAllRUV tasks running(and not finishing) there will be
evidence in the Directory Server's errors log.  If there are tasks
running the errors log will tell us exactly what is going on (the
logging is very good).  So if the "clean" task is not working start
tailing the DS errors log(/var/log/dirsrv/slapd-INSTANCE/errors), check
for logging that is prefixed with "CleanAllRUV Task", and you should see
what's really going on.  Please post this logging if you find anything.

Mark

>
>
>>>  It's handcuffed to my CentOS 7 so I don't want to update it
>>> outside the CentOS ecosystem.  What's the downside of upgrading it from
>>> source or an RPM for a different flavor of RedHat derived Linux?
>>>
>>> I'm a one-man band but I'd be interested in hearing a pitch from someone
>>> who is super smart on this stuff for a working consulting gig and maybe
>>> ongoing support.  Who would I talk to at RedHat about coming in from the
>>> cold for full on corporate support?
>>>
>>> Thanks!
>>>
>>>>> Basically, is there a way to do a fresh install of FreeIPA server, and
>>>>> do a dump/restore of data from my existing messed up install?
>>>> Not really, no. You can migrate IPA to IPA but only users and groups and
>>>> you lose private groups for existing users (they become regular POSIX
>>>> groups).
>>>>
>>>> rob
>>>>



From deepak_dimri at hotmail.com  Tue Aug 30 02:22:48 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Mon, 29 Aug 2016 22:22:48 -0400
Subject: [Freeipa-users] Permission not working as expected
Message-ID: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>

Hi All,
I have created below permission for my "testhostgroup" with the expectation that this permission will only allow write permission to the members of "testhostgroup" but, then it allows me to add/delete other hostgroup members as well. I tried changing the effective attribute to "memberof" instead of "member" but in vain as with that i started getting permission denied error even on  testhostgroup itself.
*****







ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
--------------------------------------
Added permission "testhostgroup-modify"
--------------------------------------
  Permission name: testhostgroup-modify
  Granted rights: write
  Effective attributes: member
  Bind rule type: permission
  Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
How can i restrict permissions to manage only those hosts which are part of a particular hostgroup? any help you could offer on this would be much appreciated. I could not find much on similar issue in the forum :(
Thanks,Deepak 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/311f4081/attachment.htm>

From whitehat237 at gmail.com  Tue Aug 30 02:45:24 2016
From: whitehat237 at gmail.com (White Hat)
Date: Mon, 29 Aug 2016 21:45:24 -0500
Subject: [Freeipa-users] ipa-replica-install fails with python import
 error for module ssl_match_hostname
In-Reply-To: <57AC9EE5.9010909@redhat.com>
References: <CADrfRkTJbF0_fUp=5shvY36NXt89_EoNg6xShkH_5BH3yqOtHg@mail.gmail.com>
	<57AC9EE5.9010909@redhat.com>
Message-ID: <CADrfRkRwbqbkDLS_xXY61URpGe63a67-4_Ys7JrGsDyKdcZCcQ@mail.gmail.com>

The exact same error is in the /var/log/ipareplica-install log

Here are the last few relevant lines.

  File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py",
line 28, in <module>
    from backports.ssl_match_hostname import match_hostname

2016-08-11T03:53:02Z DEBUG The ipa-replica-install command failed,
exception: ImportError: No module named ssl_match_hostname
2016-08-11T03:53:02Z ERROR No module named ssl_match_hostname
[root at lcars log]#



On Thu, Aug 11, 2016 at 10:51 AM, Rob Crittenden <rcritten at redhat.com> wrote:
> White Hat wrote:
>>
>> When attempting to run ipa-replica-install I get a python error, No
>> module named ssl_match_hostname
>>
>>
>> This is on a CentOS 7.2 x86_64 testing box.
>>
>> All available updates including kernel installed, and system rebooted
>> same day. Same error before and after patching and reboot.
>>
>> Let me know if you want to see the yum history log info.
>>
>> - Operating system version
>> [root at lcars site-packages]# cat /etc/redhat-release
>> CentOS Linux release 7.2.1511 (Core)
>>
>> [root at lcars site-packages]# uname -a
>> Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
>> SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
>>
>> - Here are the installed packages.  All were installed using yum.
>> [root at lcars site-packages]# yum list installed | awk '/backports|ipa-/'
>> ipa-admintools.x86_64                  4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-client.x86_64                      4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-python.x86_64                      4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-server.x86_64                      4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-server-dns.x86_64                  4.2.0-15.0.1.el7.centos.18
>> @updates
>> python-backports.noarch                1.0-6.el7
>> @anaconda
>> python-backports.x86_64                1.0-8.el7
>> installed
>> python-backports-ssl_match_hostname.noarch
>>
>> I have the following repositories enabled:
>> base/7/x86_64
>> epel/x86_64
>> extras/7/x86_64
>> updates/7/x86_64
>>
>> - Other threads on this issue suggest using pip to install
>> backports.ssl_match_hostname.  I still get the same error after doing
>> that.
>>
>> [root at lcars site-packages]# pip install backports.ssl_match_hostname
>> Requirement already satisfied (use --upgrade to upgrade):
>> backports.ssl_match_hostname in /usr/lib/python2.7/site-packages
>>
>> [root at lcars site-packages]# pip install --upgrade
>> backports.ssl_match_hostname
>> Requirement already up-to-date: backports.ssl_match_hostname in
>> /usr/lib/python2.7/site-packages
>>
>> - Here's the actual attempt
>> [root at lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
>> --forwarder=4.2.2.1
>> /root/replica-info-lcars.internal.madisonrentals.biz.gpg
>> WARNING: conflicting time&date synchronization service 'chronyd' will
>> be disabled in favor of ntpd
>>
>> Directory Manager (existing master) password:
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> ipa.ipapython.install.cli.install_tool(Replica): ERROR    No module
>> named ssl_match_hostname
>>
>> Even when running the suggested ipa-server-install --uninstall, I
>> still receive the error about the missing module.
>>
>> Here's what I have in /usr/lib/python2.7/site-packages
>>
>> [root at lcars site-packages]# pwd
>> /usr/lib/python2.7/site-packages
>> [root at lcars site-packages]# ls | awk '/backports.ssl/'
>> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
>> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
>>
>> - And here are the contents of each directory.
>> [root at lcars site-packages]# cd
>> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/
>>
>> [root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
>> dependency_links.txt  PKG-INFO  SOURCES.txt  top_level.txt
>>
>> [root at lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
>> [root at lcars site-packages]# ls
>> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
>> dependency_links.txt  installed-files.txt  PKG-INFO  SOURCES.txt
>> top_level.txt
>>
>> Another thread suggested that this can be caused by a missing
>> __init__.py file, however, creating this file in both directories
>> doesn't help.
>>
>> A commit by Heimes may shed some light on this.
>> The commit is in regards to otptoken and states that:
>>
>> "The otptoken plugin is the only module in FreeIPA that uses Python's ssl
>> module instead of NSS. The patch replaces ssl with NSSConnection. It
>> uses the default NSS database to lookup trust anchors. NSSConnection
>> uses NSS for hostname matching. The package
>> python-backports-ssl_match_hostname is no longer required."
>>
>> The master IPA server is up and running with no issues.
>>
>> An ipa connection between replica server and master reports that the
>> connection is working.
>>
>> What else could I be missing?
>
>
> Is there a more complete traceback in /var/log/ipareplica-install? I'm
> curious where the import is originating? If not instrumenting
> ipa-replica-install with pdb would be a way to find it.
>
> rob
>



From abokovoy at redhat.com  Tue Aug 30 05:20:38 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 08:20:38 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
Message-ID: <20160830052038.nlvhl662csv4bta5@redhat.com>

On Mon, 29 Aug 2016, Deepak Dimri wrote:
>Hi All,
>I have created below permission for my "testhostgroup" with the
>expectation that this permission will only allow write permission to
>the members of "testhostgroup" but, then it allows me to add/delete
>other hostgroup members as well. I tried changing the effective
>attribute to "memberof" instead of "member" but in vain as with that i
>started getting permission denied error even on  testhostgroup itself.
>*****
>
>ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
>--------------------------------------
>Added permission "testhostgroup-modify"
>--------------------------------------
>  Permission name: testhostgroup-modify
>  Granted rights: write
>  Effective attributes: member
>  Bind rule type: permission
>  Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
>  Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
>How can i restrict permissions to manage only those hosts which are
>part of a particular hostgroup? any help you could offer on this would
>be much appreciated. I could not find much on similar issue in the
>forum :( Thanks,Deepak 		 	   		
The permission above says: "Allow changing 'member' attribute in the
testhostgroup object". I don't think this is what you wanted, according
to your explanation above.

Let's say you have host group 'myhostgroup':
# ipa hostgroup-add myhostgroup
-----------------------------
Added hostgroup "myhostgroup"
-----------------------------
  Host-group: myhostgroup

and now you want to create a permission that would target hosts in the
host group. A member of that permission would be able to do anything
with the host.

First, you need to create a basic permission which applies to hosts:

# ipa permission-add manage-my-hostgroup --right=all --bindtype=permission --type=host 
--------------------------------------
Added permission "manage-my-hostgroup"
--------------------------------------
  Permission name: manage-my-hostgroup
  Granted rights: all
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
  Type: host
  Permission flags: V2, SYSTEM

Now, look at the permission in detail:

# ipa permission-show --all --raw manage-my-hostgroup
  dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
  cn: manage-my-hostgroup
  ipapermright: all
  ipapermbindruletype: permission
  ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
  ipapermtargetfilter: (objectclass=ipahost)
  ipapermissiontype: V2
  ipapermissiontype: SYSTEM
  aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
  objectclass: ipapermission
  objectclass: top
  objectclass: groupofnames
  objectclass: ipapermissionv2

As you can see, it applies to hosts: cn=computers,cn=accounts,$SUFFIX
subtree, and target filter is set to (objectclass=ipahost). So it would
apply to any host. To further limit the permission, you have to add more
target filters. But to do so, you need to know DN of the hostgroup that
will be our target limit:

# ipa hostgroup-show --raw --all myhostgroup
  dn: cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test
  cn: myhostgroup
  ipaUniqueID: 6d8c72f2-6e6d-11e6-b9e4-525400bf08fe
  mepManagedEntry: cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test
  objectClass: ipahostgroup
  objectClass: ipaobject
  objectClass: nestedGroup
  objectClass: groupOfNames
  objectClass: top
  objectClass: mepOriginEntry

Now, using DN of the myhostgroup, you can add a filter to the
permission:

# ipa permission-mod manage-my-hostgroup --filter '(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)'
-----------------------------------------
Modified permission "manage-my-hostgroup"
-----------------------------------------
  Permission name: manage-my-hostgroup
  Granted rights: all
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
  Extra target filter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
  Type: host
  Permission flags: V2, SYSTEM

Check all details of the permission to see that ACI was actually
modified to include the filter:

# ipa permission-show --all --raw manage-my-hostgroup
  dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
  cn: manage-my-hostgroup
  ipapermright: all
  ipapermbindruletype: permission
  ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
  ipapermtargetfilter: (objectclass=ipahost)
  ipapermtargetfilter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
  ipapermissiontype: V2
  ipapermissiontype: SYSTEM
  aci: (targetfilter = "(&(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)(objectclass=ipahost))")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
  objectclass: ipapermission
  objectclass: top
  objectclass: groupofnames
  objectclass: ipapermissionv2


Our ACI says: "Allow any changes to be done in all objects of
objectclass ipahost that belong to a host group 'myhostgroup' to members
of the permission group 'manage-my-hostgroup'"

Now you can add the 'manage-my-hostgroup' permission to a new privilege
and a role, and then assign users to that role. Those users will be able
to manage hosts targeted by the permission.

-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Tue Aug 30 06:03:23 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 09:03:23 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830052038.nlvhl662csv4bta5@redhat.com>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
	<20160830052038.nlvhl662csv4bta5@redhat.com>
Message-ID: <20160830060323.kfvbx4em677jw6dp@redhat.com>

On Tue, 30 Aug 2016, Alexander Bokovoy wrote:
>On Mon, 29 Aug 2016, Deepak Dimri wrote:
>>Hi All,
>>I have created below permission for my "testhostgroup" with the
>>expectation that this permission will only allow write permission to
>>the members of "testhostgroup" but, then it allows me to add/delete
>>other hostgroup members as well. I tried changing the effective
>>attribute to "memberof" instead of "member" but in vain as with that i
>>started getting permission denied error even on  testhostgroup itself.
>>*****
>>
>>ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
>>--------------------------------------
>>Added permission "testhostgroup-modify"
>>--------------------------------------
>> Permission name: testhostgroup-modify
>> Granted rights: write
>> Effective attributes: member
>> Bind rule type: permission
>> Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
>> Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
>>How can i restrict permissions to manage only those hosts which are
>>part of a particular hostgroup? any help you could offer on this would
>>be much appreciated. I could not find much on similar issue in the
>>forum :( Thanks,Deepak 		 	   		
>The permission above says: "Allow changing 'member' attribute in the
>testhostgroup object". I don't think this is what you wanted, according
>to your explanation above.
>
>Let's say you have host group 'myhostgroup':
># ipa hostgroup-add myhostgroup
>-----------------------------
>Added hostgroup "myhostgroup"
>-----------------------------
> Host-group: myhostgroup
>
>and now you want to create a permission that would target hosts in the
>host group. A member of that permission would be able to do anything
>with the host.
>
>First, you need to create a basic permission which applies to hosts:
>
># ipa permission-add manage-my-hostgroup --right=all 
>--bindtype=permission --type=host 
>--------------------------------------
>Added permission "manage-my-hostgroup"
>--------------------------------------
> Permission name: manage-my-hostgroup
> Granted rights: all
> Bind rule type: permission
> Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> Type: host
> Permission flags: V2, SYSTEM
>
>Now, look at the permission in detail:
>
># ipa permission-show --all --raw manage-my-hostgroup
> dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
> cn: manage-my-hostgroup
> ipapermright: all
> ipapermbindruletype: permission
> ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> ipapermtargetfilter: (objectclass=ipahost)
> ipapermissiontype: V2
> ipapermissiontype: SYSTEM
> aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
> objectclass: ipapermission
> objectclass: top
> objectclass: groupofnames
> objectclass: ipapermissionv2
>
>As you can see, it applies to hosts: cn=computers,cn=accounts,$SUFFIX
>subtree, and target filter is set to (objectclass=ipahost). So it would
>apply to any host. To further limit the permission, you have to add more
>target filters. But to do so, you need to know DN of the hostgroup that
>will be our target limit:
>
># ipa hostgroup-show --raw --all myhostgroup
> dn: cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test
> cn: myhostgroup
> ipaUniqueID: 6d8c72f2-6e6d-11e6-b9e4-525400bf08fe
> mepManagedEntry: cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test
> objectClass: ipahostgroup
> objectClass: ipaobject
> objectClass: nestedGroup
> objectClass: groupOfNames
> objectClass: top
> objectClass: mepOriginEntry
>
>Now, using DN of the myhostgroup, you can add a filter to the
>permission:
>
># ipa permission-mod manage-my-hostgroup --filter '(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)'
Sorry, a typo here^^ I copied wrong DN, it should be
cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test

not the managed entry DN.

>-----------------------------------------
>Modified permission "manage-my-hostgroup"
>-----------------------------------------
> Permission name: manage-my-hostgroup
> Granted rights: all
> Bind rule type: permission
> Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> Extra target filter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
> Type: host
> Permission flags: V2, SYSTEM
>
>Check all details of the permission to see that ACI was actually
>modified to include the filter:
>
># ipa permission-show --all --raw manage-my-hostgroup
> dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
> cn: manage-my-hostgroup
> ipapermright: all
> ipapermbindruletype: permission
> ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> ipapermtargetfilter: (objectclass=ipahost)
> ipapermtargetfilter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
> ipapermissiontype: V2
> ipapermissiontype: SYSTEM
> aci: (targetfilter = "(&(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)(objectclass=ipahost))")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
> objectclass: ipapermission
> objectclass: top
> objectclass: groupofnames
> objectclass: ipapermissionv2
>
>
>Our ACI says: "Allow any changes to be done in all objects of
>objectclass ipahost that belong to a host group 'myhostgroup' to members
>of the permission group 'manage-my-hostgroup'"
>
>Now you can add the 'manage-my-hostgroup' permission to a new privilege
>and a role, and then assign users to that role. Those users will be able
>to manage hosts targeted by the permission.
>
>-- 
>/ Alexander Bokovoy
>
>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project

-- 
/ Alexander Bokovoy



From sandhoff at uni-wuppertal.de  Tue Aug 30 06:32:38 2016
From: sandhoff at uni-wuppertal.de (Marisa Sandhoff)
Date: Tue, 30 Aug 2016 08:32:38 +0200
Subject: [Freeipa-users] size of DIRSRV database file
Message-ID: <69d5f853-5508-21c5-b00f-2825b8b32003@uni-wuppertal.de>

Dear all,

our freeipa (4.1.4) environment manages about 60 users and 250 hosts.
Trying to find out why the disk of our freeipa server is getting tight,
we saw that the database files


[root at ipa cldb]# ls -lh
total 4.9G
-rw------- 1 dirsrv dirsrv  32M Aug 30 08:10
9b098085-8a0c11e5-b48de780-506eafe9_5645e941000000600000.db
-rw-r--r-- 1 dirsrv dirsrv    0 Aug  9 14:32
9b098085-8a0c11e5-b48de780-506eafe9.sema
-rw------- 1 dirsrv dirsrv 4.9G Aug 30 08:23
a5a45b06-f8ad11e4-9f0be780-506eafe9_55520501000000040000.db
-rw-r--r-- 1 dirsrv dirsrv    0 Aug  9 14:32
a5a45b06-f8ad11e4-9f0be780-506eafe9.sema
-rw------- 1 dirsrv dirsrv   30 May 12  2015 DBVERSION


in

[root at ipa cldb]# pwd
/var/lib/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/cldb

are really huge ...

We think that the database is quite big for our not too huge environment
... are there any possibilities in freeipa to reduce the size of the
database files?

Thanks a lot for your help!

Best regards,
Marisa

-- 
Dr. Marisa Sandhoff
Experimentelle Elementarteilchenphysik
Fakult?t f?r Mathematik und Naturwissenschaften
Bergische Universitaet Wuppertal
Gaussstr. 20
D-42097 Wuppertal, Germany
-------
marisa.sandhoff at cern.ch
sandhoff at physik.uni-wuppertal.de
Phone +49 202 439 3521



From peljasz at yahoo.co.uk  Tue Aug 30 08:47:27 2016
From: peljasz at yahoo.co.uk (lejeczek)
Date: Tue, 30 Aug 2016 09:47:27 +0100
Subject: [Freeipa-users] IPA's samba and samba non-domain clients
Message-ID: <355b5673-32c5-2f31-7ea0-38607f26aff9@yahoo.co.uk>

dear all

I'd like to ask you if it's possible to allow windows boxes 
and are not members of domain to access samba shares?
I see regular domain\users + password do no work.
I'd have to do it even if it is not recommend and loosens up 
security. I realize it should be all AD and trusts but for 
now it is what it is.

many thanks.
L



From abokovoy at redhat.com  Tue Aug 30 09:54:06 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 12:54:06 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830060323.kfvbx4em677jw6dp@redhat.com>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
	<20160830052038.nlvhl662csv4bta5@redhat.com>
	<20160830060323.kfvbx4em677jw6dp@redhat.com>
Message-ID: <20160830095406.6bg32guvdqy5l6p6@redhat.com>

On Tue, 30 Aug 2016, Alexander Bokovoy wrote:
>On Tue, 30 Aug 2016, Alexander Bokovoy wrote:
>>On Mon, 29 Aug 2016, Deepak Dimri wrote:
>>>Hi All,
>>>I have created below permission for my "testhostgroup" with the
>>>expectation that this permission will only allow write permission to
>>>the members of "testhostgroup" but, then it allows me to add/delete
>>>other hostgroup members as well. I tried changing the effective
>>>attribute to "memberof" instead of "member" but in vain as with that i
>>>started getting permission denied error even on  testhostgroup itself.
>>>*****
>>>
>>>ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
>>>--------------------------------------
>>>Added permission "testhostgroup-modify"
>>>--------------------------------------
>>>Permission name: testhostgroup-modify
>>>Granted rights: write
>>>Effective attributes: member
>>>Bind rule type: permission
>>>Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
>>>Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
>>>How can i restrict permissions to manage only those hosts which are
>>>part of a particular hostgroup? any help you could offer on this would
>>>be much appreciated. I could not find much on similar issue in the
>>>forum :( Thanks,Deepak 		 	   		
>>The permission above says: "Allow changing 'member' attribute in the
>>testhostgroup object". I don't think this is what you wanted, according
>>to your explanation above.
>>
>>Let's say you have host group 'myhostgroup':
>># ipa hostgroup-add myhostgroup
>>-----------------------------
>>Added hostgroup "myhostgroup"
>>-----------------------------
>>Host-group: myhostgroup
>>
>>and now you want to create a permission that would target hosts in the
>>host group. A member of that permission would be able to do anything
>>with the host.
>>
>>First, you need to create a basic permission which applies to hosts:
>>
>># ipa permission-add manage-my-hostgroup --right=all 
>>--bindtype=permission --type=host 
>>--------------------------------------
>>Added permission "manage-my-hostgroup"
>>--------------------------------------
>>Permission name: manage-my-hostgroup
>>Granted rights: all
>>Bind rule type: permission
>>Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
>>Type: host
>>Permission flags: V2, SYSTEM
>>
>>Now, look at the permission in detail:
>>
>># ipa permission-show --all --raw manage-my-hostgroup
>>dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
>>cn: manage-my-hostgroup
>>ipapermright: all
>>ipapermbindruletype: permission
>>ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
>>ipapermtargetfilter: (objectclass=ipahost)
>>ipapermissiontype: V2
>>ipapermissiontype: SYSTEM
>>aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
>>objectclass: ipapermission
>>objectclass: top
>>objectclass: groupofnames
>>objectclass: ipapermissionv2
>>
>>As you can see, it applies to hosts: cn=computers,cn=accounts,$SUFFIX
>>subtree, and target filter is set to (objectclass=ipahost). So it would
>>apply to any host. To further limit the permission, you have to add more
>>target filters. But to do so, you need to know DN of the hostgroup that
>>will be our target limit:
>>
>># ipa hostgroup-show --raw --all myhostgroup
>>dn: cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test
>>cn: myhostgroup
>>ipaUniqueID: 6d8c72f2-6e6d-11e6-b9e4-525400bf08fe
>>mepManagedEntry: cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test
>>objectClass: ipahostgroup
>>objectClass: ipaobject
>>objectClass: nestedGroup
>>objectClass: groupOfNames
>>objectClass: top
>>objectClass: mepOriginEntry
>>
>>Now, using DN of the myhostgroup, you can add a filter to the
>>permission:
>>
>># ipa permission-mod manage-my-hostgroup --filter '(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)'
>Sorry, a typo here^^ I copied wrong DN, it should be
>cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test
>
>not the managed entry DN.
>
>>-----------------------------------------
>>Modified permission "manage-my-hostgroup"
>>-----------------------------------------
>>Permission name: manage-my-hostgroup
>>Granted rights: all
>>Bind rule type: permission
>>Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
>>Extra target filter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
>>Type: host
>>Permission flags: V2, SYSTEM
>>
>>Check all details of the permission to see that ACI was actually
>>modified to include the filter:
>>
>># ipa permission-show --all --raw manage-my-hostgroup
>>dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
>>cn: manage-my-hostgroup
>>ipapermright: all
>>ipapermbindruletype: permission
>>ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
>>ipapermtargetfilter: (objectclass=ipahost)
>>ipapermtargetfilter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
>>ipapermissiontype: V2
>>ipapermissiontype: SYSTEM
>>aci: (targetfilter = "(&(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)(objectclass=ipahost))")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
>>objectclass: ipapermission
>>objectclass: top
>>objectclass: groupofnames
>>objectclass: ipapermissionv2
>>
>>
>>Our ACI says: "Allow any changes to be done in all objects of
>>objectclass ipahost that belong to a host group 'myhostgroup' to members
>>of the permission group 'manage-my-hostgroup'"
>>
>>Now you can add the 'manage-my-hostgroup' permission to a new privilege
>>and a role, and then assign users to that role. Those users will be able
>>to manage hosts targeted by the permission.
It takes a bit more to make a successful permission, so I wrote it all
down in a blog post:
https://vda.li/en/posts/2016/08/30/Creating-permissions-in-FreeIPA/

-- 
/ Alexander Bokovoy



From pbrezina at redhat.com  Tue Aug 30 09:55:26 2016
From: pbrezina at redhat.com (=?UTF-8?Q?Pavel_B=c5=99ezina?=)
Date: Tue, 30 Aug 2016 11:55:26 +0200
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <CA+No-6EXtKUuNGJq27qhmKZwAEDoSn-y0yYBZNwCc1y1WvdPnw@mail.gmail.com>
References: <de055da4-d058-26cd-d9aa-8601e39af568@redhat.com>
	<45519169-3bfe-0ca2-3760-d75476f34115@redhat.com>
	<CA+No-6Fw-6Dg4cEDTPaod-AMmK2a+gqYEhXkhDxy+pkvkqTW-A@mail.gmail.com>
	<20160812075220.GB19405@hendrix>
	<CA+No-6GMGOqx1cCH57wMtiDvTLmyFEkYmaiOqANGb5Jb7n0sww@mail.gmail.com>
	<20160812123721.GS19405@hendrix>
	<CA+No-6H-QC1+EHF4mfU2o-+S_7oh4T-GDmnd6botgWWL8GYLcw@mail.gmail.com>
	<20160812135839.GV19405@hendrix>
	<CA+No-6HxaAkKLnhQFX5SkLv3me+fSYTNi0=VjYv3_t6zpV6HnA@mail.gmail.com>
	<79bcc759-4b17-9e29-584b-edc72bbce883@redhat.com>
	<CA+No-6H02BvAP6Br+ApZ+9SDfFuK-hXcp0Jjk+FuN=AWKHx_zQ@mail.gmail.com>
	<5ff25b8e-e7a0-83c1-d21e-96b1a556d6eb@redhat.com>
	<CA+No-6EZwadb4cgO_V2LHiOMFfBrggKS8Gx7644rz=b8JhDv4g@mail.gmail.com>
	<4E91DC40-B8E5-4178-A630-9828485A30FF@redhat.com>
	<CA+No-6GBJwQP2nut-=MfgOozfb7i2iF=eFtdBu3_TUuwMiqdxg@mail.gmail.com>
	<57C00D1C.8080806@redhat.com>
	<CA+No-6EXtKUuNGJq27qhmKZwAEDoSn-y0yYBZNwCc1y1WvdPnw@mail.gmail.com>
Message-ID: <57C5580E.2010102@redhat.com>

On 08/26/2016 02:15 PM, Jeff Goddard wrote:
> Pavel,
>
> I appreciate that you're busy and thank you for taking time to look at
> this. Here is the output:
>
> [root at id-management-1 ~]# ipa sudorule-show
> Rule name: all
>    Rule name: All
>    Description: Full sudo access for Developer group in office environment
>    Enabled: TRUE
>    Command category: all
>    RunAs User category: all
>    RunAs Group category: all
>    User Groups: developers
>    Host Groups: office
> [root at id-management-1 ~]#

Hi,
unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16 
contains a new option called netgroup_tuple, which tells whether a full 
netgroup tuply is check or only the host/user part in host/user check. 
However, the patch didn't make the sssd plugin to obey this option and 
it always check both hostname and username.

It is fixed in 1.8.17 by this patch:
https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7

Please, report bug against Ubuntu sudo to backport this patch or rebase 
sudo.



From deepak_dimri at hotmail.com  Tue Aug 30 09:55:36 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 30 Aug 2016 05:55:36 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830060323.kfvbx4em677jw6dp@redhat.com>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>,
	<20160830052038.nlvhl662csv4bta5@redhat.com>,
	<20160830060323.kfvbx4em677jw6dp@redhat.com>
Message-ID: <SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>

Hi Alexander,
Thanks for the reply 
i tried exact steps below but it still not working.  the admin user added to new role and privilege we have created is  getting an error when trying to add or remove host of myhostgroup.  
ip-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=myhostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'. 
not sure if DN (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test) would make any difference? I also noticed i dont get  Permission flags: V2, SYSTEM in my ipa output.  not sure if that would make any difference
I would really appreciate if this can be resolved...
Best Regards,Deepak
> Date: Tue, 30 Aug 2016 09:03:23 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Alexander Bokovoy wrote:
> >On Mon, 29 Aug 2016, Deepak Dimri wrote:
> >>Hi All,
> >>I have created below permission for my "testhostgroup" with the
> >>expectation that this permission will only allow write permission to
> >>the members of "testhostgroup" but, then it allows me to add/delete
> >>other hostgroup members as well. I tried changing the effective
> >>attribute to "memberof" instead of "member" but in vain as with that i
> >>started getting permission denied error even on  testhostgroup itself.
> >>*****
> >>
> >>ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
> >>--------------------------------------
> >>Added permission "testhostgroup-modify"
> >>--------------------------------------
> >> Permission name: testhostgroup-modify
> >> Granted rights: write
> >> Effective attributes: member
> >> Bind rule type: permission
> >> Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
> >> Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
> >>How can i restrict permissions to manage only those hosts which are
> >>part of a particular hostgroup? any help you could offer on this would
> >>be much appreciated. I could not find much on similar issue in the
> >>forum :( Thanks,Deepak 		 	   		
> >The permission above says: "Allow changing 'member' attribute in the
> >testhostgroup object". I don't think this is what you wanted, according
> >to your explanation above.
> >
> >Let's say you have host group 'myhostgroup':
> ># ipa hostgroup-add myhostgroup
> >-----------------------------
> >Added hostgroup "myhostgroup"
> >-----------------------------
> > Host-group: myhostgroup
> >
> >and now you want to create a permission that would target hosts in the
> >host group. A member of that permission would be able to do anything
> >with the host.
> >
> >First, you need to create a basic permission which applies to hosts:
> >
> ># ipa permission-add manage-my-hostgroup --right=all 
> >--bindtype=permission --type=host 
> >--------------------------------------
> >Added permission "manage-my-hostgroup"
> >--------------------------------------
> > Permission name: manage-my-hostgroup
> > Granted rights: all
> > Bind rule type: permission
> > Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> > Type: host
> > Permission flags: V2, SYSTEM
> >
> >Now, look at the permission in detail:
> >
> ># ipa permission-show --all --raw manage-my-hostgroup
> > dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
> > cn: manage-my-hostgroup
> > ipapermright: all
> > ipapermbindruletype: permission
> > ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> > ipapermtargetfilter: (objectclass=ipahost)
> > ipapermissiontype: V2
> > ipapermissiontype: SYSTEM
> > aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
> > objectclass: ipapermission
> > objectclass: top
> > objectclass: groupofnames
> > objectclass: ipapermissionv2
> >
> >As you can see, it applies to hosts: cn=computers,cn=accounts,$SUFFIX
> >subtree, and target filter is set to (objectclass=ipahost). So it would
> >apply to any host. To further limit the permission, you have to add more
> >target filters. But to do so, you need to know DN of the hostgroup that
> >will be our target limit:
> >
> ># ipa hostgroup-show --raw --all myhostgroup
> > dn: cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test
> > cn: myhostgroup
> > ipaUniqueID: 6d8c72f2-6e6d-11e6-b9e4-525400bf08fe
> > mepManagedEntry: cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test
> > objectClass: ipahostgroup
> > objectClass: ipaobject
> > objectClass: nestedGroup
> > objectClass: groupOfNames
> > objectClass: top
> > objectClass: mepOriginEntry
> >
> >Now, using DN of the myhostgroup, you can add a filter to the
> >permission:
> >
> ># ipa permission-mod manage-my-hostgroup --filter '(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)'
> Sorry, a typo here^^ I copied wrong DN, it should be
> cn=myhostgroup,cn=hostgroups,cn=accounts,dc=ipa,dc=ad,dc=test
> 
> not the managed entry DN.
> 
> >-----------------------------------------
> >Modified permission "manage-my-hostgroup"
> >-----------------------------------------
> > Permission name: manage-my-hostgroup
> > Granted rights: all
> > Bind rule type: permission
> > Subtree: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> > Extra target filter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
> > Type: host
> > Permission flags: V2, SYSTEM
> >
> >Check all details of the permission to see that ACI was actually
> >modified to include the filter:
> >
> ># ipa permission-show --all --raw manage-my-hostgroup
> > dn: cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test
> > cn: manage-my-hostgroup
> > ipapermright: all
> > ipapermbindruletype: permission
> > ipapermlocation: cn=computers,cn=accounts,dc=ipa,dc=ad,dc=test
> > ipapermtargetfilter: (objectclass=ipahost)
> > ipapermtargetfilter: (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)
> > ipapermissiontype: V2
> > ipapermissiontype: SYSTEM
> > aci: (targetfilter = "(&(memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test)(objectclass=ipahost))")(version 3.0;acl "permission:manage-my-hostgroup";allow (all) groupdn = "ldap:///cn=manage-my-hostgroup,cn=permissions,cn=pbac,dc=ipa,dc=ad,dc=test";)
> > objectclass: ipapermission
> > objectclass: top
> > objectclass: groupofnames
> > objectclass: ipapermissionv2
> >
> >
> >Our ACI says: "Allow any changes to be done in all objects of
> >objectclass ipahost that belong to a host group 'myhostgroup' to members
> >of the permission group 'manage-my-hostgroup'"
> >
> >Now you can add the 'manage-my-hostgroup' permission to a new privilege
> >and a role, and then assign users to that role. Those users will be able
> >to manage hosts targeted by the permission.
> >
> >-- 
> >/ Alexander Bokovoy
> >
> >-- 
> >Manage your subscription for the Freeipa-users mailing list:
> >https://www.redhat.com/mailman/listinfo/freeipa-users
> >Go to http://freeipa.org for more info on the project
> 
> -- 
> / Alexander Bokovoy
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/e54a2583/attachment.htm>

From abokovoy at redhat.com  Tue Aug 30 10:04:07 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 13:04:07 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
	<20160830052038.nlvhl662csv4bta5@redhat.com>
	<20160830060323.kfvbx4em677jw6dp@redhat.com>
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
Message-ID: <20160830100407.gy7lsnhrk7lhlavu@redhat.com>

On Tue, 30 Aug 2016, Deepak Dimri wrote:
>Hi Alexander,
>Thanks for the reply
>i tried exact steps below but it still not working.  the admin user
>added to new role and privilege we have created is  getting an error
>when trying to add or remove host of myhostgroup.
>ip-172-31-29-153.us-west-2.compute.internal: Insufficient access:
>Insufficient 'write' privilege to the 'member' attribute of entry
>'cn=myhostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'.
>not sure if DN (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test) would make any difference? I also noticed i dont get  Permission flags: V2, SYSTEM in my ipa output.  not sure if that would make any difference
>I would really appreciate if this can be resolved...
Read the other emails I sent in this thread.

The whole story is here:
https://vda.li/en/posts/2016/08/30/Creating-permissions-in-FreeIPA/

-- 
/ Alexander Bokovoy



From bob at jackland.demon.co.uk  Tue Aug 30 10:13:43 2016
From: bob at jackland.demon.co.uk (Bob Hinton)
Date: Tue, 30 Aug 2016 11:13:43 +0100
Subject: [Freeipa-users] How do I create a certificate to support LDAPS for
	an IPA cluster
Message-ID: <a045c33c-0e43-ba32-ff52-709268ff3d07@jackland.demon.co.uk>

Hi,

We use IPA to authenticate users for other systems e.g. Rundeck via
LDAP. We have a CNAME for the cluster of IPA masters and could use this
for authentication, but the connection would then be unencrypted. We
therefore use LDAPS, but this currently forces us to a single server in
the cluster so that Rundeck sees a valid SSL certificate. This means
that the authentication fails if that particular IPA master is down.

Is it possible to create a single SSL certificate that would support a
LDAPS connection to any of the IPA masters and, if so then how is this
done ?

Many thanks

Bob Hinton



From deepak_dimri at hotmail.com  Tue Aug 30 10:25:06 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 30 Aug 2016 06:25:06 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830100407.gy7lsnhrk7lhlavu@redhat.com>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>,
	<20160830052038.nlvhl662csv4bta5@redhat.com>,
	<20160830060323.kfvbx4em677jw6dp@redhat.com>,
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>,
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>
Message-ID: <SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>

I did try the  exact steps from the blog but alas still it did not work. getting same error :(









p-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=my-hostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'.
Regards,Deepak
> Date: Tue, 30 Aug 2016 13:04:07 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >Hi Alexander,
> >Thanks for the reply
> >i tried exact steps below but it still not working.  the admin user
> >added to new role and privilege we have created is  getting an error
> >when trying to add or remove host of myhostgroup.
> >ip-172-31-29-153.us-west-2.compute.internal: Insufficient access:
> >Insufficient 'write' privilege to the 'member' attribute of entry
> >'cn=myhostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'.
> >not sure if DN (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test) would make any difference? I also noticed i dont get  Permission flags: V2, SYSTEM in my ipa output.  not sure if that would make any difference
> >I would really appreciate if this can be resolved...
> Read the other emails I sent in this thread.
> 
> The whole story is here:
> https://vda.li/en/posts/2016/08/30/Creating-permissions-in-FreeIPA/
> 
> -- 
> / Alexander Bokovoy
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/481fe341/attachment.htm>

From abokovoy at redhat.com  Tue Aug 30 10:27:59 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 13:27:59 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
	<20160830052038.nlvhl662csv4bta5@redhat.com>
	<20160830060323.kfvbx4em677jw6dp@redhat.com>
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
Message-ID: <20160830102759.umwidh6hcf7matyc@redhat.com>

On Tue, 30 Aug 2016, Deepak Dimri wrote:
>I did try the  exact steps from the blog but alas still it did not work. getting same error :(
I don't give rights to write to 'member' attribute in the blog. You have
to adopt to your situation, obviously.

-- 
/ Alexander Bokovoy



From william.muriithi at gmail.com  Tue Aug 30 11:57:22 2016
From: william.muriithi at gmail.com (William Muriithi)
Date: Tue, 30 Aug 2016 07:57:22 -0400
Subject: [Freeipa-users] FreeIPA without using User Principal Name
Message-ID: <CAE9rU+4szYfGX6SSWu=AJo4_W-fo15-_7+SoQ5AAUxxeZ+gSmA@mail.gmail.com>

Hello,

I am having a problem introducing IPA to an organization because
FreeIPA uses User Principal Name and the organization has scripts that
will break as they expect the short username.

I had initially used trust but have since un-enrolled it from AD as I
realized I couldn't use short name with two domains.  However, even
with a single domain, I can't seem to achieve the use of short names.
I do log in with short name after sssd change, but my env username is
in User Principal Name format

Is this objective achievable?

Regards,

William



From deepak_dimri at hotmail.com  Tue Aug 30 13:04:36 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 30 Aug 2016 09:04:36 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830102759.umwidh6hcf7matyc@redhat.com>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>,
	<20160830052038.nlvhl662csv4bta5@redhat.com>,
	<20160830060323.kfvbx4em677jw6dp@redhat.com>,
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>,
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>,
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>,
	<20160830102759.umwidh6hcf7matyc@redhat.com>
Message-ID: <SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>

Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the command prompt But the error is not going away when i try to delete the host from my taphostgroup. for me it only works if i have (&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i am allowed access to all the hosts in all the hostgroup :( I am kinda stuck with this issue.  Would be great if you can suggest any further headway!








 ipa permission-mod manage-taphostgroup --attrs={'userPassword','description','nshardwareplatform','nsosversion','usercertificate','userclass','macaddress','ipaassignedidview','ipasshpubkey','member'}
-----------------------------------------
Modified permission "manage-taphostgroup"
-----------------------------------------
  Permission name: manage-taphostgroup
  Granted rights: all
  Effective attributes: description, ipaassignedidview, ipasshpubkey, macaddress, member, nshardwareplatform, nsosversion, userPassword, usercertificate, userclass
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: (memberOf=cn=taphostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com)
  Type: host
  Granted to Privilege: tap-hostgroup-privilege
  Indirect Member of roles: taphostgroup-role
Many thanks,Deepak
> Date: Tue, 30 Aug 2016 13:27:59 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >I did try the  exact steps from the blog but alas still it did not work. getting same error :(
> I don't give rights to write to 'member' attribute in the blog. You have
> to adopt to your situation, obviously.
> 
> -- 
> / Alexander Bokovoy
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/a2c695b8/attachment.htm>

From abokovoy at redhat.com  Tue Aug 30 13:10:00 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 16:10:00 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>
	<20160830052038.nlvhl662csv4bta5@redhat.com>
	<20160830060323.kfvbx4em677jw6dp@redhat.com>
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
	<20160830102759.umwidh6hcf7matyc@redhat.com>
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
Message-ID: <20160830130959.6nlz3d7yjfjl4piq@redhat.com>

On Tue, 30 Aug 2016, Deepak Dimri wrote:
>Hi Alexander,
>i did try adding the "member" effective attribute in GUI and also from
>the command prompt But the error is not going away when i try to delete
>the host from my taphostgroup. for me it only works if i have
>(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then
>the i am allowed access to all the hosts in all the hostgroup :( I am
>kinda stuck with this issue.  Would be great if you can suggest any
>further headway!
Isn't this is what you wanted: a user has ability to manage all hosts in
the host group but not other hosts.

-- 
/ Alexander Bokovoy



From deepak_dimri at hotmail.com  Tue Aug 30 13:36:45 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 30 Aug 2016 09:36:45 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>,
	<20160830052038.nlvhl662csv4bta5@redhat.com>,
	<20160830060323.kfvbx4em677jw6dp@redhat.com>,
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>,
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>,
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>,
	<20160830102759.umwidh6hcf7matyc@redhat.com>,
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
Message-ID: <SNT152-W214272E9315A49569E3CBBF5E00@phx.gbl>

typo correction below!

From: deepak_dimri at hotmail.com
To: abokovoy at redhat.com
CC: freeipa-users at redhat.com
Subject: RE: [Freeipa-users] Permission not working as expected
Date: Tue, 30 Aug 2016 09:04:36 -0400




Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the command prompt But the error is not going away when i try to delete the host from my taphostgroup. for me it only works if i have (&(cn=taphostgroup)(objectclass=ipahostgroup)) in the --filter & dc=us-west-2,dc=compute,dc=amazonaws,dc=com in the subtree BUT then the i am allowed access to all the hosts in all the hostgroups :( I am kinda stuck with this issue.  Would be great if you can suggest any further headway!








 ipa permission-mod manage-taphostgroup --attrs={'userPassword','description','nshardwareplatform','nsosversion','usercertificate','userclass','macaddress','ipaassignedidview','ipasshpubkey','member'}
-----------------------------------------
Modified permission "manage-taphostgroup"
-----------------------------------------
  Permission name: manage-taphostgroup
  Granted rights: all
  Effective attributes: description, ipaassignedidview, ipasshpubkey, macaddress, member, nshardwareplatform, nsosversion, userPassword, usercertificate, userclass
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: (memberOf=cn=taphostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com)
  Type: host
  Granted to Privilege: tap-hostgroup-privilege
  Indirect Member of roles: taphostgroup-role
Many thanks,Deepak
> Date: Tue, 30 Aug 2016 13:27:59 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >I did try the  exact steps from the blog but alas still it did not work. getting same error :(
> I don't give rights to write to 'member' attribute in the blog. You have
> to adopt to your situation, obviously.
> 
> -- 
> / Alexander Bokovoy
 		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/005314de/attachment.htm>

From deepak_dimri at hotmail.com  Tue Aug 30 13:54:38 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 30 Aug 2016 09:54:38 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830130959.6nlz3d7yjfjl4piq@redhat.com>
References: <SNT152-W59E3F2B99866AEDF5F73B4F5E00@phx.gbl>,
	<20160830052038.nlvhl662csv4bta5@redhat.com>,
	<20160830060323.kfvbx4em677jw6dp@redhat.com>,
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>,
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>,
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>,
	<20160830102759.umwidh6hcf7matyc@redhat.com>,
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>,
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
Message-ID: <SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>

Let me try summarize it!
I want xyzadmin of xyzhostgroup be able to mange all the hosts with in the xyzhostgroup  - which means he should be able to delete/ add/ modify the hosts under xyzhostgroup .  This is what i currently  have in the role :  myhostgroup-role (role)--> myadmin1 (admin user)--> myhostgroup (host group where i have added the hosts) --> my-hostgroup-privilege --> my-hostgroup-permission
The problem is that the moment i add memberOf =cn=.... in the target filter then myadmin1 cannot add/delete the hosts with in myhostgroup and any other hosts in other hostgroups. However if i assign the role permission with with subtree=dc=us-west-2,dc=compute,dc=amazonaws,dc=com and filter as  (&(cn=myhostgroup)(objectclass=ipahostgroup)) and member attribute added then myadmin1 gets the expected access to manage the hosts within myhostgroup but then he also gets access to delete and manage other hosts outside of myhostgroup which i dont want!

Thanks & Regards,Deepak
> Date: Tue, 30 Aug 2016 16:10:00 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >Hi Alexander,
> >i did try adding the "member" effective attribute in GUI and also from
> >the command prompt But the error is not going away when i try to delete
> >the host from my taphostgroup. for me it only works if i have
> >(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then
> >the i am allowed access to all the hosts in all the hostgroup :( I am
> >kinda stuck with this issue.  Would be great if you can suggest any
> >further headway!
> Isn't this is what you wanted: a user has ability to manage all hosts in
> the host group but not other hosts.
> 
> -- 
> / Alexander Bokovoy
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/273500c1/attachment.htm>

From rwhalen at paperlesspost.com  Tue Aug 30 15:08:09 2016
From: rwhalen at paperlesspost.com (Ryan Whalen)
Date: Tue, 30 Aug 2016 11:08:09 -0400
Subject: [Freeipa-users] Help with sudo permission for a command
Message-ID: <CA+7FK-iT8U3SrpECEi9NB=QPaTCoXD0QWsKV-0Sm=9W0KwvrGw@mail.gmail.com>

Hi All,

Im having an issue getting a command to run properly, and the issue seems
to be with Freeipa sudo permissions. Specifically 'sudo su - app_user -c
"<command>"' prompts for a password when run.

However if I 'sudo su - app_user' and then run the '<command>' as app_user,
it works fine.

example:
```
$ ssh ryan at production-server.pp
Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
ryan$ sudo su - app_user -c "df"
[sudo] password for ryan:
^C
ryan$ sudo su - app_user
app_user$ df
Filesystem           1K-blocks     Used Available Use% Mounted on
/dev/sda3             14845784  6667296   7417708  48% /
tmpfs                  1474228        0   1474228   0% /dev/shm
/dev/sda1               487652    81221    380831  18% /boot
10.51.0.34:/srv/nfs/app
                     287687168 69111040 218576128  25% /var/app
10.51.0.54:/srv/nfs/ipa
                      16377088  3728640  11809792  24% /home/ipa
ap_user$
```

I have a sudo rule that allows `/bin/su - app_user` and `/bin/su - app_user
-c` but I cant get the `-c` to work in a single command. I also tried
giving sudo permission to `/bin/bash` in case the `-c` needed it to create
a new shell for some reason, but it didn't work.

Does anyone have any thoughts on what permissions I might be missing to
allow the user to run `sudo su - app_user -c <command>`?

Thanks,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/d1e34887/attachment.htm>

From abokovoy at redhat.com  Tue Aug 30 15:36:21 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 18:36:21 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
References: <20160830052038.nlvhl662csv4bta5@redhat.com>
	<20160830060323.kfvbx4em677jw6dp@redhat.com>
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
	<20160830102759.umwidh6hcf7matyc@redhat.com>
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
Message-ID: <20160830153621.5yteicen3ti22s4x@redhat.com>

On Tue, 30 Aug 2016, Deepak Dimri wrote:
>Hi Alexander,
>
>Since i do not want myadmin1 to be able to add or remove the host from
>other xyzhostgroups into myhostgroup membership.  Is it possible that
>myadmin1 only sees objects i specifically given the permissions to  and
>not any other hosts outside of myhostgroup?  That way he cannot add the
>host he is not supposed to manage within myhostgroup
OK, now I get it. An easiest way to solve this problem, no surprise, is
organizational: do not give host group admin rights to include hosts to
the hostgroup or delete them, only allow them to manage what's in the
host group.

You then need to create a separate permission for 'add'/'del' rights
against 'member' attribute that would allow to include/remove hosts.
That's easy but it would not allow you to limit *what* hosts could be
added/removed from the host group.

Unfortunately, to make that possible, permission-add/permission-mod
should be extended to allow specifying target attribute's values like 
described in the RHDS Administration Guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Creating_ACIs_Manually.html#Defining_Targets-Targeting_Attribute_Values_Using_LDAP_Filters

Even then to define something like this, you need to have specific
naming of hosts to be able to specify a pattern as a 'member' attribute
value. Not sure how this is going to work for you in AWS, though, so
this is why I'm saying it is an organizational issue, not really a
technical one.



>Thanks for your great support!
>regards,Deepak
>
>From: deepak_dimri at hotmail.com
>To: abokovoy at redhat.com
>CC: freeipa-users at redhat.com
>Subject: RE: [Freeipa-users] Permission not working as expected
>Date: Tue, 30 Aug 2016 09:54:38 -0400
>
>
>
>
>Let me try summarize it!
>I want xyzadmin of xyzhostgroup be able to mange all the hosts with in the xyzhostgroup  - which means he should be able to delete/ add/ modify the hosts under xyzhostgroup .  This is what i currently  have in the role :  myhostgroup-role (role)--> myadmin1 (admin user)--> myhostgroup (host group where i have added the hosts) --> my-hostgroup-privilege --> my-hostgroup-permission
>The problem is that the moment i add memberOf =cn=.... in the target filter then myadmin1 cannot add/delete the hosts with in myhostgroup and any other hosts in other hostgroups. However if i assign the role permission with with subtree=dc=us-west-2,dc=compute,dc=amazonaws,dc=com and filter as  (&(cn=myhostgroup)(objectclass=ipahostgroup)) and member attribute added then myadmin1 gets the expected access to manage the hosts within myhostgroup but then he also gets access to delete and manage other hosts outside of myhostgroup which i dont want!
>
>Thanks & Regards,Deepak
>> Date: Tue, 30 Aug 2016 16:10:00 +0300
>> From: abokovoy at redhat.com
>> To: deepak_dimri at hotmail.com
>> CC: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] Permission not working as expected
>>
>> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>> >Hi Alexander,
>> >i did try adding the "member" effective attribute in GUI and also from
>> >the command prompt But the error is not going away when i try to delete
>> >the host from my taphostgroup. for me it only works if i have
>> >(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then
>> >the i am allowed access to all the hosts in all the hostgroup :( I am
>> >kinda stuck with this issue.  Would be great if you can suggest any
>> >further headway!
>> Isn't this is what you wanted: a user has ability to manage all hosts in
>> the host group but not other hosts.
>>
>> --
>> / Alexander Bokovoy
> 		 	   		   		 	   		

-- 
/ Alexander Bokovoy



From cory at trinitymobilenetworks.com  Tue Aug 30 16:45:11 2016
From: cory at trinitymobilenetworks.com (Cory Francis Myers)
Date: Tue, 30 Aug 2016 12:45:11 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
Message-ID: <20160830164511.GB96304@ozymandias.local>

Pavel B?ezina | Tue, 30 Aug 2016 02:59:55 -0700:
> unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16
> contains a new option called netgroup_tuple, which tells whether a
> full netgroup tuply is check or only the host/user part in host/user
> check. However, the patch didn't make the sssd plugin to obey this
> option and it always check both hostname and username.
> 
> It is fixed in 1.8.17 by this patch:
> https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7
> 
> Please, report bug against Ubuntu sudo to backport this patch or rebase
> sudo.

Already open on Launchpad, it looks like:

    https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666


sudo 1.8.17 installed from "sudo_1.8.17-2_amd64.deb"[1] is working for
us now.  Thank you for the suggestion.

Jeff, I hope you have the same good luck.


    --- cfm.


[1] https://www.sudo.ws/download.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/0f5fb763/attachment.sig>

From cory at trinitymobilenetworks.com  Tue Aug 30 16:46:23 2016
From: cory at trinitymobilenetworks.com (Cory Francis Myers)
Date: Tue, 30 Aug 2016 12:46:23 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <57C5580E.2010102@redhat.com>
Message-ID: <20160830164623.GC96304@ozymandias.local>

Pavel B?ezina | Tue, 30 Aug 2016 02:59:55 -0700:
> unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16
> contains a new option called netgroup_tuple, which tells whether a
> full netgroup tuply is check or only the host/user part in host/user
> check. However, the patch didn't make the sssd plugin to obey this
> option and it always check both hostname and username.
> 
> It is fixed in 1.8.17 by this patch:
> https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7
> 
> Please, report bug against Ubuntu sudo to backport this patch or rebase
> sudo.

Already open on Launchpad, it looks like:

    https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666


sudo 1.8.17 installed from "sudo_1.8.17-2_amd64.deb"[1] is working for
us now.  Thank you for the suggestion.

Jeff, I hope you have the same good luck.


    --- cfm.


[1] https://www.sudo.ws/download.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/d9d1dbd2/attachment.sig>

From deepak_dimri at hotmail.com  Tue Aug 30 17:24:55 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Tue, 30 Aug 2016 13:24:55 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830153621.5yteicen3ti22s4x@redhat.com>
References: <20160830052038.nlvhl662csv4bta5@redhat.com>,
	<20160830060323.kfvbx4em677jw6dp@redhat.com>,
	<SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>,
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>,
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>,
	<20160830102759.umwidh6hcf7matyc@redhat.com>,
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>,
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>,
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>,
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>,
	<20160830153621.5yteicen3ti22s4x@redhat.com>
Message-ID: <SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>

Ok i got it now. Let me try this with role + privilege having three set of permissions 1) memberOf hostgroup to manage the permissions to the hosts 2) permission on cn=hostgroup to manage the hosts membership with in the given group 3) permission for "member attribute" to allow add/delation of hosts membership based on the "member attribute" value.I need to go through the link you shared in the meanwhile a quick question can i add a custom attribute something like AWS EC2 resource tag as the member attribute of an host? i am just wondering what all/else could be an member attribute other than AWS EC2 instance name...

Best Regards,Deepak
> Date: Tue, 30 Aug 2016 18:36:21 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >Hi Alexander,
> >
> >Since i do not want myadmin1 to be able to add or remove the host from
> >other xyzhostgroups into myhostgroup membership.  Is it possible that
> >myadmin1 only sees objects i specifically given the permissions to  and
> >not any other hosts outside of myhostgroup?  That way he cannot add the
> >host he is not supposed to manage within myhostgroup
> OK, now I get it. An easiest way to solve this problem, no surprise, is
> organizational: do not give host group admin rights to include hosts to
> the hostgroup or delete them, only allow them to manage what's in the
> host group.
> 
> You then need to create a separate permission for 'add'/'del' rights
> against 'member' attribute that would allow to include/remove hosts.
> That's easy but it would not allow you to limit *what* hosts could be
> added/removed from the host group.
> 
> Unfortunately, to make that possible, permission-add/permission-mod
> should be extended to allow specifying target attribute's values like 
> described in the RHDS Administration Guide:
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Creating_ACIs_Manually.html#Defining_Targets-Targeting_Attribute_Values_Using_LDAP_Filters
> 
> Even then to define something like this, you need to have specific
> naming of hosts to be able to specify a pattern as a 'member' attribute
> value. Not sure how this is going to work for you in AWS, though, so
> this is why I'm saying it is an organizational issue, not really a
> technical one.
> 
> 
> 
> >Thanks for your great support!
> >regards,Deepak
> >
> >From: deepak_dimri at hotmail.com
> >To: abokovoy at redhat.com
> >CC: freeipa-users at redhat.com
> >Subject: RE: [Freeipa-users] Permission not working as expected
> >Date: Tue, 30 Aug 2016 09:54:38 -0400
> >
> >
> >
> >
> >Let me try summarize it!
> >I want xyzadmin of xyzhostgroup be able to mange all the hosts with in the xyzhostgroup  - which means he should be able to delete/ add/ modify the hosts under xyzhostgroup .  This is what i currently  have in the role :  myhostgroup-role (role)--> myadmin1 (admin user)--> myhostgroup (host group where i have added the hosts) --> my-hostgroup-privilege --> my-hostgroup-permission
> >The problem is that the moment i add memberOf =cn=.... in the target filter then myadmin1 cannot add/delete the hosts with in myhostgroup and any other hosts in other hostgroups. However if i assign the role permission with with subtree=dc=us-west-2,dc=compute,dc=amazonaws,dc=com and filter as  (&(cn=myhostgroup)(objectclass=ipahostgroup)) and member attribute added then myadmin1 gets the expected access to manage the hosts within myhostgroup but then he also gets access to delete and manage other hosts outside of myhostgroup which i dont want!
> >
> >Thanks & Regards,Deepak
> >> Date: Tue, 30 Aug 2016 16:10:00 +0300
> >> From: abokovoy at redhat.com
> >> To: deepak_dimri at hotmail.com
> >> CC: freeipa-users at redhat.com
> >> Subject: Re: [Freeipa-users] Permission not working as expected
> >>
> >> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >> >Hi Alexander,
> >> >i did try adding the "member" effective attribute in GUI and also from
> >> >the command prompt But the error is not going away when i try to delete
> >> >the host from my taphostgroup. for me it only works if i have
> >> >(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then
> >> >the i am allowed access to all the hosts in all the hostgroup :( I am
> >> >kinda stuck with this issue.  Would be great if you can suggest any
> >> >further headway!
> >> Isn't this is what you wanted: a user has ability to manage all hosts in
> >> the host group but not other hosts.
> >>
> >> --
> >> / Alexander Bokovoy
> > 		 	   		   		 	   		
> 
> -- 
> / Alexander Bokovoy
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/94b8c66f/attachment.htm>

From abokovoy at redhat.com  Tue Aug 30 17:35:42 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 20:35:42 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
References: <SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
	<20160830102759.umwidh6hcf7matyc@redhat.com>
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
	<20160830153621.5yteicen3ti22s4x@redhat.com>
	<SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
Message-ID: <20160830173542.mv7bwwobq5xdh7n3@redhat.com>

On Tue, 30 Aug 2016, Deepak Dimri wrote:
>Ok i got it now. Let me try this with role + privilege having three set
>of permissions 1) memberOf hostgroup to manage the permissions to the
>hosts 2) permission on cn=hostgroup to manage the hosts membership with
>in the given group 3) permission for "member attribute" to allow
>add/delation of hosts membership based on the "member attribute"
>value.I need to go through the link you shared in the meanwhile a quick
>question can i add a custom attribute something like AWS EC2 resource
>tag as the member attribute of an host? i am just wondering what
>all/else could be an member attribute other than AWS EC2 instance
>name...
Each ipaHost object has userClass attribute. The semantics are described
in RFC 4524, section 2.25. We don't use it for anything ourselves, it
has a DirectoryString type (UTF-8-encoded string).


>
>Best Regards,Deepak
>> Date: Tue, 30 Aug 2016 18:36:21 +0300
>> From: abokovoy at redhat.com
>> To: deepak_dimri at hotmail.com
>> CC: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] Permission not working as expected
>>
>> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>> >Hi Alexander,
>> >
>> >Since i do not want myadmin1 to be able to add or remove the host from
>> >other xyzhostgroups into myhostgroup membership.  Is it possible that
>> >myadmin1 only sees objects i specifically given the permissions to  and
>> >not any other hosts outside of myhostgroup?  That way he cannot add the
>> >host he is not supposed to manage within myhostgroup
>> OK, now I get it. An easiest way to solve this problem, no surprise, is
>> organizational: do not give host group admin rights to include hosts to
>> the hostgroup or delete them, only allow them to manage what's in the
>> host group.
>>
>> You then need to create a separate permission for 'add'/'del' rights
>> against 'member' attribute that would allow to include/remove hosts.
>> That's easy but it would not allow you to limit *what* hosts could be
>> added/removed from the host group.
>>
>> Unfortunately, to make that possible, permission-add/permission-mod
>> should be extended to allow specifying target attribute's values like
>> described in the RHDS Administration Guide:
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Creating_ACIs_Manually.html#Defining_Targets-Targeting_Attribute_Values_Using_LDAP_Filters
>>
>> Even then to define something like this, you need to have specific
>> naming of hosts to be able to specify a pattern as a 'member' attribute
>> value. Not sure how this is going to work for you in AWS, though, so
>> this is why I'm saying it is an organizational issue, not really a
>> technical one.
>>
>>
>>
>> >Thanks for your great support!
>> >regards,Deepak
>> >
>> >From: deepak_dimri at hotmail.com
>> >To: abokovoy at redhat.com
>> >CC: freeipa-users at redhat.com
>> >Subject: RE: [Freeipa-users] Permission not working as expected
>> >Date: Tue, 30 Aug 2016 09:54:38 -0400
>> >
>> >
>> >
>> >
>> >Let me try summarize it!
>> >I want xyzadmin of xyzhostgroup be able to mange all the hosts with in the xyzhostgroup  - which means he should be able to delete/ add/ modify the hosts under xyzhostgroup .  This is what i currently  have in the role :  myhostgroup-role (role)--> myadmin1 (admin user)--> myhostgroup (host group where i have added the hosts) --> my-hostgroup-privilege --> my-hostgroup-permission
>> >The problem is that the moment i add memberOf =cn=.... in the target filter then myadmin1 cannot add/delete the hosts with in myhostgroup and any other hosts in other hostgroups. However if i assign the role permission with with subtree=dc=us-west-2,dc=compute,dc=amazonaws,dc=com and filter as  (&(cn=myhostgroup)(objectclass=ipahostgroup)) and member attribute added then myadmin1 gets the expected access to manage the hosts within myhostgroup but then he also gets access to delete and manage other hosts outside of myhostgroup which i dont want!
>> >
>> >Thanks & Regards,Deepak
>> >> Date: Tue, 30 Aug 2016 16:10:00 +0300
>> >> From: abokovoy at redhat.com
>> >> To: deepak_dimri at hotmail.com
>> >> CC: freeipa-users at redhat.com
>> >> Subject: Re: [Freeipa-users] Permission not working as expected
>> >>
>> >> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>> >> >Hi Alexander,
>> >> >i did try adding the "member" effective attribute in GUI and also from
>> >> >the command prompt But the error is not going away when i try to delete
>> >> >the host from my taphostgroup. for me it only works if i have
>> >> >(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then
>> >> >the i am allowed access to all the hosts in all the hostgroup :( I am
>> >> >kinda stuck with this issue.  Would be great if you can suggest any
>> >> >further headway!
>> >> Isn't this is what you wanted: a user has ability to manage all hosts in
>> >> the host group but not other hosts.
>> >>
>> >> --
>> >> / Alexander Bokovoy
>> > 		 	   		   		 	   		
>>
>> --
>> / Alexander Bokovoy
> 		 	   		

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy



From rcritten at redhat.com  Tue Aug 30 17:47:14 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 30 Aug 2016 13:47:14 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830173542.mv7bwwobq5xdh7n3@redhat.com>
References: <SNT152-W42FF09831EE4BB60923088F5E00@phx.gbl>
	<20160830100407.gy7lsnhrk7lhlavu@redhat.com>
	<SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
	<20160830102759.umwidh6hcf7matyc@redhat.com>
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
	<20160830153621.5yteicen3ti22s4x@redhat.com>
	<SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
	<20160830173542.mv7bwwobq5xdh7n3@redhat.com>
Message-ID: <57C5C6A2.2040204@redhat.com>

Alexander Bokovoy wrote:
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>> Ok i got it now. Let me try this with role + privilege having three set
>> of permissions 1) memberOf hostgroup to manage the permissions to the
>> hosts 2) permission on cn=hostgroup to manage the hosts membership with
>> in the given group 3) permission for "member attribute" to allow
>> add/delation of hosts membership based on the "member attribute"
>> value.I need to go through the link you shared in the meanwhile a quick
>> question can i add a custom attribute something like AWS EC2 resource
>> tag as the member attribute of an host? i am just wondering what
>> all/else could be an member attribute other than AWS EC2 instance
>> name...
> Each ipaHost object has userClass attribute. The semantics are described
> in RFC 4524, section 2.25. We don't use it for anything ourselves, it
> has a DirectoryString type (UTF-8-encoded string).

userClass is used for auto membership.

rob

>
>
>>
>> Best Regards,Deepak
>>> Date: Tue, 30 Aug 2016 18:36:21 +0300
>>> From: abokovoy at redhat.com
>>> To: deepak_dimri at hotmail.com
>>> CC: freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] Permission not working as expected
>>>
>>> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>>> >Hi Alexander,
>>> >
>>> >Since i do not want myadmin1 to be able to add or remove the host from
>>> >other xyzhostgroups into myhostgroup membership.  Is it possible that
>>> >myadmin1 only sees objects i specifically given the permissions to  and
>>> >not any other hosts outside of myhostgroup?  That way he cannot add the
>>> >host he is not supposed to manage within myhostgroup
>>> OK, now I get it. An easiest way to solve this problem, no surprise, is
>>> organizational: do not give host group admin rights to include hosts to
>>> the hostgroup or delete them, only allow them to manage what's in the
>>> host group.
>>>
>>> You then need to create a separate permission for 'add'/'del' rights
>>> against 'member' attribute that would allow to include/remove hosts.
>>> That's easy but it would not allow you to limit *what* hosts could be
>>> added/removed from the host group.
>>>
>>> Unfortunately, to make that possible, permission-add/permission-mod
>>> should be extended to allow specifying target attribute's values like
>>> described in the RHDS Administration Guide:
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Access_Control-Creating_ACIs_Manually.html#Defining_Targets-Targeting_Attribute_Values_Using_LDAP_Filters
>>>
>>>
>>> Even then to define something like this, you need to have specific
>>> naming of hosts to be able to specify a pattern as a 'member' attribute
>>> value. Not sure how this is going to work for you in AWS, though, so
>>> this is why I'm saying it is an organizational issue, not really a
>>> technical one.
>>>
>>>
>>>
>>> >Thanks for your great support!
>>> >regards,Deepak
>>> >
>>> >From: deepak_dimri at hotmail.com
>>> >To: abokovoy at redhat.com
>>> >CC: freeipa-users at redhat.com
>>> >Subject: RE: [Freeipa-users] Permission not working as expected
>>> >Date: Tue, 30 Aug 2016 09:54:38 -0400
>>> >
>>> >
>>> >
>>> >
>>> >Let me try summarize it!
>>> >I want xyzadmin of xyzhostgroup be able to mange all the hosts with
>>> in the xyzhostgroup  - which means he should be able to delete/ add/
>>> modify the hosts under xyzhostgroup .  This is what i currently  have
>>> in the role :  myhostgroup-role (role)--> myadmin1 (admin user)-->
>>> myhostgroup (host group where i have added the hosts) -->
>>> my-hostgroup-privilege --> my-hostgroup-permission
>>> >The problem is that the moment i add memberOf =cn=.... in the target
>>> filter then myadmin1 cannot add/delete the hosts with in myhostgroup
>>> and any other hosts in other hostgroups. However if i assign the role
>>> permission with with
>>> subtree=dc=us-west-2,dc=compute,dc=amazonaws,dc=com and filter as
>>> (&(cn=myhostgroup)(objectclass=ipahostgroup)) and member attribute
>>> added then myadmin1 gets the expected access to manage the hosts
>>> within myhostgroup but then he also gets access to delete and manage
>>> other hosts outside of myhostgroup which i dont want!
>>> >
>>> >Thanks & Regards,Deepak
>>> >> Date: Tue, 30 Aug 2016 16:10:00 +0300
>>> >> From: abokovoy at redhat.com
>>> >> To: deepak_dimri at hotmail.com
>>> >> CC: freeipa-users at redhat.com
>>> >> Subject: Re: [Freeipa-users] Permission not working as expected
>>> >>
>>> >> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>>> >> >Hi Alexander,
>>> >> >i did try adding the "member" effective attribute in GUI and also
>>> from
>>> >> >the command prompt But the error is not going away when i try to
>>> delete
>>> >> >the host from my taphostgroup. for me it only works if i have
>>> >> >(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT
>>> then
>>> >> >the i am allowed access to all the hosts in all the hostgroup :(
>>> I am
>>> >> >kinda stuck with this issue.  Would be great if you can suggest any
>>> >> >further headway!
>>> >> Isn't this is what you wanted: a user has ability to manage all
>>> hosts in
>>> >> the host group but not other hosts.
>>> >>
>>> >> --
>>> >> / Alexander Bokovoy
>>> >
>>>
>>> --
>>> / Alexander Bokovoy
>>
>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>



From abokovoy at redhat.com  Tue Aug 30 17:53:40 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 20:53:40 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <57C5C6A2.2040204@redhat.com>
References: <SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
	<20160830102759.umwidh6hcf7matyc@redhat.com>
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
	<20160830153621.5yteicen3ti22s4x@redhat.com>
	<SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
	<20160830173542.mv7bwwobq5xdh7n3@redhat.com>
	<57C5C6A2.2040204@redhat.com>
Message-ID: <20160830175340.llyjrw5lfhonmc5u@redhat.com>

On Tue, 30 Aug 2016, Rob Crittenden wrote:
>Alexander Bokovoy wrote:
>>On Tue, 30 Aug 2016, Deepak Dimri wrote:
>>>Ok i got it now. Let me try this with role + privilege having three set
>>>of permissions 1) memberOf hostgroup to manage the permissions to the
>>>hosts 2) permission on cn=hostgroup to manage the hosts membership with
>>>in the given group 3) permission for "member attribute" to allow
>>>add/delation of hosts membership based on the "member attribute"
>>>value.I need to go through the link you shared in the meanwhile a quick
>>>question can i add a custom attribute something like AWS EC2 resource
>>>tag as the member attribute of an host? i am just wondering what
>>>all/else could be an member attribute other than AWS EC2 instance
>>>name...
>>Each ipaHost object has userClass attribute. The semantics are described
>>in RFC 4524, section 2.25. We don't use it for anything ourselves, it
>>has a DirectoryString type (UTF-8-encoded string).
>
>userClass is used for auto membership.
You mean it can be used. At least I don't see pre-defined automember
rules with userClass. We even tell in the 'ipa host-mod' about --class
option:
  --class=STR           Host category (semantics placed on this attribute are
                        for local interpretation)

-- 
/ Alexander Bokovoy



From rcritten at redhat.com  Tue Aug 30 17:57:06 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 30 Aug 2016 13:57:06 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830175340.llyjrw5lfhonmc5u@redhat.com>
References: <SNT152-W6383C4C914781598C75AB0F5E00@phx.gbl>
	<20160830102759.umwidh6hcf7matyc@redhat.com>
	<SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
	<20160830153621.5yteicen3ti22s4x@redhat.com>
	<SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
	<20160830173542.mv7bwwobq5xdh7n3@redhat.com>
	<57C5C6A2.2040204@redhat.com>
	<20160830175340.llyjrw5lfhonmc5u@redhat.com>
Message-ID: <57C5C8F2.9080500@redhat.com>

Alexander Bokovoy wrote:
> On Tue, 30 Aug 2016, Rob Crittenden wrote:
>> Alexander Bokovoy wrote:
>>> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>>>> Ok i got it now. Let me try this with role + privilege having three set
>>>> of permissions 1) memberOf hostgroup to manage the permissions to the
>>>> hosts 2) permission on cn=hostgroup to manage the hosts membership with
>>>> in the given group 3) permission for "member attribute" to allow
>>>> add/delation of hosts membership based on the "member attribute"
>>>> value.I need to go through the link you shared in the meanwhile a quick
>>>> question can i add a custom attribute something like AWS EC2 resource
>>>> tag as the member attribute of an host? i am just wondering what
>>>> all/else could be an member attribute other than AWS EC2 instance
>>>> name...
>>> Each ipaHost object has userClass attribute. The semantics are described
>>> in RFC 4524, section 2.25. We don't use it for anything ourselves, it
>>> has a DirectoryString type (UTF-8-encoded string).
>>
>> userClass is used for auto membership.
> You mean it can be used. At least I don't see pre-defined automember
> rules with userClass. We even tell in the 'ipa host-mod' about --class
> option:
>   --class=STR           Host category (semantics placed on this
> attribute are
>                         for local interpretation)
>

Perhaps but this attribute was added specifically for this use case, 
http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems

rob



From abokovoy at redhat.com  Tue Aug 30 18:08:56 2016
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 30 Aug 2016 21:08:56 +0300
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <57C5C8F2.9080500@redhat.com>
References: <SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
	<20160830153621.5yteicen3ti22s4x@redhat.com>
	<SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
	<20160830173542.mv7bwwobq5xdh7n3@redhat.com>
	<57C5C6A2.2040204@redhat.com>
	<20160830175340.llyjrw5lfhonmc5u@redhat.com>
	<57C5C8F2.9080500@redhat.com>
Message-ID: <20160830180856.x4r3qvuk7whzvoul@redhat.com>

On Tue, 30 Aug 2016, Rob Crittenden wrote:
>Alexander Bokovoy wrote:
>>On Tue, 30 Aug 2016, Rob Crittenden wrote:
>>>Alexander Bokovoy wrote:
>>>>On Tue, 30 Aug 2016, Deepak Dimri wrote:
>>>>>Ok i got it now. Let me try this with role + privilege having three set
>>>>>of permissions 1) memberOf hostgroup to manage the permissions to the
>>>>>hosts 2) permission on cn=hostgroup to manage the hosts membership with
>>>>>in the given group 3) permission for "member attribute" to allow
>>>>>add/delation of hosts membership based on the "member attribute"
>>>>>value.I need to go through the link you shared in the meanwhile a quick
>>>>>question can i add a custom attribute something like AWS EC2 resource
>>>>>tag as the member attribute of an host? i am just wondering what
>>>>>all/else could be an member attribute other than AWS EC2 instance
>>>>>name...
>>>>Each ipaHost object has userClass attribute. The semantics are described
>>>>in RFC 4524, section 2.25. We don't use it for anything ourselves, it
>>>>has a DirectoryString type (UTF-8-encoded string).
>>>
>>>userClass is used for auto membership.
>>You mean it can be used. At least I don't see pre-defined automember
>>rules with userClass. We even tell in the 'ipa host-mod' about --class
>>option:
>>  --class=STR           Host category (semantics placed on this
>>attribute are
>>                        for local interpretation)
>>
>
>Perhaps but this attribute was added specifically for this use case, 
>http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
Sure, it still means semantics are locally interpreted by whoever does
the deployment. I doubt anything in Deepak's setup relies on userClass
yet.

-- 
/ Alexander Bokovoy



From jgoddard at emerlyn.com  Tue Aug 30 18:37:36 2016
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Tue, 30 Aug 2016 14:37:36 -0400
Subject: [Freeipa-users] sudo rules question on ubuntu 16.0.1
In-Reply-To: <20160830164623.GC96304@ozymandias.local>
References: <57C5580E.2010102@redhat.com>
	<20160830164623.GC96304@ozymandias.local>
Message-ID: <CA+No-6F4eYN7x_mt00BJep44+bia5bQBVv9tZ2TQt=4wbj4oLQ@mail.gmail.com>

Cory,

Thanks for the update and link. And a big thanks to everyone else for their
time looking at this. I also was able to install  the referenced .deb and
now sudo works as expected.

Jeff

On Tue, Aug 30, 2016 at 12:46 PM, Cory Francis Myers <
cory at trinitymobilenetworks.com> wrote:

> Pavel B?ezina | Tue, 30 Aug 2016 02:59:55 -0700:
> > unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16
> > contains a new option called netgroup_tuple, which tells whether a
> > full netgroup tuply is check or only the host/user part in host/user
> > check. However, the patch didn't make the sssd plugin to obey this
> > option and it always check both hostname and username.
> >
> > It is fixed in 1.8.17 by this patch:
> > https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7
> >
> > Please, report bug against Ubuntu sudo to backport this patch or rebase
> > sudo.
>
> Already open on Launchpad, it looks like:
>
>     https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666
>
>
> sudo 1.8.17 installed from "sudo_1.8.17-2_amd64.deb"[1] is working for
> us now.  Thank you for the suggestion.
>
> Jeff, I hope you have the same good luck.
>
>
>     --- cfm.
>
>
> [1] https://www.sudo.ws/download.html
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/bc686371/attachment.htm>

From rcritten at redhat.com  Tue Aug 30 18:46:48 2016
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 30 Aug 2016 14:46:48 -0400
Subject: [Freeipa-users] Permission not working as expected
In-Reply-To: <20160830180856.x4r3qvuk7whzvoul@redhat.com>
References: <SNT152-W4230A4A079CBF1279A374F5E00@phx.gbl>
	<20160830130959.6nlz3d7yjfjl4piq@redhat.com>
	<SNT152-W2315FC9D34515881AAC06FF5E00@phx.gbl>
	<SNT152-W109271A0B8C4E33ED9E55FF5E00@phx.gbl>
	<20160830153621.5yteicen3ti22s4x@redhat.com>
	<SNT152-W321E51D4AF65970817284CF5E00@phx.gbl>
	<20160830173542.mv7bwwobq5xdh7n3@redhat.com>
	<57C5C6A2.2040204@redhat.com>
	<20160830175340.llyjrw5lfhonmc5u@redhat.com>
	<57C5C8F2.9080500@redhat.com>
	<20160830180856.x4r3qvuk7whzvoul@redhat.com>
Message-ID: <57C5D498.7080509@redhat.com>

Alexander Bokovoy wrote:
> On Tue, 30 Aug 2016, Rob Crittenden wrote:
>> Alexander Bokovoy wrote:
>>> On Tue, 30 Aug 2016, Rob Crittenden wrote:
>>>> Alexander Bokovoy wrote:
>>>>> On Tue, 30 Aug 2016, Deepak Dimri wrote:
>>>>>> Ok i got it now. Let me try this with role + privilege having
>>>>>> three set
>>>>>> of permissions 1) memberOf hostgroup to manage the permissions to the
>>>>>> hosts 2) permission on cn=hostgroup to manage the hosts membership
>>>>>> with
>>>>>> in the given group 3) permission for "member attribute" to allow
>>>>>> add/delation of hosts membership based on the "member attribute"
>>>>>> value.I need to go through the link you shared in the meanwhile a
>>>>>> quick
>>>>>> question can i add a custom attribute something like AWS EC2 resource
>>>>>> tag as the member attribute of an host? i am just wondering what
>>>>>> all/else could be an member attribute other than AWS EC2 instance
>>>>>> name...
>>>>> Each ipaHost object has userClass attribute. The semantics are
>>>>> described
>>>>> in RFC 4524, section 2.25. We don't use it for anything ourselves, it
>>>>> has a DirectoryString type (UTF-8-encoded string).
>>>>
>>>> userClass is used for auto membership.
>>> You mean it can be used. At least I don't see pre-defined automember
>>> rules with userClass. We even tell in the 'ipa host-mod' about --class
>>> option:
>>>  --class=STR           Host category (semantics placed on this
>>> attribute are
>>>                        for local interpretation)
>>>
>>
>> Perhaps but this attribute was added specifically for this use case,
>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
> Sure, it still means semantics are locally interpreted by whoever does
> the deployment. I doubt anything in Deepak's setup relies on userClass
> yet.

Yet being the operative word. Overload it if you want but you might come 
to regret it.

rob



From marc.boorshtein at tremolosecurity.com  Tue Aug 30 18:57:26 2016
From: marc.boorshtein at tremolosecurity.com (Marc Boorshtein)
Date: Tue, 30 Aug 2016 14:57:26 -0400
Subject: [Freeipa-users] Open Source self service portal for FreeIPA
Message-ID: <CAH2S7UB90qG0LtfW1oqF8zs2WHpHQ8wdKJ7Bq1C106oVAdrFEg@mail.gmail.com>

FreeIPAers,

We wanted to make it easy to add self service capabilities to FreeIPA:
* Self service password resets
* User self registration
* Workflow based access requests (and approvals)
* Reporting

We'd appreciate any thoughts or feedback:

https://www.tremolosecurity.com/open-source-identity-manager-for-red-hat-identity-management-and-freeipa/

Thanks

Marc Boorshtein
CTO Tremolo Security
marc.boorshtein at tremolosecurity.com
Twitter - @mlbiam / @tremolosecurity



From junkmafia89 at gmail.com  Tue Aug 30 21:18:01 2016
From: junkmafia89 at gmail.com (Master P.)
Date: Tue, 30 Aug 2016 17:18:01 -0400
Subject: [Freeipa-users] OTP authentication without Password
Message-ID: <CAA0UptZkDzfFokxyzqnCbH95t4z0k3ce0mMmOLP4ZoN5Yfe+yw@mail.gmail.com>

Hello,

Is it possible to authenticate a user with only OTP and ssh-pubkeys?

So far I have successfully configured FreeIPA to use Two factor
authentication (password + OTP).  I had to change the sshd_config to
achieve this by modifying the AuthenticationMethods to be:

AuthenticationMethods publickey,password:pam
publickey,keyboard-interactive-pam

In this way the user's ssh-pubkey, password, and OTP are required to
login.  I would like to remove the password requirement but retain the OTP
auth.

>From the FreeIPA web UI there is no setting to only enable OTP without a
password.  Is there a way to change the sshd_config AuthenticationMethods
to only allow OTP + ssh-pubkey.  Does this instead require a change to one
of the pam files?

Thanks,

Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/cea6e701/attachment.htm>

From tjaalton at ubuntu.com  Tue Aug 30 22:23:21 2016
From: tjaalton at ubuntu.com (Timo Aaltonen)
Date: Wed, 31 Aug 2016 01:23:21 +0300
Subject: [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1
In-Reply-To: <ea17612a-fa54-8194-d8f4-de2a008df331@ubuntu.com>
References: <57192380.4090400@ubuntu.com>
	<ea17612a-fa54-8194-d8f4-de2a008df331@ubuntu.com>
Message-ID: <e53472e8-1ed9-c7fb-e1dd-d78978af9aca@ubuntu.com>

On 29.08.2016 10:34, Timo Aaltonen wrote:
> On 21.04.2016 22:01, Timo Aaltonen wrote:
>>
>> ps. Debian unstable will have 4.3.1 once the package has gone through
>> the NEW queue because the packaging got split in certain ways
> 
> No it did not, because the ftpmaster rejected the upload since it ships
> with minified javascript which is not considered modifiable source code.
> And the old version has now been removed from Debian because it was
> unmaintainable.
> 
> So I hope #5639 will be resolved at some point. Note that Debian doesn't
> require the javascript to be minified during package build, just that
> the source would ship the unminified copy as well.

Turns out it wasn't too much of an effort to pull in unminified bits of
everything that is shipped minified (just ~630kB..), so I guess Freeipa
will be uploaded back fairly soon...



-- 
t



From jochen at jochen.org  Wed Aug 31 05:14:27 2016
From: jochen at jochen.org (Jochen Hein)
Date: Wed, 31 Aug 2016 07:14:27 +0200
Subject: [Freeipa-users] OTP authentication without Password
In-Reply-To: <CAA0UptZkDzfFokxyzqnCbH95t4z0k3ce0mMmOLP4ZoN5Yfe+yw@mail.gmail.com>
	(Master P.'s message of "Tue, 30 Aug 2016 17:18:01 -0400")
References: <CAA0UptZkDzfFokxyzqnCbH95t4z0k3ce0mMmOLP4ZoN5Yfe+yw@mail.gmail.com>
Message-ID: <83eg55jz9o.fsf@echidna.jochen.org>

"Master P." <junkmafia89 at gmail.com> writes:

> Is it possible to authenticate a user with only OTP and ssh-pubkeys?

Yes, but you need some tool managing OTP without password/PIN, which
FreeIPA doesn't seem to support.  I use privacyidea to manage my OTP
tokens and have a working configuration.

> So far I have successfully configured FreeIPA to use Two factor
> authentication (password + OTP).  I had to change the sshd_config to
> achieve this by modifying the AuthenticationMethods to be:
>
> AuthenticationMethods publickey,password:pam
> publickey,keyboard-interactive-pam

I do use:

Match Group otpusers
    AuthenticationMethods publickey,keyboard-interactive:pam gssapi-with-mic

When authenticating with ssh key, also require PAM. Having a kerberos
ticket grants access.

My PAM configuration is:

# If the user is in group otpusers, we use the next rule, otherwise we skip
# the call to pam_yubico.
auth [default=1 success=ignore] pam_succeed_if.so quiet user ingroup otpusers
auth sufficient pam_yubico.so id=<clientid> key=<key> urllist=https://privacyidea.jochen.org/ttype/yubikey authfile=/etc/yubikeys/authorized_yubikeys

I use Yubikeys in mode YUBICO, but my own privacyidea authentication
server. It should be also possible to use privacyidea as a backend
behind a RADIUS server for FreeIPA (I do use it for OpenVPN, but not
FreeIPA).

If find it more flexible to hand off OTP to a special tool like
privacyidea oder linotp - a token on FreeIPA, Kolab, or another
application is only a single purpose token.

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.



From mdri at sbcglobal.net  Tue Aug 30 22:29:46 2016
From: mdri at sbcglobal.net (Michael)
Date: Tue, 30 Aug 2016 15:29:46 -0700
Subject: [Freeipa-users] Site functionality between clients and server
Message-ID: <B553F4F3-1FA4-49E0-90EB-F54DE4117753@sbcglobal.net>

Our environment has multiple FreeIPA servers and associated SRV records.  During client install, I can?t determine how each installation chooses the value to be placed in the ipa_server property of sssd.conf.

Can Free IPA clients be configured to prefer an ldap server on its own subnet?  On a defined list of subnets, like Active Directory Sites?





From rene.trippen at mailbox.org  Tue Aug 30 23:12:14 2016
From: rene.trippen at mailbox.org (Rene Trippen)
Date: Wed, 31 Aug 2016 01:12:14 +0200
Subject: [Freeipa-users] Migrate users with password from one IPA to
 another
In-Reply-To: <57BF2E8C.80800@redhat.com>
References: <CAOXtQj=RT+8yZMgWxkXY-hWHmQqt-D-2ef8rH3qTqfiY7aUc-A@mail.gmail.com>
	<57BF2E8C.80800@redhat.com>
Message-ID: <b18af8f4-cdaa-82ec-0856-61fee6aac9cb@mailbox.org>

On 25.08.2016 19:44, Rob Crittenden wrote:
> Rene Trippen wrote:
>> Hi,
>>
>> I`ve got an IPA with a broken CA infrastructure (don`t know what
>> happened, but new clients cannot be registered)
>> It is even not possible to setup a new replica.
>
> It may be fairly straightforward to getting the CA back up. How is it
> broken?
>
I don't know how that happened exactly, we had an IPA 3.x Server, then 
we migrated it to another machine and upgraded to IPA 4.1, later, we 
upgraded (on the same machine) to IPA 4.2.
The IPA Server is basically working, but when I want to register a new 
machine, the registration process fails with following (I think these 
are the relevant lines) error

2016-08-30T22:40:25Z DEBUG flushing ldap://ipa.internal.domain:389 from 
SchemaCache
2016-08-30T22:40:25Z DEBUG retrieving schema for SchemaCache 
url=ldap://ipa.internal.domain:389 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x375d5a8>
2016-08-30T22:40:26Z DEBUG Adding CA certificates to the IPA NSS database.
2016-08-30T22:40:26Z DEBUG Starting external process
2016-08-30T22:40:26Z DEBUG args='/usr/bin/certutil' '-d' 
'/etc/ipa/nssdb' '-A' '-n' 'INTERNAL.DOMAIN IPA CA' '-t' 'CT,C,C'
2016-08-30T22:40:26Z DEBUG Process finished, return code=0
2016-08-30T22:40:26Z DEBUG stdout=
2016-08-30T22:40:26Z DEBUG stderr=
2016-08-30T22:40:26Z DEBUG Starting external process
2016-08-30T22:40:26Z DEBUG args='/usr/bin/certutil' '-d' 
'/etc/ipa/nssdb' '-A' '-n' 'INTERNAL.DOMAIN IPA CA' '-t' 'CT,C,C'
2016-08-30T22:40:26Z DEBUG Process finished, return code=255
2016-08-30T22:40:26Z DEBUG stdout=
2016-08-30T22:40:26Z DEBUG stderr=certutil: could not add certificate to 
token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to 
database.

2016-08-30T22:40:26Z ERROR Failed to add INTERNAL.DOMAIN IPA CA to the 
IPA NSS database.
2016-08-30T22:40:26Z ERROR Installation failed. Rolling back changes.


The client tries to add 2 certificates, but fails with the second, I 
think, it is because we have 2 CA certificates (one from the old IPA 3.x 
server and one from the new 4.x server). My current workaround is to 
register the client with an ipa3.x client, then I do an upgrade to the 
4.x client

I've tried many ways to setup a new CA:
- tried ipa-cacert-manage renew
- tried to setup a new replica with new CA, but the setup failed with 
the same problems described above
- tried to remove all old certificates refering to the old ipa server 
(but I think I failed somewhere)

My thoughts are, the CA is in a bad condition, and I spent much time in 
trying to fix it, with no success. And, my fears are, if I find some 
crude, not documented workaround for the CA problem, the problem maybe 
pops up at the next update. So, setting up a fresh IPA and migrating 
everything (except the clients), was my hope to get an IPA running 
without all the CA problems. Migrating the clients is not the problem, 
that can be done by script (spacewalk or ansible), but migrating the 
users is not that easy, because the users cannot be scripted :)


>> So, I wanted to setup a new IPA Server with new CA, and I want to move
>> all users with their passwords to the new IPA instance.
>> I`ve tried with 'ipa migrate-ds'
>>
>> ipa migrate-ds --continue --bind-dn="cn=Directory Manager"
>> --user-container=cn=users,cn=accounts
>> --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
>> --group-overwrite-gid --with-compat ldap://<ldapserver>
>>
>> The output is OK
>> =======
>> Passwords have been migrated in pre-hashed format.
>> IPA is unable to generate Kerberos keys unless provided
>> with clear text passwords. All migrated users need to
>> login at https://your.domain/ipa/migration/ before they
>> can use their Kerberos accounts.
>> ========
>>
>> But  the ipa/migration website is not working for me.
>> Anyway, is there a way to export the users with passwords? I think I
>> have to export some kerberos specific stuff from the old IPA?
>
> The log file /var/log/httpd/error_log may have details on what isn't
> working.

Sorry, that was not clearly described:

The site is basically working, but when I enter the password, nothing 
happens in the backend (I cannot login with my user on the ipa login 
site).

- rene

>
> The way to export users with passwords is the method you've already
> tried. To not have to change a password at all would require the same
> Kerberos master key and these are generated randomly at install time.
>
> rob
>



From jhrozek at redhat.com  Wed Aug 31 07:12:43 2016
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Wed, 31 Aug 2016 09:12:43 +0200
Subject: [Freeipa-users] Site functionality between clients and server
In-Reply-To: <B553F4F3-1FA4-49E0-90EB-F54DE4117753@sbcglobal.net>
References: <B553F4F3-1FA4-49E0-90EB-F54DE4117753@sbcglobal.net>
Message-ID: <20160831071243.wt5lebafkgmyhuy3@hendrix>

On Tue, Aug 30, 2016 at 03:29:46PM -0700, Michael wrote:
> Our environment has multiple FreeIPA servers and associated SRV records.  During client install, I can?t determine how each installation chooses the value to be placed in the ipa_server property of sssd.conf.
> 
> Can Free IPA clients be configured to prefer an ldap server on its own subnet?  On a defined list of subnets, like Active Directory Sites?

Coming up in 4.4:
    http://www.freeipa.org/page/V4/DNS_Location_Mechanism



From pspacek at redhat.com  Wed Aug 31 08:18:57 2016
From: pspacek at redhat.com (Petr Spacek)
Date: Wed, 31 Aug 2016 10:18:57 +0200
Subject: [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1
In-Reply-To: <e53472e8-1ed9-c7fb-e1dd-d78978af9aca@ubuntu.com>
References: <57192380.4090400@ubuntu.com>
	<ea17612a-fa54-8194-d8f4-de2a008df331@ubuntu.com>
	<e53472e8-1ed9-c7fb-e1dd-d78978af9aca@ubuntu.com>
Message-ID: <ddc6e807-9de4-f4ad-b6c5-058d2d9cb1b7@redhat.com>

On 31.8.2016 00:23, Timo Aaltonen wrote:
> On 29.08.2016 10:34, Timo Aaltonen wrote:
>> On 21.04.2016 22:01, Timo Aaltonen wrote:
>>>
>>> ps. Debian unstable will have 4.3.1 once the package has gone through
>>> the NEW queue because the packaging got split in certain ways
>>
>> No it did not, because the ftpmaster rejected the upload since it ships
>> with minified javascript which is not considered modifiable source code.
>> And the old version has now been removed from Debian because it was
>> unmaintainable.
>>
>> So I hope #5639 will be resolved at some point. Note that Debian doesn't
>> require the javascript to be minified during package build, just that
>> the source would ship the unminified copy as well.
> 
> Turns out it wasn't too much of an effort to pull in unminified bits of
> everything that is shipped minified (just ~630kB..), so I guess Freeipa
> will be uploaded back fairly soon...

Timo,

can you share script/procedure you used? It would save us some time spent on
re-inventing what you have done :-)

We need to see how complex change it would be so we could pull it into master
eventually.

-- 
Petr^2 Spacek



From pbrezina at redhat.com  Wed Aug 31 08:51:09 2016
From: pbrezina at redhat.com (=?UTF-8?Q?Pavel_B=c5=99ezina?=)
Date: Wed, 31 Aug 2016 10:51:09 +0200
Subject: [Freeipa-users] Help with sudo permission for a command
In-Reply-To: <CA+7FK-iT8U3SrpECEi9NB=QPaTCoXD0QWsKV-0Sm=9W0KwvrGw@mail.gmail.com>
References: <CA+7FK-iT8U3SrpECEi9NB=QPaTCoXD0QWsKV-0Sm=9W0KwvrGw@mail.gmail.com>
Message-ID: <57C69A7D.9080401@redhat.com>

On 08/30/2016 05:08 PM, Ryan Whalen wrote:
> Hi All,
>
> Im having an issue getting a command to run properly, and the issue
> seems to be with Freeipa sudo permissions. Specifically 'sudo su -
> app_user -c "<command>"' prompts for a password when run.
>
> However if I 'sudo su - app_user' and then run the '<command>' as
> app_user, it works fine.
>
> example:
> ```
> $ ssh ryan at production-server.pp
> Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
> ryan$ sudo su - app_user -c "df"
> [sudo] password for ryan:
> ^C
> ryan$ sudo su - app_user
> app_user$ df
> Filesystem           1K-blocks     Used Available Use% Mounted on
> /dev/sda3             14845784  6667296   7417708  48% /
> tmpfs                  1474228        0   1474228   0% /dev/shm
> /dev/sda1               487652    81221    380831  18% /boot
> 10.51.0.34:/srv/nfs/app
>                       287687168 69111040 218576128  25% /var/app
> 10.51.0.54:/srv/nfs/ipa
>                        16377088  3728640  11809792  24% /home/ipa
> ap_user$
> ```
>
> I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
> app_user -c` but I cant get the `-c` to work in a single command. I also
> tried giving sudo permission to `/bin/bash` in case the `-c` needed it
> to create a new shell for some reason, but it didn't work.
>
> Does anyone have any thoughts on what permissions I might be missing to
> allow the user to run `sudo su - app_user -c <command>`?
>
> Thanks,
> Ryan
>
>

Try to allow /bin/su - app_user -c '*'

If I understand you correctly, you want to allow user to run any command 
as app_user. You can do it also by creating a rule that allows to run 
any command and run it as app_user.



From rene.trippen at gmail.com  Wed Aug 31 08:57:01 2016
From: rene.trippen at gmail.com (Rene Trippen)
Date: Wed, 31 Aug 2016 10:57:01 +0200
Subject: [Freeipa-users] Migrate users with password from one IPA to
 another
In-Reply-To: <57BF2E8C.80800@redhat.com>
References: <CAOXtQj=RT+8yZMgWxkXY-hWHmQqt-D-2ef8rH3qTqfiY7aUc-A@mail.gmail.com>
	<57BF2E8C.80800@redhat.com>
Message-ID: <e5155f97-0253-048d-be3b-2051495f9f45@gmail.com>

On 25.08.2016 19:44, Rob Crittenden wrote:
> Rene Trippen wrote:
>> Hi,
>>
>> I`ve got an IPA with a broken CA infrastructure (don`t know what
>> happened, but new clients cannot be registered)
>> It is even not possible to setup a new replica.
>
> It may be fairly straightforward to getting the CA back up. How is it
> broken?
>
I don't know how that happened exactly, we had an IPA 3.x Server, then 
we migrated it to another machine and upgraded to IPA 4.1, later, we 
upgraded (on the same machine) to IPA 4.2.
The IPA Server is basically working, but when I want to register a new 
machine, the registration process fails with following (I think these 
are the relevant lines) error

2016-08-30T22:40:25Z DEBUG flushing ldap://ipa.internal.domain:389 from 
SchemaCache
2016-08-30T22:40:25Z DEBUG retrieving schema for SchemaCache 
url=ldap://ipa.internal.domain:389 
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x375d5a8>
2016-08-30T22:40:26Z DEBUG Adding CA certificates to the IPA NSS database.
2016-08-30T22:40:26Z DEBUG Starting external process
2016-08-30T22:40:26Z DEBUG args='/usr/bin/certutil' '-d' 
'/etc/ipa/nssdb' '-A' '-n' 'INTERNAL.DOMAIN IPA CA' '-t' 'CT,C,C'
2016-08-30T22:40:26Z DEBUG Process finished, return code=0
2016-08-30T22:40:26Z DEBUG stdout=
2016-08-30T22:40:26Z DEBUG stderr=
2016-08-30T22:40:26Z DEBUG Starting external process
2016-08-30T22:40:26Z DEBUG args='/usr/bin/certutil' '-d' 
'/etc/ipa/nssdb' '-A' '-n' 'INTERNAL.DOMAIN IPA CA' '-t' 'CT,C,C'
2016-08-30T22:40:26Z DEBUG Process finished, return code=255
2016-08-30T22:40:26Z DEBUG stdout=
2016-08-30T22:40:26Z DEBUG stderr=certutil: could not add certificate to 
token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to 
database.

2016-08-30T22:40:26Z ERROR Failed to add INTERNAL.DOMAIN IPA CA to the 
IPA NSS database.
2016-08-30T22:40:26Z ERROR Installation failed. Rolling back changes.


The client tries to add 2 certificates, but fails with the second, I 
think, it is because we have 2 CA certificates (one from the old IPA 3.x 
server and one from the new 4.x server). My current workaround is to 
register the client with an ipa3.x client, then I do an upgrade to the 
4.x client

I've tried many ways to setup a new CA:
- tried ipa-cacert-manage renew
- tried to setup a new replica with new CA, but the setup failed with 
the same problems described above
- tried to remove all old certificates refering to the old ipa server 
(but I think I failed somewhere)

My thoughts are, the CA is in a bad condition, and I spent much time in 
trying to fix it, with no success. And, my fears are, if I find some 
crude, not documented workaround for the CA problem, the problem maybe 
pops up at the next update. So, setting up a fresh IPA and migrating 
everything (except the clients), was my hope to get an IPA running 
without all the CA problems. Migrating the clients is not the problem, 
that can be done by script (spacewalk or ansible), but migrating the 
users is not that easy, because the users cannot be scripted :)


>> So, I wanted to setup a new IPA Server with new CA, and I want to move
>> all users with their passwords to the new IPA instance.
>> I`ve tried with 'ipa migrate-ds'
>>
>> ipa migrate-ds --continue --bind-dn="cn=Directory Manager"
>> --user-container=cn=users,cn=accounts
>> --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
>> --group-overwrite-gid --with-compat ldap://<ldapserver>
>>
>> The output is OK
>> =======
>> Passwords have been migrated in pre-hashed format.
>> IPA is unable to generate Kerberos keys unless provided
>> with clear text passwords. All migrated users need to
>> login at https://your.domain/ipa/migration/ before they
>> can use their Kerberos accounts.
>> ========
>>
>> But  the ipa/migration website is not working for me.
>> Anyway, is there a way to export the users with passwords? I think I
>> have to export some kerberos specific stuff from the old IPA?
>
> The log file /var/log/httpd/error_log may have details on what isn't
> working.

Sorry, that was not clearly described:

The site is basically working, but when I enter the password, nothing 
happens in the backend (I cannot login with my user on the ipa login site).

- rene

>
> The way to export users with passwords is the method you've already
> tried. To not have to change a password at all would require the same
> Kerberos master key and these are generated randomly at install time.
>
> rob
>



From deepak_dimri at hotmail.com  Wed Aug 31 09:49:28 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Wed, 31 Aug 2016 05:49:28 -0400
Subject: [Freeipa-users] Getting ACL Syntax Error(-5)
Message-ID: <SNT152-W7805A1536DF18D69574478F5E30@phx.gbl>










Hi All,I am getting ACL Syntax Error(-5) when trying to add ACI to my freeIPA server.  Any idea why i am getting this error?
This is the error i am getting:
ldap_modify: Invalid syntax (21)








	additional info: ACL Syntax Error(-5):(targetattr=\22userclass\22)(targetfilter=\22(objectclass=ipahost)\22)(version3.0; acl \22permission:Allow admin to modify  hosts membership within  permitted hostgroups\22; allow (write) groupdn =\22ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com\22;)
my ldif entries:
dn: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
add: aci
aci: (targetattr = "userclass")(targetfilter = "(objectclass=ipahost)")(version3.0;acl "permission:Allow admin to modify  hosts membership within  permitted hostgroups";allow (write) groupdn ="ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com";)
Also, one general question i should be able to view the ACI under freeIPA permission tab once it gets created correct?
Thanks & regards,Deepak
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/ba01dcce/attachment.htm>

From mbasti at redhat.com  Wed Aug 31 10:06:02 2016
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 31 Aug 2016 12:06:02 +0200
Subject: [Freeipa-users] Getting ACL Syntax Error(-5)
In-Reply-To: <SNT152-W7805A1536DF18D69574478F5E30@phx.gbl>
References: <SNT152-W7805A1536DF18D69574478F5E30@phx.gbl>
Message-ID: <07a69b71-534c-0ddd-39fd-df9b72eaff6f@redhat.com>



On 31.08.2016 11:49, Deepak Dimri wrote:
>
>
> Hi All,
>
> I am getting *ACL Syntax Error(-5) *when trying to add ACI to my 
> freeIPA server.  Any idea why i am getting this error?
>
Maybe your ACI is incorrect?

>
> This is the error i am getting:
>
>
> ldap_modify: Invalid syntax (21)
>
> *additional info: ACL Syntax 
> Error(-5)*:(targetattr=\22userclass\22)(targetfilter=\22(objectclass=ipahost)\22)(version3.0; 
> acl \22permission:Allow admin to modify  hosts membership within  
> permitted hostgroups\22; allow (write) groupdn 
> =\22ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com\22;)
>
>
Can you try here'version3.0;' to put space between version and number

Otherwise it looks good to me.

> my ldif entries:
>
>
> dn: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
>
> add: aci
>
> aci: (targetattr = "userclass")(targetfilter = 
> "(objectclass=ipahost)")(version3.0;acl "permission:Allow admin to 
> modify  hosts membership within  permitted hostgroups";allow (write) 
> groupdn 
> ="ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com";)
>
>
> Also, one general question i should be able to view the ACI under 
> freeIPA permission tab once it gets created correct?
>
No, you have to add FreeIPA permission, custom ACIs are not tracked in 
webUI/CLI

IMO it should be possible to create this permission using webUI

Martin
>
>
> Thanks & regards,
>
> Deepak
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/eb9be9b7/attachment.htm>

From deepak_dimri at hotmail.com  Wed Aug 31 10:52:12 2016
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Wed, 31 Aug 2016 06:52:12 -0400
Subject: [Freeipa-users] Getting ACL Syntax Error(-5)
In-Reply-To: <07a69b71-534c-0ddd-39fd-df9b72eaff6f@redhat.com>
References: <SNT152-W7805A1536DF18D69574478F5E30@phx.gbl>,
	<07a69b71-534c-0ddd-39fd-df9b72eaff6f@redhat.com>
Message-ID: <SNT152-W36C0BB401B4BF5F9735721F5E30@phx.gbl>

Thanks Martin, That worked.
Though this ACI did not help me achieve what i was looking for. Let me ask this to you if you can advice me something:-
i want to create a permission which should allow an admin to 'add'/'delete' hosts from "foo-hostgroup" list only if the "member attribute"value is equal to "foo". I basically want to restrict the foo admin to not to add any other host in the "foo-hostgroup other than the host having an attribute value as "foo". Why i can achieve this?
Many Thanks,Deepak


Subject: Re: [Freeipa-users] Getting ACL Syntax Error(-5)
To: deepak_dimri at hotmail.com; freeipa-users at redhat.com
From: mbasti at redhat.com
Date: Wed, 31 Aug 2016 12:06:02 +0200


  
    
  
  
    

    

    

    On 31.08.2016 11:49, Deepak Dimri
      wrote:

    
    
      
      
        

          
        Hi All,
        I am getting ACL
            Syntax Error(-5) when
            trying to add ACI to my freeIPA server.  Any idea why i am
            getting this error?
      
    
    Maybe your ACI is incorrect?

    

    
      
        

          
        This is the error i
            am getting:
        

        
        ldap_modify: Invalid syntax (21)
        
        
         additional
              info: ACL Syntax Error(-5):(targetattr=\22userclass\22)(targetfilter=\22(objectclass=ipahost)\22)(version3.0;
            acl \22permission:Allow admin to modify  hosts membership
            within  permitted hostgroups\22; allow (write) groupdn
=\22ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com\22;)
        

          
      
    
    Can you try here 'version3.0;' to put space between
      version and number

      

      Otherwise it looks good to me.

    

    
      
        my ldif entries:
        

          
        dn:
            cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
        add: aci
        aci: (targetattr =
            "userclass")(targetfilter =
            "(objectclass=ipahost)")(version3.0;acl "permission:Allow
            admin to modify  hosts membership within  permitted
            hostgroups";allow (write) groupdn
="ldap:///cn=testadmingroup,cn=groups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com";)
        

          
        Also, one general question i should be able to
          view the ACI under freeIPA permission tab once it gets created
          correct?
      
    
    No, you have to add FreeIPA permission, custom ACIs are not tracked
    in webUI/CLI

    

    IMO it should be possible to create this permission using webUI

    

    Martin

    
      
        

        
        Thanks & regards,
        Deepak
        

        
      
      

      
      

    
    
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/e5358307/attachment.htm>

From a.rogovsky at gmail.com  Wed Aug 31 13:50:02 2016
From: a.rogovsky at gmail.com (Andrey Rogovsky)
Date: Wed, 31 Aug 2016 16:50:02 +0300
Subject: [Freeipa-users] Command-line replication is not works in
	FreeIPA-Master
Message-ID: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>

Hi!

I try configure manual replica from FreeIPA DS to 389 DS.
I have two VM: ldap1.example.com and ldap2.example.com
I was used this manual
https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
for configure relica

There was replica agreement before starting:

# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5ReplicationAgreement)
# requesting: ALL
#

# ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
dn: cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
tree,
 cn=config
objectClass: top
objectClass: nsds5replicationagreement
cn: ExampleAgreement
nsDS5ReplicaHost: ldap2
nsDS5ReplicaPort: 389
nsDS5ReplicaBindDN: cn=replication manager
nsDS5ReplicaBindMethod: SIMPLE
nsDS5ReplicaRoot: dc=example,dc=com
description: agreement between supplier1 and consumer1
nsDS5ReplicaUpdateSchedule: 0000-0500 1
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
authorityRevocationLis
 t
nsDS5ReplicaCredentials:
{AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
 RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
 0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
 NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
nsds5replicareapactive: 0
nsds5replicaLastUpdateStart: 19700101000000Z
nsds5replicaLastUpdateEnd: 19700101000000Z
nsds5replicaChangesSentSinceStartup:
nsds5replicaLastUpdateStatus: 0 No replication sessions started since
server s
 tartup
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 19700101000000Z
nsds5replicaLastInitEnd: 19700101000000Z

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries:


There is errors which I get when start replica:


[root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D "cn=directory
manager" -w ...
ldap_initialize( ldap://ldap1.example.com:389 )
dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
replace nsds5beginreplicarefresh:
        start
modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"
modify complete

[root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
tree scan will start in about 5 seconds!
[31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All Interfaces
port 389 for LDAP requests
[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
LDAPS requests
[31/Aug/2016:11:11:09 +0000] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
initialization.
[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)
[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()
^C

Please help me fix this
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/b8f9c3dd/attachment.htm>

From rwhalen at paperlesspost.com  Wed Aug 31 14:23:53 2016
From: rwhalen at paperlesspost.com (Ryan Whalen)
Date: Wed, 31 Aug 2016 10:23:53 -0400
Subject: [Freeipa-users] Help with sudo permission for a command
In-Reply-To: <57C69A7D.9080401@redhat.com>
References: <CA+7FK-iT8U3SrpECEi9NB=QPaTCoXD0QWsKV-0Sm=9W0KwvrGw@mail.gmail.com>
	<57C69A7D.9080401@redhat.com>
Message-ID: <CA+7FK-iOymhrXNozGzq6Vz_QsHhUqc6+AxwOP+WNbN5+69616Q@mail.gmail.com>

Hey Pavel,

Thanks for the reply! It's not exactly that I want to allow any command to
be run as app_user. The command I actually want to run is very long, and
complicated and wouldn't mean much in this context, so I simplified my
example. The problem is that *any command *I run will fail, wether or not
they already have the permissions to run said command.

The exact command that I want to run *will work* if I `sudo su - app_user`
and then run the command in the new shell for `app_user`.  It *wont work* if
I try to run `sudo su - app_user -c <command>`. So the user has the
permissions to run the command. it just wont work with the `-c` option.

So thats where I'm stuck. From my perspective they should have all the
permissions that they need. They have sudo privileges to `sudo su -
app_user -c` as well as the specific command that I want to be run.

Thanks

Ryan

On Wed, Aug 31, 2016 at 4:51 AM, Pavel B?ezina <pbrezina at redhat.com> wrote:

> On 08/30/2016 05:08 PM, Ryan Whalen wrote:
>
>> Hi All,
>>
>> Im having an issue getting a command to run properly, and the issue
>> seems to be with Freeipa sudo permissions. Specifically 'sudo su -
>> app_user -c "<command>"' prompts for a password when run.
>>
>> However if I 'sudo su - app_user' and then run the '<command>' as
>> app_user, it works fine.
>>
>> example:
>> ```
>> $ ssh ryan at production-server.pp
>> Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
>> ryan$ sudo su - app_user -c "df"
>> [sudo] password for ryan:
>> ^C
>> ryan$ sudo su - app_user
>> app_user$ df
>> Filesystem           1K-blocks     Used Available Use% Mounted on
>> /dev/sda3             14845784  6667296   7417708  48% /
>> tmpfs                  1474228        0   1474228   0% /dev/shm
>> /dev/sda1               487652    81221    380831  18% /boot
>> 10.51.0.34:/srv/nfs/app
>>                       287687168 69111040 218576128  25% /var/app
>> 10.51.0.54:/srv/nfs/ipa
>>                        16377088  3728640  11809792  24% /home/ipa
>> ap_user$
>> ```
>>
>> I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
>> app_user -c` but I cant get the `-c` to work in a single command. I also
>> tried giving sudo permission to `/bin/bash` in case the `-c` needed it
>> to create a new shell for some reason, but it didn't work.
>>
>> Does anyone have any thoughts on what permissions I might be missing to
>> allow the user to run `sudo su - app_user -c <command>`?
>>
>> Thanks,
>> Ryan
>>
>>
>>
> Try to allow /bin/su - app_user -c '*'
>
> If I understand you correctly, you want to allow user to run any command
> as app_user. You can do it also by creating a rule that allows to run any
> command and run it as app_user.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/c0165dd4/attachment.htm>

From mareynol at redhat.com  Wed Aug 31 15:15:56 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Wed, 31 Aug 2016 11:15:56 -0400
Subject: [Freeipa-users] Command-line replication is not works in
 FreeIPA-Master
In-Reply-To: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>
References: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>
Message-ID: <b7473962-166f-74f4-0014-ce93fa9ccd9c@redhat.com>



On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
> Hi!
>
> I try configure manual replica from FreeIPA DS to 389 DS.
> I have two VM: ldap1.example.com <http://ldap1.example.com> and
> ldap2.example.com <http://ldap2.example.com>
> I was used this
> manual https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
> for configure relica
>
> There was replica agreement before starting:
>
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5ReplicationAgreement)
> # requesting: ALL
> #
>
> # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn:
> cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,
>  cn=config
> objectClass: top
> objectClass: nsds5replicationagreement
> cn: ExampleAgreement
> nsDS5ReplicaHost: ldap2
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: cn=replication manager
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicaRoot: dc=example,dc=com
> description: agreement between supplier1 and consumer1
> nsDS5ReplicaUpdateSchedule: 0000-0500 1
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
> authorityRevocationLis
>  t
> nsDS5ReplicaCredentials:
> {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
>  RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
>  0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
>  NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 19700101000000Z
> nsds5replicaLastUpdateEnd: 19700101000000Z
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 0 No replication sessions started since
> server s
>  tartup
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 19700101000000Z
> nsds5replicaLastInitEnd: 19700101000000Z
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 
>
>
> There is errors which I get when start replica:
>
>
> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389
> <http://ldap1.example.com:389> )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry
> "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE
> auth failed: LDAP error 32 (No such object) ()
> ^C
I'm assuming this is just a standalone 389 Directory Server you are
trying to replicate to(not a freeIPA installation).  If it is a freeipa
installation, then you should use the freeipa CLI for setting up
replication.

The error 32 (no such object) you are getting is because the replica
does not have an entry "cn=replication manager".  Looking at the
replication agreement:

nsDS5ReplicaBindDN: cn=replication manager

This is not a valid DN as there is no base suffix:  For example, I would
expect to see something like "cn=replication manager,cn=config"

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html

Regards,
Mark
>
> Please help me fix this
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/43e5d702/attachment.htm>

From a.rogovsky at gmail.com  Wed Aug 31 15:50:27 2016
From: a.rogovsky at gmail.com (Andrey Rogovsky)
Date: Wed, 31 Aug 2016 18:50:27 +0300
Subject: [Freeipa-users] Command-line replication is not works in
	FreeIPA-Master
In-Reply-To: <b7473962-166f-74f4-0014-ce93fa9ccd9c@redhat.com>
References: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>
	<b7473962-166f-74f4-0014-ce93fa9ccd9c@redhat.com>
Message-ID: <CAM+V3zKPACcMY1whmFg0PTgRBut=hyAQw3FbfULbbxpdAYz+nQ@mail.gmail.com>

Hi!
Thank you for fast reply.
Yes, I want use standalone 389DS to replica from FreeIPA.
There is my replica:
filter: (objectclass=nsds5replica)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: (objectclass=nsds5replica)
# requesting: ALL
#

# replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
objectClass: top
objectClass: nsds5replica
objectClass: extensibleObject
cn: replica
nsDS5ReplicaRoot: dc=example,dc=com
nsDS5ReplicaId: 7
nsDS5ReplicaType: 3
nsDS5Flags: 1
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4
nsds5ReplicaChangeCount: 22
nsds5replicareapactive: 0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

So, my replica have entry "cn=replication manager"

But I try add entry in agreement. Unforthunalty this is not help, error is
present:
[root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D "cn=directory
manager" -w ...
ldap_initialize( ldap://ldap1.example.com:389 )
dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5ReplicaBindDN
nsds5ReplicaBindDN: cn=replication manager,cn=config
replace nsds5ReplicaBindDN:
        cn=replication manager,cn=config
modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"
modify complete

[root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
tree scan will start in about 5 seconds!
[31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All Interfaces
port 389 for LDAP requests
[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
LDAPS requests
[31/Aug/2016:11:11:09 +0000] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
initialization.
[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)
[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()
^C
[root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D "cn=directory
manager" -w ...
ldap_initialize( ldap://ldap1.example.com:389 )
dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
replace nsds5beginreplicarefresh:
        start
modifying entry
"cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config"
modify complete

[root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
[31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All Interfaces
port 389 for LDAP requests
[31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
LDAPS requests
[31/Aug/2016:11:11:09 +0000] - Listening on
/var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
[31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries set
up under ou=sudoers,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=ng, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries set
up under cn=computers, cn=compat,dc=example,dc=com
[31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
initialization.
[31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
such object) errno 0 (Success)
[31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
failed: LDAP error 32 (No such object) ()
[31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind id
[cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error
32 (No such object) errno 0 (Success)
^C
[root at ldap1 ~]#


2016-08-31 18:15 GMT+03:00 Mark Reynolds <mareynol at redhat.com>:

>
>
> On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
>
> Hi!
>
> I try configure manual replica from FreeIPA DS to 389 DS.
> I have two VM: ldap1.example.com and ldap2.example.com
> I was used this manual https://www.centos.org/docs/5/html/CDS/ag/8.0/
> Managing_Replication-Configuring-Replication-cmd.html for configure relica
>
> There was replica agreement before starting:
>
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5ReplicationAgreement)
> # requesting: ALL
> #
>
> # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn: cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
> tree,
>  cn=config
> objectClass: top
> objectClass: nsds5replicationagreement
> cn: ExampleAgreement
> nsDS5ReplicaHost: ldap2
> nsDS5ReplicaPort: 389
> nsDS5ReplicaBindDN: cn=replication manager
> nsDS5ReplicaBindMethod: SIMPLE
> nsDS5ReplicaRoot: dc=example,dc=com
> description: agreement between supplier1 and consumer1
> nsDS5ReplicaUpdateSchedule: 0000-0500 1
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
> authorityRevocationLis
>  t
> nsDS5ReplicaCredentials: {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRV
> VHQ1NxR1NJYjNEUUVG
>  RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkw
> ek5qRmxNalkxWkFBQ
>  0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQ
> UVJckpINmE0S3RFYl
>  NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
> nsds5replicareapactive: 0
> nsds5replicaLastUpdateStart: 19700101000000Z
> nsds5replicaLastUpdateEnd: 19700101000000Z
> nsds5replicaChangesSentSinceStartup:
> nsds5replicaLastUpdateStatus: 0 No replication sessions started since
> server s
>  tartup
> nsds5replicaUpdateInProgress: FALSE
> nsds5replicaLastInitStart: 19700101000000Z
> nsds5replicaLastInitEnd: 19700101000000Z
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries:
>
>
> There is errors which I get when start replica:
>
>
> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D
> "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389 )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
> tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All Interfaces
> port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
> LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket
> for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries
> set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
> [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
> such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
> failed: LDAP error 32 (No such object) ()
> ^C
>
> I'm assuming this is just a standalone 389 Directory Server you are trying
> to replicate to(not a freeIPA installation).  If it is a freeipa
> installation, then you should use the freeipa CLI for setting up
> replication.
>
> The error 32 (no such object) you are getting is because the replica does
> not have an entry "cn=replication manager".  Looking at the replication
> agreement:
>
> nsDS5ReplicaBindDN: cn=replication manager
>
> This is not a valid DN as there is no base suffix:  For example, I would
> expect to see something like "cn=replication manager,cn=config"
>
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Directory_Server/10/html/Administration_Guide/Creating_
> the_Supplier_Bind_DN_Entry.html
>
> Regards,
> Mark
>
>
> Please help me fix this
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/edf92ed5/attachment.htm>

From mareynol at redhat.com  Wed Aug 31 16:30:17 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Wed, 31 Aug 2016 12:30:17 -0400
Subject: [Freeipa-users] Command-line replication is not works in
 FreeIPA-Master
In-Reply-To: <CAM+V3zKPACcMY1whmFg0PTgRBut=hyAQw3FbfULbbxpdAYz+nQ@mail.gmail.com>
References: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>
	<b7473962-166f-74f4-0014-ce93fa9ccd9c@redhat.com>
	<CAM+V3zKPACcMY1whmFg0PTgRBut=hyAQw3FbfULbbxpdAYz+nQ@mail.gmail.com>
Message-ID: <c5b8677e-40ca-4c9e-9bc6-4d7807f10a75@redhat.com>

Hi Andrey,

It looks like you still did not create the replication manager entry.  
You must create that manager entry on the standalone server.  Please
read the link I sent you:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html
<https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html>

You can verify its existence by doing this search against the standalone
server:

ldapsearch -h ldap1.example.com <http://ldap1.example.com> -p 389 -xLLL
-D "cn=directory manager" -W -b cn=config "cn=replication manager"

Mark


On 08/31/2016 11:50 AM, Andrey Rogovsky wrote:
> Hi!
> Thank you for fast reply.
> Yes, I want use standalone 389DS to replica from FreeIPA.
> There is my replica:
> filter: (objectclass=nsds5replica)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5replica)
> # requesting: ALL
> #
>
> # replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> objectClass: top
> objectClass: nsds5replica
> objectClass: extensibleObject
> cn: replica
> nsDS5ReplicaRoot: dc=example,dc=com
> nsDS5ReplicaId: 7
> nsDS5ReplicaType: 3
> nsDS5Flags: 1
> nsds5ReplicaPurgeDelay: 604800
> nsDS5ReplicaBindDN: cn=replication manager,cn=config
> nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
> nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4
> nsds5ReplicaChangeCount: 22
> nsds5replicareapactive: 0
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> So, my replica have entry "cn=replication manager"
>
> But I try add entry in agreement. Unforthunalty this is not help,
> error is present:
> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389
> <http://ldap1.example.com:389> )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5ReplicaBindDN
> nsds5ReplicaBindDN: cn=replication manager,cn=config
> replace nsds5ReplicaBindDN:
>         cn=replication manager,cn=config
> modifying entry
> "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE
> auth failed: LDAP error 32 (No such object) ()
> ^C
> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389
> <http://ldap1.example.com:389> )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry
> "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636
> for LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
> entries set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
> entries set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE
> auth failed: LDAP error 32 (No such object) ()
> [31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind
> id [cn=replication manager,cn=config] authentication mechanism
> [SIMPLE]: error 32 (No such object) errno 0 (Success)
> ^C
> [root at ldap1 ~]# 
>
>
> 2016-08-31 18:15 GMT+03:00 Mark Reynolds <mareynol at redhat.com
> <mailto:mareynol at redhat.com>>:
>
>
>
>     On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
>>     Hi!
>>
>>     I try configure manual replica from FreeIPA DS to 389 DS.
>>     I have two VM: ldap1.example.com <http://ldap1.example.com> and
>>     ldap2.example.com <http://ldap2.example.com>
>>     I was used this
>>     manual https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
>>     <https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html>
>>     for configure relica
>>
>>     There was replica agreement before starting:
>>
>>     # extended LDIF
>>     #
>>     # LDAPv3
>>     # base <cn=config> with scope subtree
>>     # filter: (objectclass=nsds5ReplicationAgreement)
>>     # requesting: ALL
>>     #
>>
>>     # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping
>>     tree, config
>>     dn:
>>     cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
>>     tree,
>>      cn=config
>>     objectClass: top
>>     objectClass: nsds5replicationagreement
>>     cn: ExampleAgreement
>>     nsDS5ReplicaHost: ldap2
>>     nsDS5ReplicaPort: 389
>>     nsDS5ReplicaBindDN: cn=replication manager
>>     nsDS5ReplicaBindMethod: SIMPLE
>>     nsDS5ReplicaRoot: dc=example,dc=com
>>     description: agreement between supplier1 and consumer1
>>     nsDS5ReplicaUpdateSchedule: 0000-0500 1
>>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
>>     authorityRevocationLis
>>      t
>>     nsDS5ReplicaCredentials:
>>     {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
>>      RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
>>      0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
>>      NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
>>     nsds5replicareapactive: 0
>>     nsds5replicaLastUpdateStart: 19700101000000Z
>>     nsds5replicaLastUpdateEnd: 19700101000000Z
>>     nsds5replicaChangesSentSinceStartup:
>>     nsds5replicaLastUpdateStatus: 0 No replication sessions started
>>     since server s
>>      tartup
>>     nsds5replicaUpdateInProgress: FALSE
>>     nsds5replicaLastInitStart: 19700101000000Z
>>     nsds5replicaLastInitEnd: 19700101000000Z
>>
>>     # search result
>>     search: 2
>>     result: 0 Success
>>
>>     # numResponses: 2
>>     # numEntries: 
>>
>>
>>     There is errors which I get when start replica:
>>
>>
>>     [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
>>     <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
>>     ldap_initialize( ldap://ldap1.example.com:389
>>     <http://ldap1.example.com:389> )
>>     dn:
>>     cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config
>>     changetype: modify
>>     replace: nsds5beginreplicarefresh
>>     nsds5beginreplicarefresh: start
>>     replace nsds5beginreplicarefresh:
>>             start
>>     modifying entry
>>     "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config"
>>     modify complete
>>
>>     [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>>     [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
>>     schema-compat-plugin tree scan will start in about 5 seconds!
>>     [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
>>     Interfaces port 389 for LDAP requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port
>>     636 for LDAPS requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on
>>     /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
>>     [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
>>     entries set up under ou=sudoers,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=ng, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=computers, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished
>>     plugin initialization.
>>     [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not
>>     bind id [cn=replication manager] authentication mechanism
>>     [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>     [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
>>     agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with
>>     SIMPLE auth failed: LDAP error 32 (No such object) ()
>>     ^C
>     I'm assuming this is just a standalone 389 Directory Server you
>     are trying to replicate to(not a freeIPA installation).  If it is
>     a freeipa installation, then you should use the freeipa CLI for
>     setting up replication.
>
>     The error 32 (no such object) you are getting is because the
>     replica does not have an entry "cn=replication manager".  Looking
>     at the replication agreement:
>
>     nsDS5ReplicaBindDN: cn=replication manager
>
>     This is not a valid DN as there is no base suffix:  For example, I
>     would expect to see something like "cn=replication manager,cn=config"
>
>     https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html
>     <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html>
>
>     Regards,
>     Mark
>>
>>     Please help me fix this
>>
>>
>>
>>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/6b565dcf/attachment.htm>

From a.rogovsky at gmail.com  Wed Aug 31 16:39:35 2016
From: a.rogovsky at gmail.com (Andrey Rogovsky)
Date: Wed, 31 Aug 2016 19:39:35 +0300
Subject: [Freeipa-users] Command-line replication is not works in
	FreeIPA-Master
In-Reply-To: <c5b8677e-40ca-4c9e-9bc6-4d7807f10a75@redhat.com>
References: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>
	<b7473962-166f-74f4-0014-ce93fa9ccd9c@redhat.com>
	<CAM+V3zKPACcMY1whmFg0PTgRBut=hyAQw3FbfULbbxpdAYz+nQ@mail.gmail.com>
	<c5b8677e-40ca-4c9e-9bc6-4d7807f10a75@redhat.com>
Message-ID: <CAM+V3zLU1PNU-9z2A=7q0dZkq7LWpHV24n9g+_gAk4xBDjwMaw@mail.gmail.com>

Hi, Mark!

Thanks for explain. Now I create replication manager: (I hope)
[root at ldap1 ~]# ldapsearch -h ldap1.example.com -p 389 -xLLL -D
"cn=directory manager" -W -b cn=config "cn=replication manager"
Enter LDAP Password:
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword::
e1NTSEF9N1JiRmNXWTFXNDA1cmdYSUdCNWJtV3RzOElNQXBhakhXam94WlE9PQ=
 =

What is next? I use manual from 8 version and this a bit obsoleted.


2016-08-31 19:30 GMT+03:00 Mark Reynolds <mareynol at redhat.com>:

> Hi Andrey,
>
> It looks like you still did not create the replication manager entry.
> You must create that manager entry on the standalone server.  Please read
> the link I sent you:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Direct
> ory_Server/10/html/Administration_Guide/Creating_the_
> Supplier_Bind_DN_Entry.html
>
> You can verify its existence by doing this search against the standalone
> server:
>
> ldapsearch -h ldap1.example.com -p 389 -xLLL -D "cn=directory manager" -W
> -b cn=config "cn=replication manager"
>
> Mark
>
>
> On 08/31/2016 11:50 AM, Andrey Rogovsky wrote:
>
> Hi!
> Thank you for fast reply.
> Yes, I want use standalone 389DS to replica from FreeIPA.
> There is my replica:
> filter: (objectclass=nsds5replica)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope subtree
> # filter: (objectclass=nsds5replica)
> # requesting: ALL
> #
>
> # replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
> dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
> objectClass: top
> objectClass: nsds5replica
> objectClass: extensibleObject
> cn: replica
> nsDS5ReplicaRoot: dc=example,dc=com
> nsDS5ReplicaId: 7
> nsDS5ReplicaType: 3
> nsDS5Flags: 1
> nsds5ReplicaPurgeDelay: 604800
> nsDS5ReplicaBindDN: cn=replication manager,cn=config
> nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
> nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4
> nsds5ReplicaChangeCount: 22
> nsds5replicareapactive: 0
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> So, my replica have entry "cn=replication manager"
>
> But I try add entry in agreement. Unforthunalty this is not help, error is
> present:
> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D
> "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389 )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5ReplicaBindDN
> nsds5ReplicaBindDN: cn=replication manager,cn=config
> replace nsds5ReplicaBindDN:
>         cn=replication manager,cn=config
> modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
> tree scan will start in about 5 seconds!
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All Interfaces
> port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
> LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket
> for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries
> set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
> [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
> such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
> failed: LDAP error 32 (No such object) ()
> ^C
> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D
> "cn=directory manager" -w ...
> ldap_initialize( ldap://ldap1.example.com:389 )
> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config
> changetype: modify
> replace: nsds5beginreplicarefresh
> nsds5beginreplicarefresh: start
> replace nsds5beginreplicarefresh:
>         start
> modifying entry "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
> tree,cn=config"
> modify complete
>
> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All Interfaces
> port 389 for LDAP requests
> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
> LDAPS requests
> [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket
> for LDAPI requests
> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries
> set up under ou=sudoers,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=ng, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
> set up under cn=computers, cn=compat,dc=example,dc=com
> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
> initialization.
> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
> [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
> such object) errno 0 (Success)
> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
> failed: LDAP error 32 (No such object) ()
> [31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not bind id
> [cn=replication manager,cn=config] authentication mechanism [SIMPLE]: error
> 32 (No such object) errno 0 (Success)
> ^C
> [root at ldap1 ~]#
>
>
> 2016-08-31 18:15 GMT+03:00 Mark Reynolds <mareynol at redhat.com>:
>
>>
>>
>> On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
>>
>> Hi!
>>
>> I try configure manual replica from FreeIPA DS to 389 DS.
>> I have two VM: ldap1.example.com and ldap2.example.com
>> I was used this manual https://www.centos.org/
>> docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-
>> Replication-cmd.html for configure relica
>>
>> There was replica agreement before starting:
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope subtree
>> # filter: (objectclass=nsds5ReplicationAgreement)
>> # requesting: ALL
>> #
>>
>> # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
>> dn: cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
>> tree,
>>  cn=config
>> objectClass: top
>> objectClass: nsds5replicationagreement
>> cn: ExampleAgreement
>> nsDS5ReplicaHost: ldap2
>> nsDS5ReplicaPort: 389
>> nsDS5ReplicaBindDN: cn=replication manager
>> nsDS5ReplicaBindMethod: SIMPLE
>> nsDS5ReplicaRoot: dc=example,dc=com
>> description: agreement between supplier1 and consumer1
>> nsDS5ReplicaUpdateSchedule: 0000-0500 1
>> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
>> authorityRevocationLis
>>  t
>> nsDS5ReplicaCredentials: {AES-TUhNR0NTcUdTSWIzRFFFRkRUQ
>> m1NRVVHQ1NxR1NJYjNEUUVG
>>  RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmk
>> wek5qRmxNalkxWkFBQ
>>  0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJC
>> QUVJckpINmE0S3RFYl
>>  NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
>> nsds5replicareapactive: 0
>> nsds5replicaLastUpdateStart: 19700101000000Z
>> nsds5replicaLastUpdateEnd: 19700101000000Z
>> nsds5replicaChangesSentSinceStartup:
>> nsds5replicaLastUpdateStatus: 0 No replication sessions started since
>> server s
>>  tartup
>> nsds5replicaUpdateInProgress: FALSE
>> nsds5replicaLastInitStart: 19700101000000Z
>> nsds5replicaLastInitEnd: 19700101000000Z
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries:
>>
>>
>> There is errors which I get when start replica:
>>
>>
>> [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com -p 389 -D
>> "cn=directory manager" -w ...
>> ldap_initialize( ldap://ldap1.example.com:389 )
>> dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>> tree,cn=config
>> changetype: modify
>> replace: nsds5beginreplicarefresh
>> nsds5beginreplicarefresh: start
>> replace nsds5beginreplicarefresh:
>>         start
>> modifying entry "cn=ExampleAgreement,cn=replic
>> a,cn="dc=example,dc=com",cn=mapping tree,cn=config"
>> modify complete
>>
>> [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>> [31/Aug/2016:11:11:09 +0000] schema-compat-plugin - schema-compat-plugin
>> tree scan will start in about 5 seconds!
>> [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
>> Interfaces port 389 for LDAP requests
>> [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port 636 for
>> LDAPS requests
>> [31/Aug/2016:11:11:09 +0000] - Listening on /var/run/slapd-EXAMPLE-COM.socket
>> for LDAPI requests
>> [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no entries
>> set up under ou=sudoers,dc=example,dc=com
>> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
>> set up under cn=ng, cn=compat,dc=example,dc=com
>> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no entries
>> set up under cn=computers, cn=compat,dc=example,dc=com
>> [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished plugin
>> initialization.
>> [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not bind id
>> [cn=replication manager] authentication mechanism [SIMPLE]: error 32 (No
>> such object) errno 0 (Success)
>> [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
>> agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with SIMPLE auth
>> failed: LDAP error 32 (No such object) ()
>> ^C
>>
>> I'm assuming this is just a standalone 389 Directory Server you are
>> trying to replicate to(not a freeIPA installation).  If it is a freeipa
>> installation, then you should use the freeipa CLI for setting up
>> replication.
>>
>> The error 32 (no such object) you are getting is because the replica does
>> not have an entry "cn=replication manager".  Looking at the replication
>> agreement:
>>
>> nsDS5ReplicaBindDN: cn=replication manager
>>
>> This is not a valid DN as there is no base suffix:  For example, I would
>> expect to see something like "cn=replication manager,cn=config"
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Direct
>> ory_Server/10/html/Administration_Guide/Creating_the_
>> Supplier_Bind_DN_Entry.html
>>
>> Regards,
>> Mark
>>
>>
>> Please help me fix this
>>
>>
>>
>>
>>
>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/2ee8f729/attachment.htm>

From mareynol at redhat.com  Wed Aug 31 17:09:44 2016
From: mareynol at redhat.com (Mark Reynolds)
Date: Wed, 31 Aug 2016 13:09:44 -0400
Subject: [Freeipa-users] Command-line replication is not works in
 FreeIPA-Master
In-Reply-To: <CAM+V3zLU1PNU-9z2A=7q0dZkq7LWpHV24n9g+_gAk4xBDjwMaw@mail.gmail.com>
References: <CAM+V3zJVyPyV-+atTttq9MVUvZWwPhRUKAEYriFYvrMAbE=4_Q@mail.gmail.com>
	<b7473962-166f-74f4-0014-ce93fa9ccd9c@redhat.com>
	<CAM+V3zKPACcMY1whmFg0PTgRBut=hyAQw3FbfULbbxpdAYz+nQ@mail.gmail.com>
	<c5b8677e-40ca-4c9e-9bc6-4d7807f10a75@redhat.com>
	<CAM+V3zLU1PNU-9z2A=7q0dZkq7LWpHV24n9g+_gAk4xBDjwMaw@mail.gmail.com>
Message-ID: <4e37eb09-8c96-114a-aee1-3c6ee568194f@redhat.com>



On 08/31/2016 12:39 PM, Andrey Rogovsky wrote:
> Hi, Mark!
>
> Thanks for explain. Now I create replication manager: (I hope)
> [root at ldap1 ~]# ldapsearch -h ldap1.example.com
> <http://ldap1.example.com> -p 389 -xLLL -D "cn=directory manager" -W
> -b cn=config "cn=replication manager"
> Enter LDAP Password: 
> dn: cn=replication manager,cn=config
> objectClass: inetorgperson
> objectClass: person
> objectClass: top
> objectClass: organizationalPerson
> cn: replication manager
> sn: RM
> userPassword::
> e1NTSEF9N1JiRmNXWTFXNDA1cmdYSUdCNWJtV3RzOElNQXBhakhXam94WlE9PQ=
>  =
>
> What is next? I use manual from 8 version and this a bit obsoleted.
Now you should be able to initialize your standalone server by updating
the agreement on the ipa DS:

dn: cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start

If something goes wrong let us know what's in the errors log again.

Mark
>
>
> 2016-08-31 19:30 GMT+03:00 Mark Reynolds <mareynol at redhat.com
> <mailto:mareynol at redhat.com>>:
>
>     Hi Andrey,
>
>     It looks like you still did not create the replication manager
>     entry.   You must create that manager entry on the standalone
>     server.  Please read the link I sent you:
>
>     https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html
>     <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html>
>
>     You can verify its existence by doing this search against the
>     standalone server:
>
>     ldapsearch -h ldap1.example.com <http://ldap1.example.com> -p 389
>     -xLLL -D "cn=directory manager" -W -b cn=config "cn=replication
>     manager"
>
>     Mark
>
>
>     On 08/31/2016 11:50 AM, Andrey Rogovsky wrote:
>>     Hi!
>>     Thank you for fast reply.
>>     Yes, I want use standalone 389DS to replica from FreeIPA.
>>     There is my replica:
>>     filter: (objectclass=nsds5replica)
>>     requesting: All userApplication attributes
>>     # extended LDIF
>>     #
>>     # LDAPv3
>>     # base <cn=config> with scope subtree
>>     # filter: (objectclass=nsds5replica)
>>     # requesting: ALL
>>     #
>>
>>     # replica, dc\3Dexample\2Cdc\3Dcom, mapping tree, config
>>     dn: cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
>>     objectClass: top
>>     objectClass: nsds5replica
>>     objectClass: extensibleObject
>>     cn: replica
>>     nsDS5ReplicaRoot: dc=example,dc=com
>>     nsDS5ReplicaId: 7
>>     nsDS5ReplicaType: 3
>>     nsDS5Flags: 1
>>     nsds5ReplicaPurgeDelay: 604800
>>     nsDS5ReplicaBindDN: cn=replication manager,cn=config
>>     nsState:: BwAAAAAAAABZ98ZXAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAA==
>>     nsDS5ReplicaName: 496dba82-6f7a11e6-9d5ba359-5196ffe4
>>     nsds5ReplicaChangeCount: 22
>>     nsds5replicareapactive: 0
>>
>>     # search result
>>     search: 2
>>     result: 0 Success
>>
>>     # numResponses: 2
>>     # numEntries: 1
>>
>>     So, my replica have entry "cn=replication manager"
>>
>>     But I try add entry in agreement. Unforthunalty this is not help,
>>     error is present:
>>     [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
>>     <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
>>     ldap_initialize( ldap://ldap1.example.com:389
>>     <http://ldap1.example.com:389> )
>>     dn:
>>     cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config
>>     changetype: modify
>>     replace: nsds5ReplicaBindDN
>>     nsds5ReplicaBindDN: cn=replication manager,cn=config
>>     replace nsds5ReplicaBindDN:
>>             cn=replication manager,cn=config
>>     modifying entry
>>     "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config"
>>     modify complete
>>
>>     [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>>     [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
>>     schema-compat-plugin tree scan will start in about 5 seconds!
>>     [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
>>     Interfaces port 389 for LDAP requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port
>>     636 for LDAPS requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on
>>     /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
>>     [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
>>     entries set up under ou=sudoers,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=ng, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=computers, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished
>>     plugin initialization.
>>     [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not
>>     bind id [cn=replication manager] authentication mechanism
>>     [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>     [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
>>     agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with
>>     SIMPLE auth failed: LDAP error 32 (No such object) ()
>>     ^C
>>     [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
>>     <http://ldap1.example.com> -p 389 -D "cn=directory manager" -w ...
>>     ldap_initialize( ldap://ldap1.example.com:389
>>     <http://ldap1.example.com:389> )
>>     dn:
>>     cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config
>>     changetype: modify
>>     replace: nsds5beginreplicarefresh
>>     nsds5beginreplicarefresh: start
>>     replace nsds5beginreplicarefresh:
>>             start
>>     modifying entry
>>     "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>     tree,cn=config"
>>     modify complete
>>
>>     [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>>     [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on All
>>     Interfaces port 389 for LDAP requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces port
>>     636 for LDAPS requests
>>     [31/Aug/2016:11:11:09 +0000] - Listening on
>>     /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
>>     [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning: no
>>     entries set up under ou=sudoers,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=ng, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning: no
>>     entries set up under cn=computers, cn=compat,dc=example,dc=com
>>     [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished
>>     plugin initialization.
>>     [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could not
>>     bind id [cn=replication manager] authentication mechanism
>>     [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>     [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
>>     agmt="cn=ExampleAgreement" (ldap2:389): Replication bind with
>>     SIMPLE auth failed: LDAP error 32 (No such object) ()
>>     [31/Aug/2016:15:48:36 +0000] slapi_ldap_bind - Error: could not
>>     bind id [cn=replication manager,cn=config] authentication
>>     mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>     ^C
>>     [root at ldap1 ~]# 
>>
>>
>>     2016-08-31 18:15 GMT+03:00 Mark Reynolds <mareynol at redhat.com
>>     <mailto:mareynol at redhat.com>>:
>>
>>
>>
>>         On 08/31/2016 09:50 AM, Andrey Rogovsky wrote:
>>>         Hi!
>>>
>>>         I try configure manual replica from FreeIPA DS to 389 DS.
>>>         I have two VM: ldap1.example.com <http://ldap1.example.com>
>>>         and ldap2.example.com <http://ldap2.example.com>
>>>         I was used this
>>>         manual https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html
>>>         <https://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Replication-Configuring-Replication-cmd.html>
>>>         for configure relica
>>>
>>>         There was replica agreement before starting:
>>>
>>>         # extended LDIF
>>>         #
>>>         # LDAPv3
>>>         # base <cn=config> with scope subtree
>>>         # filter: (objectclass=nsds5ReplicationAgreement)
>>>         # requesting: ALL
>>>         #
>>>
>>>         # ExampleAgreement, replica, dc\3Dexample\2Cdc\3Dcom,
>>>         mapping tree, config
>>>         dn:
>>>         cn=ExampleAgreement,cn=replica,cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping
>>>         tree,
>>>          cn=config
>>>         objectClass: top
>>>         objectClass: nsds5replicationagreement
>>>         cn: ExampleAgreement
>>>         nsDS5ReplicaHost: ldap2
>>>         nsDS5ReplicaPort: 389
>>>         nsDS5ReplicaBindDN: cn=replication manager
>>>         nsDS5ReplicaBindMethod: SIMPLE
>>>         nsDS5ReplicaRoot: dc=example,dc=com
>>>         description: agreement between supplier1 and consumer1
>>>         nsDS5ReplicaUpdateSchedule: 0000-0500 1
>>>         nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE
>>>         authorityRevocationLis
>>>          t
>>>         nsDS5ReplicaCredentials:
>>>         {AES-TUhNR0NTcUdTSWIzRFFFRkRUQm1NRVVHQ1NxR1NJYjNEUUVG
>>>          RERBNEJDUmxPVFl4TlRsbU5DMWtaV0UyTXpZeA0KTVMxaU1UYzFaREF3Wmkwek5qRmxNalkxWkFBQ
>>>          0FRSUNBU0F3Q2dZSUtvWklodmNOQWdjd0hRWUpZSVpJQVdVRA0KQkFFcUJCQUVJckpINmE0S3RFYl
>>>          NhLzkxL01qZg==}Wo+c0XfBnaDhg/a36yguXg==
>>>         nsds5replicareapactive: 0
>>>         nsds5replicaLastUpdateStart: 19700101000000Z
>>>         nsds5replicaLastUpdateEnd: 19700101000000Z
>>>         nsds5replicaChangesSentSinceStartup:
>>>         nsds5replicaLastUpdateStatus: 0 No replication sessions
>>>         started since server s
>>>          tartup
>>>         nsds5replicaUpdateInProgress: FALSE
>>>         nsds5replicaLastInitStart: 19700101000000Z
>>>         nsds5replicaLastInitEnd: 19700101000000Z
>>>
>>>         # search result
>>>         search: 2
>>>         result: 0 Success
>>>
>>>         # numResponses: 2
>>>         # numEntries: 
>>>
>>>
>>>         There is errors which I get when start replica:
>>>
>>>
>>>         [root at ldap1 ~]# ldapmodify  -v -h ldap1.example.com
>>>         <http://ldap1.example.com> -p 389 -D "cn=directory manager"
>>>         -w ...
>>>         ldap_initialize( ldap://ldap1.example.com:389
>>>         <http://ldap1.example.com:389> )
>>>         dn:
>>>         cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>>         tree,cn=config
>>>         changetype: modify
>>>         replace: nsds5beginreplicarefresh
>>>         nsds5beginreplicarefresh: start
>>>         replace nsds5beginreplicarefresh:
>>>                 start
>>>         modifying entry
>>>         "cn=ExampleAgreement,cn=replica,cn="dc=example,dc=com",cn=mapping
>>>         tree,cn=config"
>>>         modify complete
>>>
>>>         [root at ldap1 ~]# tail -f /var/log/dirsrv/slapd-EXAMPLE-COM/errors
>>>         [31/Aug/2016:11:11:09 +0000] schema-compat-plugin -
>>>         schema-compat-plugin tree scan will start in about 5 seconds!
>>>         [31/Aug/2016:11:11:09 +0000] - slapd started.  Listening on
>>>         All Interfaces port 389 for LDAP requests
>>>         [31/Aug/2016:11:11:09 +0000] - Listening on All Interfaces
>>>         port 636 for LDAPS requests
>>>         [31/Aug/2016:11:11:09 +0000] - Listening on
>>>         /var/run/slapd-EXAMPLE-COM.socket for LDAPI requests
>>>         [31/Aug/2016:11:11:13 +0000] schema-compat-plugin - warning:
>>>         no entries set up under ou=sudoers,dc=example,dc=com
>>>         [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning:
>>>         no entries set up under cn=ng, cn=compat,dc=example,dc=com
>>>         [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - warning:
>>>         no entries set up under cn=computers,
>>>         cn=compat,dc=example,dc=com
>>>         [31/Aug/2016:11:11:14 +0000] schema-compat-plugin - Finished
>>>         plugin initialization.
>>>         [31/Aug/2016:13:38:01 +0000] slapi_ldap_bind - Error: could
>>>         not bind id [cn=replication manager] authentication
>>>         mechanism [SIMPLE]: error 32 (No such object) errno 0 (Success)
>>>         [31/Aug/2016:13:38:01 +0000] NSMMReplicationPlugin -
>>>         agmt="cn=ExampleAgreement" (ldap2:389): Replication bind
>>>         with SIMPLE auth failed: LDAP error 32 (No such object) ()
>>>         ^C
>>         I'm assuming this is just a standalone 389 Directory Server
>>         you are trying to replicate to(not a freeIPA installation). 
>>         If it is a freeipa installation, then you should use the
>>         freeipa CLI for setting up replication.
>>
>>         The error 32 (no such object) you are getting is because the
>>         replica does not have an entry "cn=replication manager". 
>>         Looking at the replication agreement:
>>
>>         nsDS5ReplicaBindDN: cn=replication manager
>>
>>         This is not a valid DN as there is no base suffix:  For
>>         example, I would expect to see something like "cn=replication
>>         manager,cn=config"
>>
>>         https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html
>>         <https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Creating_the_Supplier_Bind_DN_Entry.html>
>>
>>         Regards,
>>         Mark
>>>
>>>         Please help me fix this
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/57cc3f18/attachment.htm>

From tjaalton at ubuntu.com  Wed Aug 31 21:19:04 2016
From: tjaalton at ubuntu.com (Timo Aaltonen)
Date: Thu, 1 Sep 2016 00:19:04 +0300
Subject: [Freeipa-users] Ubuntu 16.04 released with FreeIPA 4.3.1
In-Reply-To: <ddc6e807-9de4-f4ad-b6c5-058d2d9cb1b7@redhat.com>
References: <57192380.4090400@ubuntu.com>
	<ea17612a-fa54-8194-d8f4-de2a008df331@ubuntu.com>
	<e53472e8-1ed9-c7fb-e1dd-d78978af9aca@ubuntu.com>
	<ddc6e807-9de4-f4ad-b6c5-058d2d9cb1b7@redhat.com>
Message-ID: <57C749C8.908@ubuntu.com>

On 31.08.2016 11:18, Petr Spacek wrote:
> On 31.8.2016 00:23, Timo Aaltonen wrote:
>> On 29.08.2016 10:34, Timo Aaltonen wrote:
>>> On 21.04.2016 22:01, Timo Aaltonen wrote:
>>>>
>>>> ps. Debian unstable will have 4.3.1 once the package has gone through
>>>> the NEW queue because the packaging got split in certain ways
>>>
>>> No it did not, because the ftpmaster rejected the upload since it ships
>>> with minified javascript which is not considered modifiable source code.
>>> And the old version has now been removed from Debian because it was
>>> unmaintainable.
>>>
>>> So I hope #5639 will be resolved at some point. Note that Debian doesn't
>>> require the javascript to be minified during package build, just that
>>> the source would ship the unminified copy as well.
>>
>> Turns out it wasn't too much of an effort to pull in unminified bits of
>> everything that is shipped minified (just ~630kB..), so I guess Freeipa
>> will be uploaded back fairly soon...
> 
> Timo,
> 
> can you share script/procedure you used? It would save us some time spent on
> re-inventing what you have done :-)
> 
> We need to see how complex change it would be so we could pull it into master
> eventually.

I put it in https://fedorahosted.org/freeipa/ticket/5639

for dojo & build I looked at the profile.js files. But now I see that I
didn't look at webui.profile.js... could be something is missing still.





From schogan at us.ibm.com  Wed Aug 31 21:22:29 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Wed, 31 Aug 2016 14:22:29 -0700
Subject: [Freeipa-users] IPA port 80
Message-ID: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>




Hi all,

  Been reading a lot about Port 80 for IPA and firewalls but have not found
a concrete answer.  I know the redhat docs indicate port 80 is required
bidirectional however I need to investigate if it is truly needed.

GUI only responds to 443 so not sure what else would be utilizing port 80.
I have seen some references that dogtag proxies its ports to 80 and 443 but
if the gui is running on 443 does that mean dogtag is proxying via 443
only?  Or is there a way to tell?   Has anyone attempted not opening port
80 from IPA Server to IPA Server and clients to IPA server?
ipa-server-3.0.0-50.el6.1.x86_64




Sean Hogan



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/3207766a/attachment.htm>

From simo at redhat.com  Wed Aug 31 22:35:51 2016
From: simo at redhat.com (Simo Sorce)
Date: Wed, 31 Aug 2016 18:35:51 -0400
Subject: [Freeipa-users] IPA port 80
In-Reply-To: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
References: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
Message-ID: <1472682951.5257.166.camel@redhat.com>

On Wed, 2016-08-31 at 14:22 -0700, Sean Hogan wrote:
> 
> 
> Hi all,
> 
>   Been reading a lot about Port 80 for IPA and firewalls but have not found
> a concrete answer.  I know the redhat docs indicate port 80 is required
> bidirectional however I need to investigate if it is truly needed.
> 
> GUI only responds to 443 so not sure what else would be utilizing port 80.
> I have seen some references that dogtag proxies its ports to 80 and 443 but
> if the gui is running on 443 does that mean dogtag is proxying via 443
> only?  Or is there a way to tell?   Has anyone attempted not opening port
> 80 from IPA Server to IPA Server and clients to IPA server?
> ipa-server-3.0.0-50.el6.1.x86_64

Port 80 is not required, the only thing you'll find there is a redirect
to the HTTPS port.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



From freeipa at 0xc0dedbad.com  Wed Aug 31 22:16:08 2016
From: freeipa at 0xc0dedbad.com (Peter Fern)
Date: Thu, 1 Sep 2016 08:16:08 +1000
Subject: [Freeipa-users] IPA port 80
In-Reply-To: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
References: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
Message-ID: <459142cb-4db3-3158-2b43-6e85d147736a@0xc0dedbad.com>

You need to serve CRLs and OCSP via HTTP to avoid clients failing to
verify the cert of the host serving the CRL/OCSP when the cert on that
host needs to be verified at itself.

I'm not sure why you'd particularly care though - reading the Apache
configs and you should see that other than a couple of exceptions, all
HTTP traffic is redirected to HTTPS.

On 01/09/16 07:22, Sean Hogan wrote:
>
> Hi all,
>
> Been reading a lot about Port 80 for IPA and firewalls but have not
> found a concrete answer. I know the redhat docs indicate port 80 is
> required bidirectional however I need to investigate if it is truly
> needed.
>
> GUI only responds to 443 so not sure what else would be utilizing port
> 80. I have seen some references that dogtag proxies its ports to 80
> and 443 but if the gui is running on 443 does that mean dogtag is
> proxying via 443 only? Or is there a way to tell? Has anyone attempted
> not opening port 80 from IPA Server to IPA Server and clients to IPA
> server?
> ipa-server-3.0.0-50.el6.1.x86_64
>
>
>
>
> Sean Hogan
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160901/86f85ebd/attachment.htm>

From mikej at flowjo.com  Wed Aug 31 22:53:32 2016
From: mikej at flowjo.com (Mike Jacobacci)
Date: Wed, 31 Aug 2016 15:53:32 -0700
Subject: [Freeipa-users] pfSense/FreeIPA LDAP Extended Query Fails
Message-ID: <34BE6DEF-B105-45E0-BA21-EEC47416FE2A@flowjo.com>

Hi,

I have just got authentication against my FreeIPA system working by following this:
https://ask.fedoraproject.org/en/que...uthentication/ <https://ask.fedoraproject.org/en/question/63089/how-can-i-integrate-freeipa-with-pfsense-for-authentication/>

The only change I had to make was to set the Search Scope level to "entire subtree" and I also left the extended query unchecked... With that setup I am able to authenticate using "Diagnostics->Authentication".

I really want to restrict access so I can use FreeIPA for our VPN auth so I tried using the following extended query but it fails:
&(memberOf=cn=admins,cn=groups,cn=accounts,dc=doma in,dc=com)

Looking in pfSense logs, using the extended query (fails):

[24/Aug/2016:11:07:16 -0700] conn=1396 fd=116 slot=116 SSL connection from * to *
[24/Aug/2016:11:07:16 -0700] conn=1396 TLS1.2 256-bit AES-GCM
[24/Aug/2016:11:07:16 -0700] conn=1396 op=0 BIND dn="" method=128 version=3
[24/Aug/2016:11:07:16 -0700] conn=1396 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[24/Aug/2016:11:07:16 -0700] conn=1396 op=1 SRCH base="cn=accounts,dc=domain,dc=com" scope=2 filter="(&(uid=user)(&(memberOf=cn=admins,cn=group s,cn=accounts,dc=domain,dc=com)))" attrs=ALL
[24/Aug/2016:11:07:16 -0700] conn=1396 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[24/Aug/2016:11:07:16 -0700] conn=1396 op=2 UNBIND
[24/Aug/2016:11:07:16 -0700] conn=1396 op=2 fd=116 closed - U1

Without the query (success):
[30/Aug/2016:10:23:25 -0700] conn=6432 fd=110 slot=110 SSL connection from * to *
[30/Aug/2016:10:23:25 -0700] conn=6432 TLS1.2 256-bit AES-GCM
[30/Aug/2016:10:23:25 -0700] conn=6432 op=0 BIND dn="" method=128 version=3
[30/Aug/2016:10:23:25 -0700] conn=6432 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[30/Aug/2016:10:23:25 -0700] conn=6432 op=1 SRCH base="cn=compat,dc=domain,dc=com" scope=2 filter="(uid=user1)? attrs=ALL
[30/Aug/2016:10:23:25 -0700] conn=6432 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2016:10:23:25 -0700] conn=6432 op=2 BIND dn="uid=user1,cn=users,cn=compat,dc=domain,dc=com " method=128 version=3
[30/Aug/2016:10:23:25 -0700] conn=6432 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=user1,cn=users,cn=accounts,dc=domain,dc=co m"
[30/Aug/2016:10:23:25 -0700] conn=6433 fd=118 slot=118 SSL connection from * to *
[30/Aug/2016:10:23:25 -0700] conn=6432 op=3 UNBIND
[30/Aug/2016:10:23:25 -0700] conn=6432 op=3 fd=110 closed - U1
[30/Aug/2016:10:23:25 -0700] conn=6433 TLS1.2 256-bit AES-GCM
[30/Aug/2016:10:23:25 -0700] conn=6433 op=0 BIND dn="" method=128 version=3
[30/Aug/2016:10:23:25 -0700] conn=6433 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[30/Aug/2016:10:23:25 -0700] conn=6433 op=1 SRCH base="uid=user1,cn=users,cn=compat,dc=domain,dc=co m" scope=2 filter="(uid=user1)? attrs="memberOf"
[30/Aug/2016:10:23:25 -0700] conn=6433 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[30/Aug/2016:10:23:25 -0700] conn=6433 op=2 UNBIND
[30/Aug/2016:10:23:25 -0700] conn=6433 op=2 fd=118 closed - U1

I changed the cn from accounts to compat for the auth container, but that doesn't make a difference. The last search shows attrs="memberOf", but anytime I add an extended query the logs show attrs="all", not sure if that means anything. I tried adding the full memberOf path under the group member attribute, but that didn't restrict access although the auth is still success.

[30/Aug/2016:10:42:12 -0700] conn=6460 op=1 SRCH base="uid=user3,cn=users,cn=compat,dc=domain,dc=co m" scope=2 filter="(uid=user3)" attrs="memberof=cn=admins,cn=groups,cn=compat,dc=d omain,dc=com"
[30/Aug/2016:10:42:12 -0700] conn=6460 op=1 RESULT err=0 tag=101 nentries=1 etime=0

When doing an ldapsearch, I can see the group:

# admins, groups, compat, domain.com
dn: cn=admins,cn=groups,cn=compat,dc=domain,dc=com
ipaAnchorUUID:: 
gidNumber: 50000
memberUid: admin
memberUid: user1
memberUid: user2
objectClass: posixGroup
objectClass: ipaOverrideTarget
objectClass: ipaexternalgroup
objectClass: top
cn: admins

Any help would be greatly appreciated.

Cheers,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/c13c775b/attachment.htm>

From schogan at us.ibm.com  Wed Aug 31 23:04:22 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Wed, 31 Aug 2016 16:04:22 -0700
Subject: [Freeipa-users] IPA port 80
In-Reply-To: <1472682951.5257.166.camel@redhat.com>
References: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
	<1472682951.5257.166.camel@redhat.com>
Message-ID: <OFB6976785.67F17BD8-ON07258020.007D7861-07258020.007EBE62@notes.na.collabserv.com>


Thank you Simo,


  Is there a better source for the IPA ports required you can direct me to
other than this https://access.redhat.com/solutions/357673
which shows the below:

Resolution
IdM Server <-> Clients
                                                                                                                          
     Name      Destination-port /                                         Purpose                                         
                      Type                                                                                                
                                                                                                                          
 HTTP/HTTPS   80 / 443             WebUI and IPA CLI admin tools communication.                                           
              TCP                                                                                                         
                                                                                                                          
 LDAP/LDAPS   389 / 636            directory service communication.                                                       
              TCP                                                                                                         
                                                                                                                          
 Kerberos     88 / 464 TCP and UDP communication for authentication                                                       
                                                                                                                          
 DNS          53 TCP and UDP       nameservice, used also for autodiscovery, autoregistration and High Availability       
                                   Authentication(sssd), optional                                                         
                                                                                                                          
 NTP          123                  network time protocol, optional                                                        
              UDP                                                                                                         
                                                                                                                          
 kadmind      464 / 749            used for principal generation, password changes etc.                                   
              TCP                                                                                                         
                                                                                                                          


IdM Server <-> IdM Server (i.e. Replica)
                                                                                                                                         
     Name     Destination-port/Type                                               Purpose                                                
                                                                                                                                         
 HTTP/HTTPS   80 / 443              WebUI and IPA CLI admin tools communication.                                                         
              TCP                                                                                                                        
                                                                                                                                         
 LDAP/LDAPS   389 / 636             directory service communication.                                                                     
              TCP                                                                                                                        
                                                                                                                                         
 Kerberos     88 / 464 TCP and UDP  communication for authentication                                                                     
                                                                                                                                         
 DNS          53 / TCP and          nameservice, used also for autodiscovery, autoregistration and High Availability Authentication      
              UDP                   (sssd), optional                                                                                     
                                                                                                                                         
 NTP          123                   network time protocol, optional                                                                      
              UDP                                                                                                                        
                                                                                                                                         
 kadmind      464 / 749             used only via localhost                                                                              
              TCP                                                                                                                        
                                                                                                                                         
 dogtag       7389                  Server and replica communication                                                                     
              TCP                                                                                                                        
                                                                                                                                         
 replica conf 9443 / 9444 / 9445    Recplica configuration, only needed during initial replica installation -- IPAv3/RHEL6 only (not     
              TCP                   required at all in IPAv4/RHEL7)                                                                      
                                                                                                                                         




Note: In RHEL 7, 389 port is used for replication instead of 7389 port.





I have a hard time thinking ntp is required bidirectional as well which I
assume is the indication with the <-> but I was also wrong thinking tcp
port 53 would not be required which it is(found out hard way) so I was
leaning on the docs a lot.


What would be your take on bidirectional vs uni from the above list?


We are running DNS and NTP from IPA.







Sean Hogan





From:	Simo Sorce <simo at redhat.com>
To:	Sean Hogan/Durham/IBM at IBMUS
Cc:	freeipa-users <freeipa-users at redhat.com>
Date:	08/31/2016 03:36 PM
Subject:	Re: [Freeipa-users] IPA port 80



On Wed, 2016-08-31 at 14:22 -0700, Sean Hogan wrote:
>
>
> Hi all,
>
>   Been reading a lot about Port 80 for IPA and firewalls but have not
found
> a concrete answer.  I know the redhat docs indicate port 80 is required
> bidirectional however I need to investigate if it is truly needed.
>
> GUI only responds to 443 so not sure what else would be utilizing port
80.
> I have seen some references that dogtag proxies its ports to 80 and 443
but
> if the gui is running on 443 does that mean dogtag is proxying via 443
> only?  Or is there a way to tell?   Has anyone attempted not opening port
> 80 from IPA Server to IPA Server and clients to IPA server?
> ipa-server-3.0.0-50.el6.1.x86_64

Port 80 is not required, the only thing you'll find there is a redirect
to the HTTPS port.

Simo.

--
Simo Sorce * Red Hat, Inc * New York



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/6dae00b3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/6dae00b3/attachment.gif>

From freeipa at 0xc0dedbad.com  Wed Aug 31 23:33:31 2016
From: freeipa at 0xc0dedbad.com (Peter Fern)
Date: Thu, 1 Sep 2016 09:33:31 +1000
Subject: [Freeipa-users] IPA port 80
In-Reply-To: <1472682951.5257.166.camel@redhat.com>
References: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
	<1472682951.5257.166.camel@redhat.com>
Message-ID: <b598d50d-4ae0-d7f1-f4f2-057ca9600234@0xc0dedbad.com>

On 01/09/16 08:35, Simo Sorce wrote:
> Port 80 is not required, the only thing you'll find there is a redirect
> to the HTTPS port.

What about CRL/OCSP (and possibly others)?  The Apache configs
explicitly do not redirect to HTTPS except for the /ipa path for this
reason.



From schogan at us.ibm.com  Wed Aug 31 23:35:42 2016
From: schogan at us.ibm.com (Sean Hogan)
Date: Wed, 31 Aug 2016 16:35:42 -0700
Subject: [Freeipa-users] IPA port 80
In-Reply-To: <459142cb-4db3-3158-2b43-6e85d147736a@0xc0dedbad.com>
References: <OF455AF99C.063B0F7C-ON07258020.007497D4-07258020.00756A7D@notes.na.collabserv.com>
	<459142cb-4db3-3158-2b43-6e85d147736a@0xc0dedbad.com>
Message-ID: <OF438D4920.715DD6EC-ON07258020.007EE1F5-07258020.00819CAF@notes.na.collabserv.com>


Thanks Peter,


So the set up is each vlan has an IPA replica within the firewall boundary
acting as its primary auth/policy server.  If it goes down.. then the
clients can reach back thru the firewall to our backup IPAs.  So I am
trying to pinpoint the actual ports required to be open on the firewall to
allow the clients the ability to get back to the back up IPAs.

It comes down to opening ports thru the firewalls back to our IPA backup
servers.  If port 80 is not required for the clients or servers to get to
IPA behind the firewall then there is no need in opening more ports than
required and getting 443 open adheres more to our security policy than 80.
So if everything is redirected to 443 and 80 is not required as it is all
redirected then the docs I am using are not correct.

I am hoping Simo can weigh in on this


Redhat link shows this for firewall port openings
https://access.redhat.com/solutions/357673
with <-> seeming to indicate bidirectional.  Not sure why NTP requires that
for the clients.

Resolution
IdM Server <-> Clients
                                                                                                                             
      Name        Destination-port /                                         Purpose                                         
                         Type                                                                                                
                                                                                                                             
 HTTP/HTTPS      80 / 443             WebUI and IPA CLI admin tools communication.                                           
                 TCP                                                                                                         
                                                                                                                             
 LDAP/LDAPS      389 / 636            directory service communication.                                                       
                 TCP                                                                                                         
                                                                                                                             
 Kerberos        88 / 464 TCP and UDP communication for authentication                                                       
                                                                                                                             
 DNS             53 TCP and UDP       nameservice, used also for autodiscovery, autoregistration and High Availability       
                                      Authentication(sssd), optional                                                         
                                                                                                                             
 NTP             123                  network time protocol, optional                                                        
                 UDP                                                                                                         
                                                                                                                             
 kadmind         464 / 749            used for principal generation, password changes etc.                                   
                 TCP                                                                                                         
                                                                                                                             


IdM Server <-> IdM Server (i.e. Replica)
                                                                                                                                             
      Name       Destination-port/Type                                                Purpose                                                
                                                                                                                                             
 HTTP/HTTPS      80 / 443               WebUI and IPA CLI admin tools communication.                                                         
                 TCP                                                                                                                         
                                                                                                                                             
 LDAP/LDAPS      389 / 636              directory service communication.                                                                     
                 TCP                                                                                                                         
                                                                                                                                             
 Kerberos        88 / 464 TCP and UDP   communication for authentication                                                                     
                                                                                                                                             
 DNS             53 / TCP and UDP       nameservice, used also for autodiscovery, autoregistration and High Availability Authentication      
                                        (sssd), optional                                                                                     
                                                                                                                                             
 NTP             123                    network time protocol, optional                                                                      
                 UDP                                                                                                                         
                                                                                                                                             
 kadmind         464 / 749              used only via localhost                                                                              
                 TCP                                                                                                                         
                                                                                                                                             
 dogtag          7389                   Server and replica communication                                                                     
                 TCP                                                                                                                         
                                                                                                                                             
 replica conf    9443 / 9444 / 9445 TCP Recplica configuration, only needed during initial replica installation -- IPAv3/RHEL6 only (not     
                                        required at all in IPAv4/RHEL7)                                                                      
                                                                                                                                             



Note: In RHEL 7, 389 port is used for replication instead of 7389 port.


Sean Hogan







From:	Peter Fern <freeipa at 0xc0dedbad.com>
To:	freeipa-users <freeipa-users at redhat.com>
Date:	08/31/2016 04:01 PM
Subject:	Re: [Freeipa-users] IPA port 80
Sent by:	freeipa-users-bounces at redhat.com



You need to serve CRLs and OCSP via HTTP to avoid clients failing to verify
the cert of the host serving the CRL/OCSP when the cert on that host needs
to be verified at itself.

I'm not sure why you'd particularly care though - reading the Apache
configs and you should see that other than a couple of exceptions, all HTTP
traffic is redirected to HTTPS.

On 01/09/16 07:22, Sean Hogan wrote:


      Hi all,

      Been reading a lot about Port 80 for IPA and firewalls but have not
      found a concrete answer. I know the redhat docs indicate port 80 is
      required bidirectional however I need to investigate if it is truly
      needed.

      GUI only responds to 443 so not sure what else would be utilizing
      port 80. I have seen some references that dogtag proxies its ports to
      80 and 443 but if the gui is running on 443 does that mean dogtag is
      proxying via 443 only? Or is there a way to tell? Has anyone
      attempted not opening port 80 from IPA Server to IPA Server and
      clients to IPA server?
      ipa-server-3.0.0-50.el6.1.x86_64




      Sean Hogan










--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/d3a9d442/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160831/d3a9d442/attachment.gif>